Skip to main content

Snyk

Our Snyk integration allows you to import organizations, targets, projects and issues from your Snyk account into Port, according to your mapping and definitions.

Common use cases

  • Map organizations, targets, projects and issues in your Snyk environment.
  • Watch for object changes (create/update/delete) in real-time, and automatically apply the changes to your entities in Port.
  • Create/delete Snyk objects using self-service actions.

Prerequisites

To install the integration, you need a Kubernetes cluster that the integration's container chart will be deployed to.

Please make sure that you have kubectl and helm installed on your machine, and that your kubectl CLI is connected to the Kubernetes cluster where you plan to install the integration.

Troubleshooting

If you are having trouble installing this integration, please refer to these troubleshooting steps.

Installation

Choose one of the following installation methods:

Using this installation option means that the integration will be able to update Port in real time using webhooks.

This table summarizes the available parameters for the installation. Set them as you wish in the script below, then copy it and run it in your terminal:

ParameterDescriptionRequired
port.clientIdYour Port client id
port.clientSecretYour Port client secret
port.baseUrlYour Port base url, relevant only if not using the default Port app
integration.identifierChange the identifier to describe your integration
integration.typeThe integration type
integration.eventListener.typeThe event listener type
integration.secrets.tokenThe Snyk API token
integration.config.organizationIdThe Snyk organization ID. Fetches data for this organization when provided
integration.config.groupsA comma-separated list of Snyk group ids to filter data for. Fetches data for organizations within the specified groups
integration.config.apiUrlThe Snyk API URL. If not specified, the default will be https://api.snyk.io
integration.config.appHostThe host of the Port Ocean app. Used to set up the integration endpoint as the target for Webhooks created in Snyk
integration.secret.webhookSecretThis is a password you create, that Snyk uses to sign webhook events to Port
scheduledResyncIntervalThe number of minutes between each resync
initializePortResourcesDefault true, When set to true the integration will create default blueprints and the port App config Mapping

To install the integration using ArgoCD, follow these steps:

  1. Create a values.yaml file in argocd/my-ocean-snyk-integration in your git repository with the content:
Default behaviour

By default, the integration fetches all organizations associated with the provided Snyk token.

Remember to replace the placeholder for SNYK_TOKEN.

initializePortResources: true
scheduledResyncInterval: 120
integration:
identifier: my-ocean-snyk-integration
type: snyk
eventListener:
type: POLLING
secrets:
token: SNYK_TOKEN

If you wish to customize access, the following configurations are available:

  • The organizationId key is used to restrict access to a specific organization. If specified in the values.yaml file, the integration will fetch data only for the provided organization.
Configuration variable replacement

Remember to replace the placeholders for SNYK_TOKEN and SNYK_ORGANIZATION_ID.

initializePortResources: true
scheduledResyncInterval: 120
integration:
identifier: my-ocean-snyk-integration
type: snyk
eventListener:
type: POLLING
config:
organizationId: SNYK_ORGANIZATION_ID
secrets:
token: SNYK_TOKEN

  • The groups key is used to restrict access to all organizations within specific Snyk groups. In the values.yaml file, provide a comma-separated list of Snyk group IDs to the groups key, and the integration will filter data for all organizations in the group(s).
Configuration variable replacement

Remember to replace the placeholders for SNYK_TOKEN and SNYK_GROUPS.

initializePortResources: true
scheduledResyncInterval: 120
integration:
identifier: my-ocean-snyk-integration
type: snyk
eventListener:
type: POLLING
config:
groups: SNYK_GROUPS
secrets:
token: SNYK_TOKEN

  1. Install the my-ocean-snyk-integration ArgoCD Application by creating the following my-ocean-snyk-integration.yaml manifest:
Configuration variable replacement

Remember to replace the placeholders for YOUR_PORT_CLIENT_ID YOUR_PORT_CLIENT_SECRET and YOUR_GIT_REPO_URL.

Multiple sources ArgoCD documentation can be found here.

ArgoCD Application
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: my-ocean-snyk-integration
namespace: argocd
spec:
destination:
namespace: my-ocean-snyk-integration
server: https://kubernetes.default.svc
project: default
sources:
- repoURL: 'https://port-labs.github.io/helm-charts/'
chart: port-ocean
targetRevision: 0.1.14
helm:
valueFiles:
- $values/argocd/my-ocean-snyk-integration/values.yaml
parameters:
- name: port.clientId
value: YOUR_PORT_CLIENT_ID
- name: port.clientSecret
value: YOUR_PORT_CLIENT_SECRET
- repoURL: YOUR_GIT_REPO_URL
targetRevision: main
ref: values
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true

  1. Apply your application manifest with kubectl:
kubectl apply -f my-ocean-snyk-integration.yaml
Advanced integration configuration

For advanced configuration such as proxies or self-signed certificates, click here.

Ingesting Snyk objects

The Snyk integration uses a YAML configuration to describe the process of loading data into the developer portal.

Here is an example snippet from the config which demonstrates the process for getting project data from Snyk:

createMissingRelatedEntities: true
deleteDependentEntities: true
resources:
- kind: project
selector:
query: "true"
port:
entity:
mappings:
identifier: .id
title: .attributes.name
blueprint: '"snykProject"'
properties:
url: ("https://app.snyk.io/org/" + .relationships.organization.data.id + "/project/" + .id | tostring)
owner: .__owner.email
businessCriticality: .attributes.business_criticality
environment: .attributes.environment
lifeCycle: .attributes.lifecycle
highOpenVulnerabilities: .meta.latest_issue_counts.high
mediumOpenVulnerabilities: .meta.latest_issue_counts.medium
lowOpenVulnerabilities: .meta.latest_issue_counts.low
criticalOpenVulnerabilities: .meta.latest_issue_counts.critical
importedBy: .__importer.email
tags: .attributes.tags

The integration makes use of the JQ JSON processor to select, modify, concatenate, transform and perform other operations on existing fields and values from Snyk's API events.

note

In a case where an api request to Snyk's api will receive error code SNYK-9999 which means that Snyk experienced an internal error, the resync will continue to export and log that error. This might result in some data missing from the portal. In such cases head to the Event Log inside the integration section and look for that error it will have all the information required to contact snyk to investigate that error

Configuration structure

The integration configuration determines which resources will be queried from Snyk, and which entities and properties will be created in Port.

Supported resources

The following resources can be used to map data from Snyk, it is possible to reference any field that appears in the API responses linked below for the mapping configuration.

  • The root key of the integration configuration is the resources key:

    resources:
    - kind: project
    selector:
    ...
  • The kind key is a specifier for a Snyk object:

      resources:
    - kind: project
    selector:
    ...
  • The selector and the query keys allow you to filter which objects of the specified kind will be ingested into your software catalog:

    resources:
    - kind: project
    selector:
    query: "true" # JQ boolean expression. If evaluated to false - this object will be skipped.
    port:
  • The port, entity and the mappings keys are used to map the Snyk object fields to Port entities. To create multiple mappings of the same kind, you can add another item in the resources array;

    resources:
    - kind: project
    selector:
    query: "true"
    port:
    entity:
    mappings: # Mappings between one Snyk object to a Port entity. Each value is a JQ query.
    identifier: .id
    title: .attributes.name
    blueprint: '"snykProject"'
    properties:
    url: ("https://app.snyk.io/org/" + .relationships.organization.data.id + "/project/" + .id | tostring)
    owner: .__owner.email
    businessCriticality: .attributes.business_criticality
    environment: .attributes.environment
    lifeCycle: .attributes.lifecycle
    highOpenVulnerabilities: .meta.latest_issue_counts.high
    mediumOpenVulnerabilities: .meta.latest_issue_counts.medium
    lowOpenVulnerabilities: .meta.latest_issue_counts.low
    criticalOpenVulnerabilities: .meta.latest_issue_counts.critical
    importedBy: .__importer.email
    tags: .attributes.tags
    - kind: project # In this instance project is mapped again with a different filter
    selector:
    query: '.name == "MyProjectName"'
    port:
    entity:
    mappings: ...
    Blueprint key

    Note the value of the blueprint key - if you want to use a hardcoded string, you need to encapsulate it in 2 sets of quotes, for example use a pair of single-quotes (') and then another pair of double-quotes (")

Ingest data into Port

To ingest Snyk objects using the integration configuration, you can follow the steps below:

  1. Go to the DevPortal Builder page.
  2. Select a blueprint you want to ingest using Snyk.
  3. Choose the Ingest Data option from the menu.
  4. Select Snyk under the Code quality & security providers category.
  5. Modify the configuration according to your needs.
  6. Click Resync.

Examples

Examples of blueprints and the relevant integration configurations:

Organization

Organization blueprint
{
"identifier": "snykOrganization",
"title": "Snyk Organization",
"icon": "Snyk",
"schema": {
"properties": {
"url": {
"type": "string",
"title": "URL",
"format": "url",
"icon": "Snyk"
},
"slug": {
"type": "string",
"title": "Slug"
}
},
"required": []
},
"mirrorProperties": {},
"calculationProperties": {},
"aggregationProperties": {},
"relations": {}
}
Integration configuration
createMissingRelatedEntities: true
deleteDependentEntities: true
resources:
- kind: organization
selector:
query: 'true'
port:
entity:
mappings:
identifier: .id
title: .name
blueprint: '"snykOrganization"'
properties:
slug: .slug
url: ("https://app.snyk.io/org/" + .slug | tostring)

Target

Target blueprint
{
"identifier": "snykTarget",
"title": "Snyk Target",
"icon": "Snyk",
"schema": {
"properties": {
"criticalOpenVulnerabilities": {
"icon": "Vulnerability",
"type": "number",
"title": "Open Critical Vulnerabilities"
},
"highOpenVulnerabilities": {
"icon": "Vulnerability",
"type": "number",
"title": "Open High Vulnerabilities"
},
"mediumOpenVulnerabilities": {
"icon": "Vulnerability",
"type": "number",
"title": "Open Medium Vulnerabilities"
},
"lowOpenVulnerabilities": {
"icon": "Vulnerability",
"type": "number",
"title": "Open Low Vulnerabilities"
},
"origin": {
"title": "Target Origin",
"type": "string",
"enum": [
"artifactory-cr",
"aws-config",
"aws-lambda",
"azure-functions",
"azure-repos",
"bitbucket-cloud",
"bitbucket-server",
"cli",
"cloud-foundry",
"digitalocean-cr",
"docker-hub",
"ecr",
"gcr",
"github",
"github-cr",
"github-enterprise",
"gitlab",
"gitlab-cr",
"google-artifact-cr",
"harbor-cr",
"heroku",
"ibm-cloud",
"kubernetes",
"nexus-cr",
"pivotal",
"quay-cr",
"terraform-cloud"
]
}
},
"required": []
},
"mirrorProperties": {},
"calculationProperties": {},
"relations": {}
}
Integration configuration
createMissingRelatedEntities: true
deleteDependentEntities: true
resources:
- kind: target
selector:
query: "true"
port:
entity:
mappings:
identifier: .attributes.displayName
title: .attributes.displayName
blueprint: '"snykTarget"'
properties:
origin: .attributes.origin
highOpenVulnerabilities: "[.__projects[].meta.latest_issue_counts.high] | add"
mediumOpenVulnerabilities: "[.__projects[].meta.latest_issue_counts.medium] | add"
lowOpenVulnerabilities: "[.__projects[].meta.latest_issue_counts.low] | add"
criticalOpenVulnerabilities: "[.__projects[].meta.latest_issue_counts.critical] | add"

Project

Project blueprint
{
"identifier": "snykProject",
"title": "Snyk Project",
"icon": "Snyk",
"schema": {
"properties": {
"url": {
"type": "string",
"title": "URL",
"format": "url",
"icon": "Snyk"
},
"owner": {
"type": "string",
"title": "Owner",
"format": "user",
"icon": "TwoUsers"
},
"businessCriticality": {
"title": "Business Criticality",
"type": "array",
"items": {
"type": "string",
"enum": [
"critical",
"high",
"medium",
"low"
]
},
"icon": "DefaultProperty"
},
"environment": {
"items": {
"type": "string",
"enum": [
"frontend",
"backend",
"internal",
"external",
"mobile",
"saas",
"onprem",
"hosted",
"distributed"
]
},
"icon": "Environment",
"title": "Environment",
"type": "array"
},
"lifeCycle": {
"title": "Life Cycle",
"type": "array",
"items": {
"type": "string",
"enum": [
"development",
"sandbox",
"production"
]
},
"icon": "DefaultProperty"
},
"highOpenVulnerabilities": {
"icon": "Vulnerability",
"type": "number",
"title": "Open High Vulnerabilities"
},
"mediumOpenVulnerabilities": {
"icon": "Vulnerability",
"type": "number",
"title": "Open Medium Vulnerabilities"
},
"lowOpenVulnerabilities": {
"icon": "Vulnerability",
"type": "number",
"title": "Open Low Vulnerabilities"
},
"importedBy": {
"icon": "TwoUsers",
"type": "string",
"title": "Imported By",
"format": "user"
},
"tags": {
"type": "array",
"title": "Tags",
"icon": "DefaultProperty"
}
},
"required": []
},
"mirrorProperties": {},
"calculationProperties": {},
"relations": {
"snykVulnerabilities": {
"title": "Snyk Vulnerabilities",
"target": "snykVulnerability",
"required": false,
"many": true
},
"snykOrganization": {
"title": "Snyk Organization",
"target": "snykOrganization",
"required": true,
"many": false
}
}
}
Integration configuration
createMissingRelatedEntities: true
deleteDependentEntities: true
resources:
- kind: project
selector:
query: 'true'
port:
entity:
mappings:
identifier: .id
title: .attributes.name
blueprint: '"snykProject"'
properties:
url: ("https://app.snyk.io/org/" + .relationships.organization.data.id + "/project/" + .id | tostring)
owner: .__owner.email
businessCriticality: .attributes.business_criticality
environment: .attributes.environment
lifeCycle: .attributes.lifecycle
highOpenVulnerabilities: .meta.latest_issue_counts.high
mediumOpenVulnerabilities: .meta.latest_issue_counts.medium
lowOpenVulnerabilities: .meta.latest_issue_counts.low
criticalOpenVulnerabilities: .meta.latest_issue_counts.critical
importedBy: .__importer.email
tags: .attributes.tags
relations:
snykVulnerabilities: '[.__issues[] | select(.issueType == "vuln").issueData.id]'
snykOrganization: .relationships.organization.data.id

Vulnerability

Vulnerability blueprint
{
"identifier": "snykVulnerability",
"title": "Snyk Vulnerability",
"icon": "Snyk",
"schema": {
"properties": {
"score": {
"icon": "Star",
"type": "number",
"title": "Score"
},
"packageName": {
"type": "string",
"title": "Package Name",
"icon": "DefaultProperty"
},
"packageVersions": {
"icon": "Package",
"title": "Package Versions",
"type": "array"
},
"type": {
"type": "string",
"title": "Type",
"enum": [
"vuln",
"license",
"configuration"
],
"icon": "DefaultProperty"
},
"severity": {
"icon": "Alert",
"title": "Issue Severity",
"type": "string",
"enum": [
"low",
"medium",
"high",
"critical"
],
"enumColors": {
"low": "green",
"medium": "yellow",
"high": "red",
"critical": "red"
}
},
"url": {
"icon": "Link",
"type": "string",
"title": "Issue URL",
"format": "url"
},
"language": {
"type": "string",
"title": "Language",
"icon": "DefaultProperty"
},
"publicationTime": {
"type": "string",
"format": "date-time",
"title": "Publication Time",
"icon": "DefaultProperty"
},
"isPatched": {
"type": "boolean",
"title": "Is Patched",
"icon": "DefaultProperty"
}
},
"required": []
},
"mirrorProperties": {},
"calculationProperties": {},
"relations": {}
}
Integration configuration
createMissingRelatedEntities: true
deleteDependentEntities: true
resources:
- kind: issue
selector:
query: '.issueType == "vuln"'
port:
entity:
mappings:
identifier: .issueData.id
title: .issueData.title
blueprint: '"snykVulnerability"'
properties:
score: .priorityScore
packageName: .pkgName
packageVersions: .pkgVersions
type: .issueType
severity: .issueData.severity
url: .issueData.url
language: .issueData.language // .issueType
publicationTime: .issueData.publicationTime
isPatched: .isPatched

Let's Test It

This section includes a sample response data from Snyk. In addition, it includes the entity created from the resync event based on the Ocean configuration provided in the previous section.

Payload

Here is an example of the payload structure from Snyk:

Organization response data
{
"name": "My Other Org",
"id": "a04d9cbd-ae6e-44af-b573-0556b0ad4bd2",
"slug": "my-other-org",
"url": "https://api.snyk.io/org/my-other-org",
"group": {
"name": "ACME Inc.",
"id": "a060a49f-636e-480f-9e14-38e773b2a97f"
}
}
Target response data
Project response data
{
"name": "snyk/goof",
"id": "af137b96-6966-46c1-826b-2e79ac49bbd9",
"created": "2018-10-29T09:50:54.014Z",
"origin": "github",
"type": "maven",
"readOnly": false,
"testFrequency": "daily",
"totalDependencies": 42,
"issueCountsBySeverity": {
"low": 13,
"medium": 8,
"high": 1,
"critical": 3
},
"imageId": "sha256:caf27325b298a6730837023a8a342699c8b7b388b8d878966b064a1320043019",
"imageTag": "latest",
"imageBaseImage": "alpine:3",
"imagePlatform": "linux/arm64",
"imageCluster": "Production",
"hostname": null,
"remoteRepoUrl": "https://github.com/snyk/goof.git",
"lastTestedDate": "2019-02-05T08:54:07.704Z",
"browseUrl": "https://app.snyk.io/org/4a18d42f-0706-4ad0-b127-24078731fbed/project/af137b96-6966-46c1-826b-2e79ac49bbd9",
"importingUser": {
"id": "e713cf94-bb02-4ea0-89d9-613cce0caed2",
"name": "example-user@snyk.io",
"username": "exampleUser",
"email": "example-user@snyk.io"
},
"isMonitored": false,
"branch": null,
"targetReference": null,
"tags": [
{
"key": "example-tag-key",
"value": "example-tag-value"
}
],
"attributes": {
"criticality": ["high"],
"environment": ["backend"],
"lifecycle": ["development"]
},
"remediation": {
"upgrade": {},
"patch": {},
"pin": {}
}
}
Vulnerability response data
{
"id": "npm:ms:20170412",
"issueType": "vuln",
"pkgName": "ms",
"pkgVersions": ["1.0.0"],
"issueData": {
"id": "npm:ms:20170412",
"title": "Regular Expression Denial of Service (ReDoS)",
"severity": "low",
"originalSeverity": "high",
"url": "https://snyk.io/vuln/npm:ms:20170412",
"description": "`## Overview\\r\\n[`ms`](https://www.npmjs.com/package/ms) is a tiny millisecond conversion utility.\\r\\n\\r\\nAffected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) due to an incomplete fix for previously reported vulnerability [npm:ms:20151024](https://snyk.io/vuln/npm:ms:20151024). The fix limited the length of accepted input string to 10,000 characters, and turned to be insufficient making it possible to block the event loop for 0.3 seconds (on a typical laptop) with a specially crafted string passed to `ms",
"identifiers": {
"CVE": [],
"CWE": ["CWE-400"],
"OSVDB": []
},
"credit": ["Snyk Security Research Team"],
"exploitMaturity": "no-known-exploit",
"semver": {
"vulnerable": [">=0.7.1 <2.0.0"],
"unaffected": ""
},
"publicationTime": "2017-05-15T06:02:45Z",
"disclosureTime": "2017-04-11T21:00:00Z",
"CVSSv3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"cvssScore": 3.7,
"language": "js",
"patches": [
{
"id": "patch:npm:ms:20170412:0",
"urls": [
"https://snyk-patches.s3.amazonaws.com/npm/ms/20170412/ms_100.patch"
],
"version": "=1.0.0",
"comments": [],
"modificationTime": "2019-12-03T11:40:45.863964Z"
}
],
"nearestFixedInVersion": "2.0.0",
"path": "[DocId: 1].input.spec.template.spec.containers[snyk2].securityContext.privileged",
"violatedPolicyPublicId": "SNYK-CC-K8S-1",
"isMaliciousPackage": true
},
"introducedThrough": [
{
"kind": "imageLayer",
"data": {}
}
],
"isPatched": false,
"isIgnored": false,
"ignoreReasons": [
{
"reason": "",
"expires": "",
"source": "cli"
}
],
"fixInfo": {
"isUpgradable": false,
"isPinnable": false,
"isPatchable": false,
"isFixable": false,
"isPartiallyFixable": false,
"nearestFixedInVersion": "2.0.0",
"fixedIn": ["2.0.0"]
},
"priority": {
"score": 399,
"factors": [{}, "name: `isFixable`", "description: `Has a fix available`"]
},
"links": {
"paths": ""
}
}

Alternative installation via webhook

While the Ocean integration described above is the recommended installation method, you may prefer to use a webhook to ingest data from Snyk. If so, use the following instructions:

Webhook installation (click to expand)

In this example you are going to create a webhook integration between Snyk and Port, which will ingest Snyk code and infrastructure vulnerability entities into Port.

Port configuration

Create the following blueprint definition:

Snyk vulnerability blueprint
{
"identifier": "snykVulnerability",
"description": "This blueprint represents a Snyk vulnerability in our software catalog",
"title": "Snyk Vulnerability",
"icon": "Snyk",
"schema": {
"properties": {
"organizationUrl": {
"type": "string",
"format": "url",
"title": "Organization URL"
},
"organizationName": {
"type": "string",
"title": "Organization Name"
},
"projectName": {
"type": "string",
"title": "Project Name"
},
"projectOrigin": {
"type": "string",
"title": "Project Origin"
},
"branchName": {
"type": "string",
"title": "Branch Name"
},
"pkgName": {
"type": "string",
"title": "Package Name"
},
"issueType": {
"type": "string",
"title": "Issue Type"
},
"issueSeverity": {
"type": "string",
"title": "Issue Severity"
},
"issueURL": {
"type": "string",
"format": "url",
"title": "Issue URL"
},
"issueStatus": {
"type": "string",
"title": "Issue Status",
"enum": ["added", "removed"],
"enumColors": {
"added": "red",
"removed": "green"
}
}
},
"required": []
},
"mirrorProperties": {},
"calculationProperties": {},
"relations": {}
}

Create the following webhook configuration using Port UI

Snyk vulnerability webhook configuration
  1. Basic details tab - fill the following details:

    1. Title : Snyk Mapper;
    2. Identifier : snyk_mapper;
    3. Description : A webhook configuration to map Snyk vulnerability to Port;
    4. Icon : Snyk;
  2. Integration configuration tab - fill the following JQ mapping:

    [
    {
    "blueprint": "snykVulnerability",
    "itemsToParse": ".body.newIssues",
    "filter": ".body.newIssues | length > 0",
    "entity": {
    "identifier": ".item.id",
    "title": ".item.issueData.title",
    "properties": {
    "organizationUrl": ".body.org.url",
    "organizationName": ".body.org.name",
    "projectName": ".body.project.name",
    "projectOrigin": ".body.project.origin",
    "branchName": ".body.project.branch",
    "issueType": ".item.issueType",
    "pkgName": ".item.pkgName",
    "issueSeverity": ".item.issueData.severity",
    "issueURL": ".item.issueData.url",
    "issueStatus": "'added'"
    }
    }
    },
    {
    "blueprint": "snykVulnerability",
    "itemsToParse": ".body.removedIssues",
    "filter": ".body.removedIssues | length > 0",
    "entity": {
    "identifier": ".item.id",
    "title": ".item.issueData.title",
    "properties": {
    "organizationUrl": ".body.org.url",
    "organizationName": ".body.org.name",
    "projectName": ".body.project.name",
    "projectOrigin": ".body.project.origin",
    "branchName": ".body.project.branch",
    "issueType": ".item.issueType",
    "pkgName": ".item.pkgName",
    "issueSeverity": ".item.issueData.severity",
    "issueURL": ".item.issueData.url",
    "issueStatus": "'removed'"
    }
    }
    }
    ]
  3. Scroll down to Advanced settings and input the following details:

    1. secret: WEBHOOK_SECRET;
    2. Signature Header Name : x-hub-signature;
    3. Signature Algorithm : Select sha256 from dropdown option;
    4. Signature Prefix : sha256=
    5. Click Save at the bottom of the page.

Remember to replace the WEBHOOK_SECRET with the real secret you specify when creating the webhook in Snyk.

Create a webhook in Snyk

  1. Go to Snyk and select an account you want to configure the webhook for;
  2. Click on Settings at the left of the page and copy your organization ID under the Organization ID section;
  3. Navigate to your Snyk accounts page and copy your API token. You will use this value to authorize the REST API;
  4. Open any REST API client such as POSTMAN and make the following API call to create your webhook:
    1. API URL - use https://api.snyk.io/v1/org/`YOUR_ORG_ID`/webhooks;
    2. Method - select POST
    3. Authorization - The API token should be supplied in an Authorization header as Authorization: token YOUR_API_KEY;
    4. Request Body - The body of your request should be in a JSON format. Past the following information in the body text
    {
    "url": "https://ingest.getport.io/<YOUR_PORT_WEBHOOK_KEY>",
    "secret": "WEBHOOK_SECRET"
    }
  5. Click Send to create your Snyk webhook;
note

You can also create the Snyk webhook using the curl command below:

curl -X POST \
-H "Authorization: token YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{"url": "https://ingest.getport.io/<YOUR_PORT_WEBHOOK_KEY>", "secret": "WEBHOOK_SECRET"}' \
https://api.snyk.io/v1/org/<YOUR_ORG_ID>/webhooks

Done! Any vulnerability detected on your source code will trigger a webhook event to the webhook URL provided by Port. Port will parse the events according to the mapping and update the catalog entities accordingly.