Snyk Connector Guide

Summary: How to set up and use the Snyk connector in Ivanti Neurons.

Overview

Snyk OSS is an open-source security platform that allows developers to identify, prioritize, and automatically fix open-source vulnerabilities throughout the development process. Ivanti Neurons ASPM offers an API-based connector that integrates Snyk OSS vulnerability information into the Ivanti Neurons ASPM platform for further prioritization and accessibility. This connector does not ingest Snyk Code vulnerability information.

Snyk Configuration

  1. An account with Snyk and the Standard or Pro plan are required.
  2. Add one or more Project(s) to Snyk.
  3. View the Snyk Data Export Guide for more information on how to add project(s) and download issues in a CSV format.

Snyk User Permissions

Go to Settings in the Navigation Bar and select the Members tab on the left-hand side. Members can be invited and assigned a role on this page.

Snyk Connector - Settings and Members Menu Locations

Visit the Snyk Knowledge Center for more information on managing groups and organizations.

Connector Configuration in Ivanti Neurons

Setting Up the Snyk Connector

Navigate to the Automate > Integrations page.

Navigation - Automation - Integrations

Using the search bar in the upper-right corner of the Integrations page, type Snyk to find the connector. Locate the Snyk card under Applications and click Configuration.

Snyk Connector - Configuration Button Location

In the new window under Connection, complete the required fields, as described below.

Snyk Connector - Connector Configuration Window

  • Name: The connector’s name, e.g., “My Snyk Connector”.

  • URL: Snyk URL, e.g., https://api.snyk.io/.

  • API Key: The API token that has access to the Snyk Reporting API.

  • Network: Ivanti Neurons network name (ingested applications associated with this network).

Click Test Credentials to verify the credentials are correct and have access to make API calls to the Snyk instance.

Snyk Connector - Test Credentials

Configure the desired schedule for the connector to retrieve results from the Snyk instance and optionally turn on Enable auto URBA (Update Remediation by Assessment). User may specify the oldest scan data pull from the following options: 30 days, 60 days, 90 days, 6 months, or 1 year.

Snyk Connector - Oldest Scan Data Pull Options

Click Save to create the connector.

Snyk Connector - Save Button Location

Once saved, the connector is now visible on the Integrations page under Currently Configured Integrations.

Snyk Connector - Configured Snyk Connector

On the Configuration (Settings Menu - Gear - Small) > Uploads page, Snyk data is parsed from the scan file and displayed on the Applications and Application Findings pages.

Snyk OSS Data Mapping in Ivanti Neurons ASPM

The Scanner Name associated with these scans is SNYK, which can be used as a filter on both the Applications and Application Findings pages in Ivanti Neurons ASPM.

Applications Page

Application data extracted from the Snyk scan file is shown on the Applications page as an asset.

  • Address
  • URLs
  • Vulnerability Counts by Severity
  • Last Scan Date
  • Source
  • Package Manager
  • Affected Files
  • Last Discovered on
  • First Discovered on
  • Project ID
  • Project Origin
  • Test Frequency
  • Project Type
  • Business Criticality
  • Environment
  • Lifecycle
  • Status

Application Findings Page

All finding data extracted from the Snyk scan file is shown on the Application Findings page in Ivanti Neurons ASPM.

  • Findings that are Fixed or Ignored will not be displayed on the Application Findings page
  • Affected File is listed under Detailed Information
  • Additional Metadata Fields:
    • Risk Type (License, Security)
    • Module Name
    • Semantic Versioning
    • Published On
    • Language
    • Exploit Level
    • OSVDB
    • GHSA ID
    • NSP
    • First Discovered On
    • Last Discovered On
    • Package
    • Version

Severity Mapping

The Snyk scan file contains the following severity levels: high, medium, and low. Based on the type of plugin, Ivanti Neurons mapped these levels to Severity using the CHMLI scale as follows:

Snyk Severity

Mapping to Ivanti Neurons Severity

Security Issue Types

High

9

Medium

5

Low

3

License Issue Types

High

9

Medium

5

Low

3