Snyk is a Software as a Service application and cloud security platform. This guide walks you through the steps to gather the necessary information and configure a Snyk organization for the purpose of creating an integration with Synqly's Application Security connector.
Due to restrictions on access to the Snyk REST API, a Snyk Enterprise plan is required to use Snyk as an Application Security provider.
Before you begin, ensure that you have:
- A Snyk tenant with on the Snyk Enterprise plan
- Access to your Snyk organization with a user account that has either the Org Admin, Group Admin, or Group Member role
| Operation | Required Snyk Permissions |
|---|---|
| Query Applications | org.project.read |
| Query Application Findings | org.read org.project.read org.project.snapshot.read |
| Query findings across all applications | org.read org.project.read org.project.snapshot.read |
| Get Application Finding Details | org.read org.project.read org.project.snapshot.read |
Using a Service Account is recommended
See the Snyk Authentication for API docs page for more details.
- Log into Snyk with a user account that has either the Org Admin, Group Admin, or Group Member role.
- Select the organization you want to use with the Synqly integration and select Settings.
- Scroll to the section titled Organization ID, take note of this value and store this value in a safe location
- Select Serice Accounts
- Fill in the field titled Name and select a role that encompasses all of the required permissions. These permissions can be found in the section above titled Required Permissions
- Under Service account type select Oauth 2.0 Client credentials.
- Using an OAuth Service Account is recommended but a API key Service Account may be used if required
- Select Create service account
- Take note of either the Client ID and Client Secret values or the API Key value and store them in a safe location
- You have now created a new Snyk Organization Service Account. Proceed to the next section titled Configuring the Integration
For more information on Snyk Service Accounts, see the Snyk Service accounts docs page
| Integration Parameter | Description |
|---|---|
| Data Region | This is the data region in which your Snyk organization is hosted in. This value can be found in the Snyk URL and on the Snyk login page. For more information, see the Snyk documentation. |
| Organization ID | This is ID of the Snyk organization to use. This value can be found in the Snyk Organizations Settings page. |
| Client ID | This is the Client ID value generated from executing the steps above. |
| Client Secret | This is the Client Secret value generated from executing the steps above. |