Links

Snyk

Snyk focuses on providing tools and services to help developers find and fix security vulnerabilities in their software applications by identifying vulnerabilities in open-source libraries and containers, which developers commonly use to build their applications.
This is a licensed feature.
Snyk scanner files can be imported into PlexTrac via API for use in a PlexTrac report. PlexTrac integrates with the following Snyk products:
  • Snyk Code (SAST)
  • Snyk Open Source (SCA)
  • Snyk Container
  • Snyk Infrastructure as Code
When a file is imported in PlexTrac, the source of the scanner file is retained and tracked in the "Source" field on the findings details page.

Field Mappings

Below are the field mappings from Snyk to PlexTrac, broken up by tool. Within the tool sections, the mappings are broken up by findings and assets.
Tables include the following columns:
  • Snyk Field: this is the field name that appears in Cobalt
  • PlexTrac Field: this is the field name that appears in PlexTrac
  • Direction: this displays the direction that the flow of data is occurring for the integration (a value of "x" means that value is not imported)
  • Required: this denotes if a value is required for the import to be successful
  • Notes: additional information
An asterisk indicates the field is required.

Snyk Open Source, Container, and IaC Mappings

Below are the mappings for the following Snyk products:
  • Snyk Open Source (SCA)
  • Snyk Container
  • Snyk Infrastructure as Code (IaC)

Finding Fields

Snyk Field
Direction
PlexTrac Field
Notes
Issue Title
-->
Finding Title*
required
Issue Description
-->
Finding Description*
required
Issue Description
-->
References
Issue Description
-->
Recommendations
Disclosure Time
-->
Created at
Publication Time
x
(not ingested)
CVE Identifier
-->
CVE Identifier
CWE Identifier
-->
CWE Identifier
Severity Score Value
-->
Score Value
Severity Score Calculation
-->
Severity Score Calculation
Severity Score Type
-->
Score Type
(no equivalent field in Snyk)
-->
Finding Status*
required; assigned a value of "Open"
Issue Severity
-->
Finding Severity*
required; the five severity value mappings are listed below in italics
Informational
-->
Informational
Low
-->
Low
Medium
-->
Medium
High
-->
High
Default
-->
Critical
Nearest Fixed In Version
-->
Custom Field "Nearest Fixed In Version
Fix Info
-->
Custom Field "Fix Info"
Organization Name
-->
Custom Field "Organization Name"
Organization ID
-->
Custom Field "Categorical Id"
Package Name
-->
Custom Field "Package Name"
Issue Type
-->
Custom Field "Issue Type"
Violated Policy Public Id
-->
Custom Field "Violated Policy Public Id"
Exploit Maturity
-->
Custom Field "Exploit Maturity"
Patches
-->
Custom Field "Patches"
Issue URL
-->
References

Asset Fields

Snyk Field
Direction
PlexTrac Field
Notes
Project Name
-->
Affected Asset Name

Deduplication Logic

If a duplicate finding title is found during import, the finding title in PlexTrac is appended with the Snyk Organization ID and Issue Id in parenthesis at the end of the title value.

Snyk Code Mappings

Below are the mappings for Snyk Code (SAST).

Findings

Snyk Field
Direction
PlexTrac Field
Notes
Aggregate Title
-->
Finding Title*
required
Detail Title
-->
Finding Description*
required
Product
-->
Tags
Product
-->
Source
Priority Score
-->
Score Type General
CVE
-->
CVE
CWE ID
-->
CWE
Issue URL
-->
References
Severity Mapping
required; the five severity value mappings are listed below in italics
Informational
-->
Informational
Low
-->
Low
Medium
-->
Medium
High
-->
High
Default
-->
Critical
Primary Region
-->
Custom Field: "Source Location"
Priority Score Factors
-->
Custom Field: "Snyk Priority Score Factors"

Asset Mappings

Snyk Field
Direction
PlexTrac Field
Notes
Project Name
-->
Parent Asset*
required
Primary File Path
-->
Child Asset*
required
Primary File Path
-->
Affected Asset(s)*
required

Setting up Integration with Snyk

Step 1: From the Admin Dashboard, click Integrations under "Tools & Integrations."
Step 2: Click Connect within the Snyk box.
Step 3: Click New Connection.
Step 4: On the Configuration Details tab, enter a name for the integration and the Snyk API key. Click Continue.
Visit Snyk Support for information on generating an API key.
Step 5: On the Mapping tab, review the mappings and select the fields in Snyk to import by validating that the checkbox next to the field is set. To ignore a field on import, uncheck the box. Required fields (checkbox is greyed out) cannot be configured. Scroll to the bottom and click Save.
Step 6: A message on the First Synch tab will confirm if the synch was successful. If successful, click Got It.
The connection is now listed.

Editing Existing Connections

Connections are edited by clicking Edit under the "Actions" column.
Connections can be turned off by clicking the toggle bar under the "Enabled" column.
Connections can be manually synchronized by clicking Sync under the "Actions" column.
Connections can be deleted by clicking the three dots under the "Actions" column and then clicking Delete. A modal will appear, asking for confirmation of the action.
Once set up, findings can be imported into a report, and instructions on this process can be found here.
© 2023 PlexTrac, Inc. All rights reserved.