Skip to main content

Check out Port for yourself 

Snyk

Port's Snyk integration allows you to model Snyk resources in your software catalog and ingest data into them.

Overview

This integration allows you to:

  • Map and organize your desired Snyk resources and their metadata in Port (see supported resources below).
  • Watch for Snyk object changes (create/update/delete) in real-time, and automatically apply the changes to your entities in Port.

Supported Resources

The resources that can be ingested from Snyk into Port are listed below. it is possible to reference any field that appears in the API responses linked below in the mapping configuration.

Setup

Choose one of the following installation methods:

Using this installation option means that the integration will be hosted by Port, with a customizable resync interval to ingest data into Port.

Beta feature

The Hosted by Port option is currently in beta, and is still undergoing final testing before its official release.

Should you encounter any bugs or functionality issues, please let us know so we can rectify them as soon as possible.
Your help is greatly appreciated! ⭐

Live event support

Currently, live events are not supported for integrations hosted by Port.
Resyncs will be performed periodically every 1 hour by default (can be configured differently after installation), or manually triggered by you via Port's UI.

Therefore, real-time events (including GitOps) will not be ingested into Port immediately.
Support for live events is WIP and will be supported in the near future.

Installation

To install, follow the following steps:

  1. Go to the Data sources page of your portal.

  2. Click on the + Data source button in the top-right corner.

  3. Click on the relevant integration in the list.

  4. Under Select your installation method, choose Hosted by Port.

  5. Configure the integration settings and application settings as you wish (see below for details).

Application settings

Every integration hosted by Port has the following customizable application settings, which are configurable after installation:

  • Resync interval: The frequency at which Port will ingest data from the integration. There are various options available, ranging from every 1 hour to once a day.

  • Send raw data examples: A boolean toggle (enabled by default). If enabled, raw data examples will be sent from the integration to Port. These examples are used when testing your mapping configuration, they allow you to run your jq expressions against real data and see the results.

Integration settings

Every integration has its own tool-specific settings, under the Integration settings section.
Each of these settings has an ⓘ icon next to it, which you can hover over to see a description of the setting.

Port secrets

Some integration settings require sensitive pieces of data, such as tokens.
For these settings, Port secrets will be used, ensuring that your sensitive data is encrypted and secure.

When changing such a setting, you will be prompted to choose an existing secret or create a new one:



Port source IP addresses

When using this installation method, Port will make outbound calls to your 3rd-party applications from static IP addresses.
You may need to add these addresses to your allowlist, in order to allow Port to interact with the integrated service:

54.73.167.226  
63.33.143.237
54.76.185.219

Configuration

Port integrations use a YAML mapping block to ingest data from the third-party api into Port.

The mapping makes use of the JQ JSON processor to select, modify, concatenate, transform and perform other operations on existing fields and values from the integration API.

Examples

Examples of blueprints and the relevant integration configurations:

Organization

Organization blueprint
{
"identifier": "snykOrganization",
"title": "Snyk Organization",
"icon": "Snyk",
"schema": {
"properties": {
"url": {
"type": "string",
"title": "URL",
"format": "url",
"icon": "Snyk"
},
"slug": {
"type": "string",
"title": "Slug"
}
},
"required": []
},
"mirrorProperties": {},
"calculationProperties": {},
"aggregationProperties": {},
"relations": {}
}
Integration configuration
createMissingRelatedEntities: true
deleteDependentEntities: true
resources:
- kind: organization
selector:
query: 'true'
port:
entity:
mappings:
identifier: .id
title: .name
blueprint: '"snykOrganization"'
properties:
slug: .slug
url: ("https://app.snyk.io/org/" + .slug | tostring)

Target

Target blueprint
{
"identifier": "snykTarget",
"title": "Snyk Target",
"icon": "Snyk",
"schema": {
"properties": {
"criticalOpenVulnerabilities": {
"icon": "Vulnerability",
"type": "number",
"title": "Open Critical Vulnerabilities"
},
"highOpenVulnerabilities": {
"icon": "Vulnerability",
"type": "number",
"title": "Open High Vulnerabilities"
},
"mediumOpenVulnerabilities": {
"icon": "Vulnerability",
"type": "number",
"title": "Open Medium Vulnerabilities"
},
"lowOpenVulnerabilities": {
"icon": "Vulnerability",
"type": "number",
"title": "Open Low Vulnerabilities"
},
"origin": {
"title": "Target Origin",
"type": "string",
"enum": [
"artifactory-cr",
"aws-config",
"aws-lambda",
"azure-functions",
"azure-repos",
"bitbucket-cloud",
"bitbucket-server",
"cli",
"cloud-foundry",
"digitalocean-cr",
"docker-hub",
"ecr",
"gcr",
"github",
"github-cr",
"github-enterprise",
"gitlab",
"gitlab-cr",
"google-artifact-cr",
"harbor-cr",
"heroku",
"ibm-cloud",
"kubernetes",
"nexus-cr",
"pivotal",
"quay-cr",
"terraform-cloud",
"bitbucket-connect-app",
"acr",
"api"
]
}
},
"required": []
},
"mirrorProperties": {},
"calculationProperties": {},
"relations": {
"synk_organization": {
"title": "Snyk Organization",
"target": "snykOrganization",
"required": false,
"many": false
}
}
}
Integration configuration
createMissingRelatedEntities: true
deleteDependentEntities: true
resources:
- kind: target
selector:
query: 'true'
port:
entity:
mappings:
identifier: .id
title: .attributes.display_name
blueprint: '"snykTarget"'
properties:
origin: .relationships.integration.data.attributes.integration_type
highOpenVulnerabilities: '[.__projects[].meta.latest_issue_counts.high] | add'
mediumOpenVulnerabilities: '[.__projects[].meta.latest_issue_counts.medium] | add'
lowOpenVulnerabilities: '[.__projects[].meta.latest_issue_counts.low] | add'
criticalOpenVulnerabilities: '[.__projects[].meta.latest_issue_counts.critical] | add'
relations:
synk_organization: '.relationships.organization.data.id'

Project

Project blueprint
{
"identifier": "snykProject",
"title": "Snyk Project",
"icon": "Snyk",
"schema": {
"properties": {
"url": {
"type": "string",
"title": "URL",
"format": "url",
"icon": "Snyk"
},
"businessCriticality": {
"title": "Business Criticality",
"type": "array",
"items": {
"type": "string",
"enum": [
"critical",
"high",
"medium",
"low"
]
},
"icon": "DefaultProperty"
},
"environment": {
"items": {
"type": "string",
"enum": [
"frontend",
"backend",
"internal",
"external",
"mobile",
"saas",
"onprem",
"hosted",
"distributed"
]
},
"icon": "Environment",
"title": "Environment",
"type": "array"
},
"lifeCycle": {
"title": "Life Cycle",
"type": "array",
"items": {
"type": "string",
"enum": [
"development",
"sandbox",
"production"
]
},
"icon": "DefaultProperty"
},
"highOpenVulnerabilities": {
"icon": "Vulnerability",
"type": "number",
"title": "Open High Vulnerabilities"
},
"mediumOpenVulnerabilities": {
"icon": "Vulnerability",
"type": "number",
"title": "Open Medium Vulnerabilities"
},
"lowOpenVulnerabilities": {
"icon": "Vulnerability",
"type": "number",
"title": "Open Low Vulnerabilities"
},
"tags": {
"type": "array",
"title": "Tags",
"icon": "DefaultProperty"
},
"targetOrigin": {
"type": "string",
"title": "Target Origin"
}
},
"required": []
},
"mirrorProperties": {},
"calculationProperties": {},
"aggregationProperties": {},
"relations": {
"snyk_target": {
"title": "Snyk Target",
"target": "snykTarget",
"required": false,
"many": false
}
}
}
Integration configuration
createMissingRelatedEntities: true
deleteDependentEntities: true
resources:
- kind: project
selector:
query: 'true'
port:
entity:
mappings:
identifier: .id
title: .attributes.name
blueprint: '"snykProject"'
properties:
url: ("https://app.snyk.io/org/" + .relationships.organization.data.id + "/project/" + .id | tostring)
businessCriticality: .attributes.business_criticality
environment: .attributes.environment
lifeCycle: .attributes.lifecycle
highOpenVulnerabilities: .meta.latest_issue_counts.high
mediumOpenVulnerabilities: .meta.latest_issue_counts.medium
lowOpenVulnerabilities: .meta.latest_issue_counts.low
criticalOpenVulnerabilities: .meta.latest_issue_counts.critical
tags: .attributes.tags
targetOrigin: .origin
relations:
snyk_target: '.relationships.target.data.id'

Vulnerability

Vulnerability blueprint
{
"identifier": "snykVulnerability",
"title": "Snyk Vulnerability",
"icon": "Snyk",
"schema": {
"properties": {
"score": {
"icon": "Star",
"type": "number",
"title": "Score"
},
"packageName": {
"type": "string",
"title": "Package Name",
"icon": "DefaultProperty"
},
"packageVersions": {
"icon": "Package",
"title": "Package Versions",
"type": "array"
},
"type": {
"type": "string",
"title": "Type",
"enum": [
"vuln",
"license",
"configuration"
],
"icon": "DefaultProperty"
},
"severity": {
"icon": "Alert",
"title": "Issue Severity",
"type": "string",
"enum": ["low", "medium", "high", "critical"],
"enumColors": {
"low": "green",
"medium": "yellow",
"high": "red",
"critical": "red"
}
},
"url": {
"icon": "Link",
"type": "string",
"title": "Issue URL",
"format": "url"
},
"language": {
"type": "string",
"title": "Language",
"icon": "DefaultProperty"
},
"publicationTime": {
"type": "string",
"format": "date-time",
"title": "Publication Time",
"icon": "DefaultProperty"
},
"isPatched": {
"type": "boolean",
"title": "Is Patched",
"icon": "DefaultProperty"
}
},
"required": []
},
"mirrorProperties": {},
"calculationProperties": {},
"relations": {
"project": {
"title": "Project",
"target": "snykProject",
"required": false,
"many": false
}
}
}
Integration configuration
createMissingRelatedEntities: true
deleteDependentEntities: true
resources:
- kind: issue
selector:
query: '.issueType == "vuln"'
port:
entity:
mappings:
identifier: .issueData.id
title: .issueData.title
blueprint: '"snykVulnerability"'
properties:
score: .priorityScore
packageName: .pkgName
packageVersions: .pkgVersions
type: .issueType
severity: .issueData.severity
url: .issueData.url
language: .issueData.language // .issueType
publicationTime: .issueData.publicationTime
isPatched: .isPatched
relations:
project: '.links.paths | split("/") | .[8]'

Let's Test It

This section includes a sample response data from Snyk. In addition, it includes the entity created from the resync event based on the Ocean configuration provided in the previous section.

Payload

Here is an example of the payload structure from Snyk:

Organization response data
{
"name": "My Other Org",
"id": "a04d9cbd-ae6e-44af-b573-0556b0ad4bd2",
"slug": "my-other-org",
"url": "https://api.snyk.io/org/my-other-org",
"group": {
"name": "ACME Inc.",
"id": "a060a49f-636e-480f-9e14-38e773b2a97f"
}
}
Target response data
{
"attributes": {
"created_at": "2022-09-01T00:00:00Z",
"display_name": "snyk-fixtures/goof",
"is_private": false,
"url": "http://github.com/snyk/local-goof"
},
"id": "55a348e2-c3ad-4bbc-b40e-9b232d1f4121",
"relationships": {
"integration": {
"data": {
"attributes": {
"integration_type": "gitlab"
},
"id": "7667dae6-602c-45d9-baa9-79e1a640f199",
"type": "integration"
}
},
"organization": {
"data": {
"id": "e661d4ef-5ad5-4cef-ad16-5157cefa83f5",
"type": "organization"
}
}
},
"type": "target"
}
Project response data
{
"name": "snyk/goof",
"id": "af137b96-6966-46c1-826b-2e79ac49bbd9",
"created": "2018-10-29T09:50:54.014Z",
"origin": "github",
"type": "maven",
"readOnly": false,
"testFrequency": "daily",
"totalDependencies": 42,
"issueCountsBySeverity": {
"low": 13,
"medium": 8,
"high": 1,
"critical": 3
},
"imageId": "sha256:caf27325b298a6730837023a8a342699c8b7b388b8d878966b064a1320043019",
"imageTag": "latest",
"imageBaseImage": "alpine:3",
"imagePlatform": "linux/arm64",
"imageCluster": "Production",
"hostname": null,
"remoteRepoUrl": "https://github.com/snyk/goof.git",
"lastTestedDate": "2019-02-05T08:54:07.704Z",
"browseUrl": "https://app.snyk.io/org/4a18d42f-0706-4ad0-b127-24078731fbed/project/af137b96-6966-46c1-826b-2e79ac49bbd9",
"importingUser": {
"id": "e713cf94-bb02-4ea0-89d9-613cce0caed2",
"name": "example-user@snyk.io",
"username": "exampleUser",
"email": "example-user@snyk.io"
},
"isMonitored": false,
"branch": null,
"targetReference": null,
"tags": [
{
"key": "example-tag-key",
"value": "example-tag-value"
}
],
"attributes": {
"criticality": ["high"],
"environment": ["backend"],
"lifecycle": ["development"]
},
"remediation": {
"upgrade": {},
"patch": {},
"pin": {}
}
}
Vulnerability response data
{
"id": "npm:ms:20170412",
"issueType": "vuln",
"pkgName": "ms",
"pkgVersions": ["1.0.0"],
"issueData": {
"id": "npm:ms:20170412",
"title": "Regular Expression Denial of Service (ReDoS)",
"severity": "low",
"originalSeverity": "high",
"url": "https://snyk.io/vuln/npm:ms:20170412",
"description": "`## Overview\\r\\n[`ms`](https://www.npmjs.com/package/ms) is a tiny millisecond conversion utility.\\r\\n\\r\\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) due to an incomplete fix for previously reported vulnerability [npm:ms:20151024](https://snyk.io/vuln/npm:ms:20151024). The fix limited the length of accepted input string to 10,000 characters, and turned to be insufficient making it possible to block the event loop for 0.3 seconds (on a typical laptop) with a specially crafted string passed to `ms",
"identifiers": {
"CVE": [],
"CWE": ["CWE-400"],
"OSVDB": []
},
"credit": ["Snyk Security Research Team"],
"exploitMaturity": "no-known-exploit",
"semver": {
"vulnerable": [">=0.7.1 <2.0.0"],
"unaffected": ""
},
"publicationTime": "2017-05-15T06:02:45Z",
"disclosureTime": "2017-04-11T21:00:00Z",
"CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"cvssScore": 3.7,
"language": "js",
"patches": [
{
"id": "patch:npm:ms:20170412:0",
"urls": [
"https://snyk-patches.s3.amazonaws.com/npm/ms/20170412/ms_100.patch"
],
"version": "=1.0.0",
"comments": [],
"modificationTime": "2019-12-03T11:40:45.863964Z"
}
],
"nearestFixedInVersion": "2.0.0",
"path": "[DocId: 1].input.spec.template.spec.containers[snyk2].securityContext.privileged",
"violatedPolicyPublicId": "SNYK-CC-K8S-1",
"isMaliciousPackage": true
},
"introducedThrough": [
{
"kind": "imageLayer",
"data": {}
}
],
"isPatched": false,
"isIgnored": false,
"ignoreReasons": [
{
"reason": "",
"expires": "",
"source": "cli"
}
],
"fixInfo": {
"isUpgradable": false,
"isPinnable": false,
"isPatchable": false,
"isFixable": false,
"isPartiallyFixable": false,
"nearestFixedInVersion": "2.0.0",
"fixedIn": ["2.0.0"]
},
"priority": {
"score": 399,
"factors": [{}, "name: `isFixable`", "description: `Has a fix available`"]
},
"links": {
"paths": ""
}
}

Alternative installation via webhook

While the Ocean integration described above is the recommended installation method, you may prefer to use a webhook to ingest data from Snyk. If so, use the following instructions:

Webhook installation (click to expand)

In this example you are going to create a webhook integration between Snyk and Port, which will ingest Snyk code and infrastructure vulnerability entities into Port.

Port configuration

Create the following blueprint definition:

Snyk vulnerability blueprint
{
"identifier": "snykVulnerability",
"description": "This blueprint represents a Snyk vulnerability in our software catalog",
"title": "Snyk Vulnerability",
"icon": "Snyk",
"schema": {
"properties": {
"organizationUrl": {
"type": "string",
"format": "url",
"title": "Organization URL"
},
"organizationName": {
"type": "string",
"title": "Organization Name"
},
"projectName": {
"type": "string",
"title": "Project Name"
},
"projectOrigin": {
"type": "string",
"title": "Project Origin"
},
"branchName": {
"type": "string",
"title": "Branch Name"
},
"pkgName": {
"type": "string",
"title": "Package Name"
},
"issueType": {
"type": "string",
"title": "Issue Type"
},
"issueSeverity": {
"type": "string",
"title": "Issue Severity"
},
"issueURL": {
"type": "string",
"format": "url",
"title": "Issue URL"
},
"issueStatus": {
"type": "string",
"title": "Issue Status",
"enum": ["added", "removed"],
"enumColors": {
"added": "red",
"removed": "green"
}
}
},
"required": []
},
"mirrorProperties": {},
"calculationProperties": {},
"relations": {}
}

Create the following webhook configuration using Port UI

Snyk vulnerability webhook configuration
  1. Basic details tab - fill the following details:

    1. Title : Snyk Mapper;
    2. Identifier : snyk_mapper;
    3. Description : A webhook configuration to map Snyk vulnerability to Port;
    4. Icon : Snyk;
  2. Integration configuration tab - fill the following JQ mapping:

    [
    {
    "blueprint": "snykVulnerability",
    "itemsToParse": ".body.newIssues",
    "filter": ".body.newIssues | length > 0",
    "entity": {
    "identifier": ".item.id",
    "title": ".item.issueData.title",
    "properties": {
    "organizationUrl": ".body.org.url",
    "organizationName": ".body.org.name",
    "projectName": ".body.project.name",
    "projectOrigin": ".body.project.origin",
    "branchName": ".body.project.branch",
    "issueType": ".item.issueType",
    "pkgName": ".item.pkgName",
    "issueSeverity": ".item.issueData.severity",
    "issueURL": ".item.issueData.url",
    "issueStatus": "'added'"
    }
    }
    },
    {
    "blueprint": "snykVulnerability",
    "itemsToParse": ".body.removedIssues",
    "filter": ".body.removedIssues | length > 0",
    "entity": {
    "identifier": ".item.id",
    "title": ".item.issueData.title",
    "properties": {
    "organizationUrl": ".body.org.url",
    "organizationName": ".body.org.name",
    "projectName": ".body.project.name",
    "projectOrigin": ".body.project.origin",
    "branchName": ".body.project.branch",
    "issueType": ".item.issueType",
    "pkgName": ".item.pkgName",
    "issueSeverity": ".item.issueData.severity",
    "issueURL": ".item.issueData.url",
    "issueStatus": "'removed'"
    }
    }
    }
    ]
  3. Scroll down to Advanced settings and input the following details:

    1. secret: WEBHOOK_SECRET;
    2. Signature Header Name : x-hub-signature;
    3. Signature Algorithm : Select sha256 from dropdown option;
    4. Signature Prefix : sha256=
    5. Click Save at the bottom of the page.

Remember to replace the WEBHOOK_SECRET with the real secret you specify when creating the webhook in Snyk.

Create a webhook in Snyk

  1. Go to Snyk and select an account you want to configure the webhook for;
  2. Click on Settings at the left of the page and copy your organization ID under the Organization ID section;
  3. Navigate to your Snyk accounts page and copy your API token. You will use this value to authorize the REST API;
  4. Open any REST API client such as POSTMAN and make the following API call to create your webhook:
    1. API URL - use https://api.snyk.io/v1/org/`YOUR_ORG_ID`/webhooks;
    2. Method - select POST
    3. Authorization - The API token should be supplied in an Authorization header as Authorization: token YOUR_API_KEY;
    4. Request Body - The body of your request should be in a JSON format. Past the following information in the body text
    {
    "url": "https://ingest.getport.io/<YOUR_PORT_WEBHOOK_KEY>",
    "secret": "WEBHOOK_SECRET"
    }
  5. Click Send to create your Snyk webhook;
note

You can also create the Snyk webhook using the curl command below:

curl -X POST \
-H "Authorization: token YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{"url": "https://ingest.getport.io/<YOUR_PORT_WEBHOOK_KEY>", "secret": "WEBHOOK_SECRET"}' \
https://api.snyk.io/v1/org/<YOUR_ORG_ID>/webhooks

Done! Any vulnerability detected on your source code will trigger a webhook event to the webhook URL provided by Port. Port will parse the events according to the mapping and update the catalog entities accordingly.