What is Snyk? #
Snyk is a platform that allows you to scan, prioritize, and fix security vulnerabilities in your code, open-source dependencies, container images, and infrastructure as code configurations.
Why Should You Use the Snyk Connector? #
The Snyk connector provides visibility into the projects and users in your environment. You can use this visibility to:
-
ensure assets, applications, and users are managed per your security policies
-
derive relationships between assets, users, applications, and data
How Does This Connector Work? #
Lucidum executes read-only requests to the Snyk REST API and ingests only meta-data about Snyk projects and users. Lucidum does not retrieve any data stored on your assets.
Configuring the Connector in Lucidum #
|
Field |
Description |
Example |
|---|---|---|
|
URL |
The URL for the Snyk API. |
https://api.snyk.io/rest/ |
|
API Token |
API Token key for a Snyk account with read access. This account must be a Service Account with the Group Viewer role |
************ |
|
API Version |
Version of the Snyk API for projects. Default value is 2024-03-12 |
2024-03-12 |
|
Organization ID |
Enter the ID of the organization associated with the Snyk project. To find the Organization ID, see https://docs.snyk.io/snyk-cli/scan-and-maintain-projects-using-the-cli/snyk-cli-for-snyk-code/set-the-snyk-organization-for-the-cli-tests#find-snyk-id-and-internal-name-of-an-organization |
|
Source Documentation #
Creating Credentials #
To create a service account with the Group Viewer role
-
Follow the instructions in https://docs.snyk.io/enterprise-configuration/service-accounts#how-to-set-up-a-group-or-organization-service-account
To get the API token for the service account:
-
Login to Snyk with the credentials for the service account.
-
Follow these instructions: Authentication for API | Snyk User Docs
Required Permissions #
|
Object |
Permissions |
|---|---|
|
Role |
Group Viewer |
API Documentation #
API v1
