StackHawk’s official Snyk Code integration.
StackHawk with Snyk helps teams find security issues in open-source dependencies and proprietary code before they hit production. View your Snyk Code results, including the line of code, alongside your HawkScan findings. Teams use Snyk Code to show where there may be a vulnerability then confirm it is exploitable and validate with a StackHawk HawkScan. Correlating the two scan result sets immediately prioritizes issues for developers and enables them to confirm, reproduce and fix them quickly and efficiently.
- As part of HawkScan runs, automatically link HawkScan Findings with Snyk Code Issues
- In the Finding Details view, a Snyk Code tab shows issue details with links to Snyk for further information
- You must have a StackHawk account
- Your StackHawk Organization needs to be a Pro or Enterprise customer to use the Synk Code Integration
- Your Snyk account must have Snyk V3 API access enabled, please contact Snyk support for more details
- You must have access to a valid Snyk Code project
- You must know your Snyk Organization ID. You can find this in Snyk:
- You must have a Snyk API Token. Ideally this would be a Service Account Snyk API Token, but a Personal Snyk API Token works as well.
- Log into StackHawk and visit the Snyk Integration page
- Click the
- In the
Connect To Snykmodal, enter your Snyk Organization ID and your Snyk API Token (Service Account or Personal API Token will work), and then click
- In the
Connect Snyk Projectmodal, select the Snyk Project and Application you want to connect, and then click
- Now on the Snyk Code Integration page, you should now see a
Connected Projectslist that shows the connected Snyk Project and Application.
You can add and delete
Connected Projects in Snyk Code Integration
Once Snyk Code Integration is installed, the Snyk logo will appear throughout StackHawk when there is a Snyk connection. When a StackHawk Application and a Snyk Code Project are connected, HawkScan will link its Findings with correlated Snyk Code Issues for all Environments in the given Application.
Applications mapped to a Snyk project will have the logo under the name of the Application.
When viewing the Scan list or the list of Findings on a specific scan, a
SAST column with be present. If this column has the Snyk logo, this means that there is a linked Snyk Code Issue.
When looking at the details of a specific Finding that has a linked Snyk Code Issue, the
Snyk Code tab will be displayed. It will have details on the Snyk Code Issues, with links to Snyk for more information.
Note that the
Snyk Code tab in Finding Details will show at most 15 instances of the found Snyk Issue.
If you are having problems setting up Snyk Code with StackHawk, please verify that your Snyk account has V3 API access.
If your scan results aren’t showing any linked Snyk Code Issues and you are expecting them to, make sure you have connected a StackHawk Application and Snyk Code Project in the Snyk Code Integration.
Snyk Issues will only be linked for scans run when an Application and Project are connected, there is no way to retroactively link past scans with Snyk Code issues.
Currently, it’s not possible to select a single Environment under an Application to map to a Snyk Code Project. Mappings are done at the Application level and so all scans for all Environments in that Application will get Findings linked with Snyk Code Issues.
Have any suggestions, feature requests, or feedback to share? Drop us a line at firstname.lastname@example.org