# Snyk Snyk provides tools and services to help developers find and fix security vulnerabilities in their software applications by identifying vulnerabilities in open-source libraries and containers, which developers commonly use to build their applications.
{% hint style="danger" %} PlexTrac is currently not integrated with Snyk. Check with your account manager for more information. {% endhint %} Snyk scanner files can be imported into PlexTrac via API for use in a PlexTrac report. PlexTrac integrates with the following Snyk products: * Snyk Code (SAST) * Snyk Open Source (SCA) * Snyk Container * Snyk Infrastructure as Code When a file is imported in PlexTrac, the source of the scanner file is retained and tracked in the "Source" field on the findings details page. ## Field Mappings Below are the field mappings from Snyk to PlexTrac, broken up by tool. The mappings are broken up in the tool sections by findings and assets. Tables include the following columns: * **Snyk Field:** this is the field name that appears in Snyk * **PlexTrac Field:** this is the field name that appears in PlexTrac * **Direction:** this displays the direction that the flow of data is occurring for the integration (a value of "x" means that the value is not imported) * **Required:** this denotes if a value is required for the import to be successful * **Notes:** additional information {% hint style="info" %} An asterisk indicates the field is required. {% endhint %} ### Snyk Open Source, Container, and IaC Mappings Below are the mappings for the following Snyk products: * Snyk Open Source (SCA) * Snyk Container * Snyk Infrastructure as Code (IaC) #### Finding Fields
Snyk FieldDirectionPlexTrac FieldNotes
Issue Title-->Finding Title*required
Issue Description-->Finding Description*required
Issue Description-->References
Issue Description-->Recommendations
Disclosure Time-->Created at
Publication Timex(not ingested)
CVE Identifier-->CVE Identifier
CWE Identifier-->CWE Identifier
Severity Score Value-->Score Value
Severity Score Calculation-->Severity Score Calculation
Severity Score Type-->Score Type
(no equivalent field in Snyk)-->Finding Status*required; assigned a value of "Open"
Issue Severity-->Finding Severity*required; the five severity value mappings are listed below in italics
Informational-->Informational
Low-->Low
Medium-->Medium
High-->High
Default-->Critical
Nearest Fixed In Version-->Custom Field "Nearest Fixed In Version
Fix Info-->Custom Field "Fix Info"
Organization Name-->Custom Field "Organization Name"
Organization ID-->Custom Field "Categorical Id"
Package Name-->Custom Field "Package Name"
Issue Type-->Custom Field "Issue Type"
Violated Policy Public Id-->Custom Field "Violated Policy Public Id"
Exploit Maturity-->Custom Field "Exploit Maturity"
Patches-->Custom Field "Patches"
Issue URL-->References
#### Asset Fields
Snyk FieldDirectionPlexTrac FieldNotes
Project Name-->Affected Asset Name
#### Deduplication Logic If a duplicate finding title is found during import, the finding title in PlexTrac is appended with the Snyk `Organization ID` and `Issue Id` in parenthesis at the end of the title value. ### Snyk Code Mappings Below are the mappings for Snyk Code (SAST). #### Findings
Snyk FieldDirectionPlexTrac FieldNotes
Aggregate Title-->Finding Title*required
Detail Title-->Finding Description*required
Product-->Tags
Product-->Source
Priority Score-->Score Type General
CVE-->CVE
CWE ID-->CWE
Issue URL-->References
Severity Mappingrequired; the five severity value mappings are listed below in italics
Informational-->Informational
Low-->Low
Medium-->Medium
High-->High
Default-->Critical
Primary Region-->Custom Field: "Source Location"
Priority Score Factors-->Custom Field: "Snyk Priority Score Factors"
#### Asset Mappings
Snyk FieldDirectionPlexTrac FieldNotes
Project Name-->Parent Asset*required
Primary File Path-->Child Asset*required
Primary File Path-->Affected Asset(s)*required
## Setting up Integration with Snyk Step 1: From the **Admin Dashboard**, click **Integrations** under "Tools & Integrations."
Step 2: Click **Connect** within the Snyk box.
Step 3: Click **New Connection**.
Step 4: On the **Configuration Details** tab, enter a name for the integration and the Snyk API key. Click **Continue**. {% hint style="info" %} Visit [Snyk Support](https://docs.snyk.io/snyk-api-info/authentication-for-api) for information on generating an API key. {% endhint %}
Step 5: On the **Mapping** tab, review the mappings and select the fields in Snyk to import by validating that the checkbox next to the field is set. To ignore a field on import, uncheck the box. Required fields (checkbox is greyed out) cannot be configured. \ \ Scroll to the bottom and click **Save**.
Step 6: A message on the First Synch tab will confirm if the synch was successful. If successful, click **Got It**. The connection is now listed.
## Editing Existing Connections Connections are edited by clicking **Edit** under the "Actions" column.
Connections can be turned off by clicking the toggle bar under the "Enabled" column.
Connections can be manually synchronized by clicking **Sync** under the "Actions" column.
Connections can be deleted by clicking the three dots under the "Actions" column and then **Delete**. A modal will appear, asking for confirmation of the action.
Once set up, findings can be imported into a report, and [instructions on this process can be found here](https://docs.plextrac.com/plextrac-documentation/product-documentation/reports/findings/importing-findings-via-an-integration). --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.plextrac.com/plextrac-documentation/product-documentation-1/account-management/account-admin/integrations-and-webhooks/integrations-api/snyk.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.