Snyk
Port's Snyk integration allows you to model Snyk resources in your software catalog and ingest data into them.
Prerequisites
- A Snyk enterprise account.
- A Port organization with admin permissions.
The Snyk API is available for Enterprise customers only. Authentication using personal tokens from Snyk Free or Team plans is not supported. Learn More.
Setup
Choose your preferred installation method below. Not sure which to pick? See the installation methods overview.
Configuration
Port integrations use a YAML mapping block to ingest data from the third-party api into Port.
The mapping makes use of the JQ JSON processor to select, modify, concatenate, transform and perform other operations on existing fields and values from the integration API.
Default mapping configuration
This is the default mapping configuration for this integration:
Default mapping configuration (Click to expand)
deleteDependentEntities: true
createMissingRelatedEntities: true
enableMergeEntity: true
resources:
- kind: organization
selector:
query: 'true'
port:
entity:
mappings:
identifier: .id
title: .attributes.name
blueprint: '"snykOrganization"'
properties:
slug: .attributes.slug
url: ("https://app.snyk.io/org/" + .attributes.slug | tostring)
- kind: project
selector:
query: 'true'
attachIssuesToProject: 'false'
port:
entity:
mappings:
identifier: .id
title: .attributes.name
blueprint: '"snykProject"'
properties:
url: ("https://app.snyk.io/org/" + .__organization.slug + "/project/" + .id | tostring)
businessCriticality: .attributes.business_criticality
environment: .attributes.environment
lifeCycle: .attributes.lifecycle
highOpenVulnerabilities: .meta.latest_issue_counts.high
mediumOpenVulnerabilities: .meta.latest_issue_counts.medium
lowOpenVulnerabilities: .meta.latest_issue_counts.low
criticalOpenVulnerabilities: .meta.latest_issue_counts.critical
tags: .attributes.tags
targetOrigin: .attributes.origin
relations:
snyk_target: '.relationships.target.data.id'
- kind: target
selector:
query: 'true'
addProjectData: true
port:
entity:
mappings:
identifier: .id
title: .attributes.display_name
blueprint: '"snykTarget"'
properties:
origin: .relationships.integration.data.attributes.integration_type
relations:
snyk_organization: '.relationships.organization.data.id'
- kind: vulnerability
selector:
query: 'true'
port:
entity:
mappings:
identifier: .id
title: .attributes.title
blueprint: '"snykVulnerability"'
properties:
score: .attributes.risk.score.value
packageNames: '[.attributes.coordinates[].representations[].dependency?.package_name | select(. != null)]'
packageVersions: '[.attributes.coordinates[].representations[].dependency?.package_version | select(. != null)]'
severity: .attributes.effective_severity_level
url: ("https://app.snyk.io/org/" + .__organization.slug + "/project/" + .relationships.scan_item.data.id + "#issue-" + .attributes.key | tostring)
publicationTime: .attributes.created_at
status: .attributes.status
type: .attributes.type
relations:
project: .relationships.scan_item.data.id
Monitoring and sync status
To learn more about how to monitor and check the sync status of your integration, see the relevant documentation.
Mapping & examples per resource
Use the explorer below to view sample payloads and the resulting Port entities for each resource type.