Snyk
Snyk focuses on providing tools and services to help developers find and fix security vulnerabilities in their software applications by identifying vulnerabilities in open-source libraries and containers, which developers commonly use to build their applications.
This is a licensed feature.
Snyk scanner files can be imported into PlexTrac via API for use in a PlexTrac report. PlexTrac integrates with the following Snyk products:
- Snyk Code (SAST)
- Snyk Open Source (SCA)
- Snyk Container
- Snyk Infrastructure as Code
When a file is imported in PlexTrac, the source of the scanner file is retained and tracked in the "Source" field on the findings details page.
Below are the field mappings from Snyk to PlexTrac, broken up by tool. Within the tool sections, the mappings are broken up by findings and assets.
Tables include the following columns:
- Snyk Field: this is the field name that appears in Cobalt
- PlexTrac Field: this is the field name that appears in PlexTrac
- Direction: this displays the direction that the flow of data is occurring for the integration (a value of "x" means that value is not imported)
- Required: this denotes if a value is required for the import to be successful
- Notes: additional information
An asterisk indicates the field is required.
Below are the mappings for the following Snyk products:
- Snyk Open Source (SCA)
- Snyk Container
- Snyk Infrastructure as Code (IaC)
Snyk Field | Direction | PlexTrac Field | Notes |
|---|---|---|---|
Issue Title | --> | Finding Title* | required |
Issue Description | --> | Finding Description* | required |
Issue Description | --> | References | ​ |
Issue Description | --> | Recommendations | ​ |
Disclosure Time | --> | Created at | ​ |
Publication Time | x | (not ingested) | ​ |
CVE Identifier | --> | CVE Identifier | ​ |
CWE Identifier | --> | CWE Identifier | ​ |
Severity Score Value | --> | Score Value | ​ |
Severity Score Calculation | --> | Severity Score Calculation | ​ |
Severity Score Type | --> | Score Type | ​ |
(no equivalent field in Snyk) | --> | Finding Status* | required; assigned a value of "Open" |
Issue Severity | --> | Finding Severity* | required; the five severity value mappings are listed below in italics |
Informational | --> | Informational | ​ |
Low | --> | Low | ​ |
Medium | --> | Medium | ​ |
High | --> | High | ​ |
Default | --> | Critical | ​ |
Nearest Fixed In Version | --> | Custom Field "Nearest Fixed In Version | ​ |
Fix Info | --> | Custom Field "Fix Info" | ​ |
Organization Name | --> | Custom Field "Organization Name" | ​ |
Organization ID | --> | Custom Field "Categorical Id" | ​ |
Package Name | --> | Custom Field "Package Name" | ​ |
Issue Type | --> | Custom Field "Issue Type" | ​ |
Violated Policy Public Id | --> | Custom Field "Violated Policy Public Id" | ​ |
Exploit Maturity | --> | Custom Field "Exploit Maturity" | ​ |
Patches | --> | Custom Field "Patches" | ​ |
Issue URL | --> | References | ​ |
Snyk Field | Direction | PlexTrac Field | Notes |
|---|---|---|---|
Project Name | --> | Affected Asset Name | ​ |
If a duplicate finding title is found during import, the finding title in PlexTrac is appended with the Snyk
Organization ID and Issue Id in parenthesis at the end of the title value.Below are the mappings for Snyk Code (SAST).
Snyk Field | Direction | PlexTrac Field | Notes |
|---|---|---|---|
Aggregate Title | --> | Finding Title* | required |
Detail Title | --> | Finding Description* | required |
Product | --> | Tags | ​ |
Product | --> | Source | ​ |
Priority Score | --> | Score Type General | ​ |
CVE | --> | CVE | ​ |
CWE ID | --> | CWE | ​ |
Issue URL | --> | References | ​ |
Severity Mapping | ​ | ​ | required; the five severity value mappings are listed below in italics |
Informational | --> | Informational | ​ |
Low | --> | Low | ​ |
Medium | --> | Medium | ​ |
High | --> | High | ​ |
Default | --> | Critical | ​ |
Primary Region | --> | Custom Field: "Source Location" | ​ |
Priority Score Factors | --> | Custom Field: "Snyk Priority Score Factors" | ​ |
Snyk Field | Direction | PlexTrac Field | Notes |
|---|---|---|---|
Project Name | --> | Parent Asset* | required |
Primary File Path | --> | Child Asset* | required |
Primary File Path | --> | Affected Asset(s)* | required |
Step 1: From the Admin Dashboard, click Integrations under "Tools & Integrations."
Step 2: Click Connect within the Snyk box.
Step 3: Click New Connection.
Step 4: On the Configuration Details tab, enter a name for the integration and the Snyk API key. Click Continue.
Step 5: On the Mapping tab, review the mappings and select the fields in Snyk to import by validating that the checkbox next to the field is set. To ignore a field on import, uncheck the box. Required fields (checkbox is greyed out) cannot be configured.
Scroll to the bottom and click Save.
Step 6: A message on the First Synch tab will confirm if the synch was successful. If successful, click Got It.
The connection is now listed.
Connections are edited by clicking Edit under the "Actions" column.
Connections can be turned off by clicking the toggle bar under the "Enabled" column.
​
Connections can be manually synchronized by clicking Sync under the "Actions" column.
Connections can be deleted by clicking the three dots under the "Actions" column and then clicking Delete. A modal will appear, asking for confirmation of the action.
Once set up, findings can be imported into a report, and instructions on this process can be found here.
​
Last modified 2mo ago