Snyk
Last updated
Last updated
© 2024 PlexTrac, Inc. All rights reserved.
Snyk provides tools and services to help developers find and fix security vulnerabilities in their software applications by identifying vulnerabilities in open-source libraries and containers, which developers commonly use to build their applications.
This is a licensed feature.
Snyk scanner files can be imported into PlexTrac via API for use in a PlexTrac report. PlexTrac integrates with the following Snyk products:
Snyk Code (SAST)
Snyk Open Source (SCA)
Snyk Container
Snyk Infrastructure as Code
When a file is imported in PlexTrac, the source of the scanner file is retained and tracked in the "Source" field on the findings details page.
Below are the field mappings from Snyk to PlexTrac, broken up by tool. The mappings are broken up in the tool sections by findings and assets.
Tables include the following columns:
Snyk Field: this is the field name that appears in Snyk
PlexTrac Field: this is the field name that appears in PlexTrac
Direction: this displays the direction that the flow of data is occurring for the integration (a value of "x" means that the value is not imported)
Required: this denotes if a value is required for the import to be successful
Notes: additional information
An asterisk indicates the field is required.
Below are the mappings for the following Snyk products:
Snyk Open Source (SCA)
Snyk Container
Snyk Infrastructure as Code (IaC)
If a duplicate finding title is found during import, the finding title in PlexTrac is appended with the Snyk Organization ID
and Issue Id
in parenthesis at the end of the title value.
Below are the mappings for Snyk Code (SAST).
Step 1: From the Admin Dashboard, click Integrations under "Tools & Integrations."
Step 2: Click Connect within the Snyk box.
Step 3: Click New Connection.
Step 4: On the Configuration Details tab, enter a name for the integration and the Snyk API key. Click Continue.
Visit Snyk Support for information on generating an API key.
Step 5: On the Mapping tab, review the mappings and select the fields in Snyk to import by validating that the checkbox next to the field is set. To ignore a field on import, uncheck the box. Required fields (checkbox is greyed out) cannot be configured. Scroll to the bottom and click Save.
Step 6: A message on the First Synch tab will confirm if the synch was successful. If successful, click Got It.
The connection is now listed.
Connections are edited by clicking Edit under the "Actions" column.
Connections can be turned off by clicking the toggle bar under the "Enabled" column.
Connections can be manually synchronized by clicking Sync under the "Actions" column.
Connections can be deleted by clicking the three dots under the "Actions" column and then Delete. A modal will appear, asking for confirmation of the action.
Once set up, findings can be imported into a report, and instructions on this process can be found here.
Snyk Field | Direction | PlexTrac Field | Notes |
---|---|---|---|
Snyk Field | Direction | PlexTrac Field | Notes |
---|---|---|---|
Snyk Field | Direction | PlexTrac Field | Notes |
---|---|---|---|
Snyk Field | Direction | PlexTrac Field | Notes |
---|---|---|---|
Issue Title
-->
Finding Title*
required
Issue Description
-->
Finding Description*
required
Issue Description
-->
References
Issue Description
-->
Recommendations
Disclosure Time
-->
Created at
Publication Time
x
(not ingested)
CVE Identifier
-->
CVE Identifier
CWE Identifier
-->
CWE Identifier
Severity Score Value
-->
Score Value
Severity Score Calculation
-->
Severity Score Calculation
Severity Score Type
-->
Score Type
(no equivalent field in Snyk)
-->
Finding Status*
required; assigned a value of "Open"
Issue Severity
-->
Finding Severity*
required; the five severity value mappings are listed below in italics
Informational
-->
Informational
Low
-->
Low
Medium
-->
Medium
High
-->
High
Default
-->
Critical
Nearest Fixed In Version
-->
Custom Field "Nearest Fixed In Version
Fix Info
-->
Custom Field "Fix Info"
Organization Name
-->
Custom Field "Organization Name"
Organization ID
-->
Custom Field "Categorical Id"
Package Name
-->
Custom Field "Package Name"
Issue Type
-->
Custom Field "Issue Type"
Violated Policy Public Id
-->
Custom Field "Violated Policy Public Id"
Exploit Maturity
-->
Custom Field "Exploit Maturity"
Patches
-->
Custom Field "Patches"
Issue URL
-->
References
Project Name
-->
Affected Asset Name
Aggregate Title
-->
Finding Title*
required
Detail Title
-->
Finding Description*
required
Product
-->
Tags
Product
-->
Source
Priority Score
-->
Score Type General
CVE
-->
CVE
CWE ID
-->
CWE
Issue URL
-->
References
Severity Mapping
required; the five severity value mappings are listed below in italics
Informational
-->
Informational
Low
-->
Low
Medium
-->
Medium
High
-->
High
Default
-->
Critical
Primary Region
-->
Custom Field: "Source Location"
Priority Score Factors
-->
Custom Field: "Snyk Priority Score Factors"
Project Name
-->
Parent Asset*
required
Primary File Path
-->
Child Asset*
required
Primary File Path
-->
Affected Asset(s)*
required