Snyk Code
StackHawk’s official Snyk Code integration.
Overview
StackHawk with Snyk helps teams find security issues in open-source dependencies and proprietary code before they hit production. View your Snyk Code results, including the line of code, alongside your HawkScan findings. Teams use Snyk Code to show where there may be a vulnerability then confirm it is exploitable and validate with a StackHawk HawkScan. Correlating the two scan result sets immediately prioritizes issues for developers and enables them to confirm, reproduce and fix them quickly and efficiently.
Features
- As part of HawkScan runs, automatically link HawkScan Findings with Snyk Code Issues
- In the Finding Details view, a Snyk Code tab shows issue details with links to Snyk for further information
Requirements
StackHawk
- You must have a StackHawk account
- Your StackHawk Organization needs to be a Pro or Enterprise customer to use the Synk Code Integration
Snyk
- Your Snyk account must have Snyk V3 API access enabled, please contact Snyk support for more details
- You must have access to a valid Snyk Code project
- You must know your Snyk Organization ID. You can find this in Snyk:
Settings->General->Organization ID
- You must have a Snyk API Token. Ideally this would be a Service Account Snyk API Token, but a Personal Snyk API Token works as well.
Setup
- Log into StackHawk and visit the Snyk Integration page
- Click the
Enable Snyk
button - In the
Connect To Snyk
modal, enter your Snyk Organization ID and your Snyk API Token (Service Account or Personal API Token will work), and then clickNext
- In the
Connect Snyk Project
modal, select the Snyk Project and Application you want to connect, and then clickFinish
- Now on the Snyk Code Integration page, you should now see a
Connected Projects
list that shows the connected Snyk Project and Application.
Configuration
You can add and delete Connected Projects
in Snyk Code Integration
Usage
Once Snyk Code Integration is installed, the Snyk logo will appear throughout StackHawk when there is a Snyk connection. When a StackHawk Application and a Snyk Code Project are connected, HawkScan will link its Findings with correlated Snyk Code Issues for all Environments in the given Application.
Application Badging
Applications mapped to a Snyk project will have the logo under the name of the Application.
![]() |
Scan and Finding List Badging
When viewing the Scan list or the list of Findings on a specific scan, a SAST
column with be present. If this column has the Snyk logo, this means that there is a linked Snyk Code Issue.
Scan List
![]() |
Finding List
![]() |
Finding Details Snyk Code Tab
When looking at the details of a specific Finding that has a linked Snyk Code Issue, the Snyk Code
tab will be displayed. It will have details on the Snyk Code Issues, with links to Snyk for more information.
Note that the Snyk Code
tab in Finding Details will show at most 15 instances of the found Snyk Issue.
![]() |
TroubleShooting
If you are having problems setting up Snyk Code with StackHawk, please verify that your Snyk account has V3 API access.
If your scan results aren’t showing any linked Snyk Code Issues and you are expecting them to, make sure you have connected a StackHawk Application and Snyk Code Project in the Snyk Code Integration.
Snyk Issues will only be linked for scans run when an Application and Project are connected, there is no way to retroactively link past scans with Snyk Code issues.
Currently, it’s not possible to select a single Environment under an Application to map to a Snyk Code Project. Mappings are done at the Application level and so all scans for all Environments in that Application will get Findings linked with Snyk Code Issues.
Feedback
Have any suggestions, feature requests, or feedback to share? Drop us a line at support@stackhawk.com