Snyk is a platform that helps developers find and fix vulnerabilities in their open-source dependencies and container images. It scans the project's dependencies to identify and alerts about any known security vulnerabilities.

Usage of Snyk in SSD

• SSD mandates security scans on images using Snyk. It connects with Snyk to see if the required version of the image has been scanned and if not done, SSD generates a security issue.

• Once the Snyk scan is done, SSD pulls container security scan results from Snyk, and this data is used to calculate the overall security status of the images and application, to generate alerts and remediation.

• The scan results fetched by SSD will be displayed in the Vulnerability Management page, Artifact section of the DBOM and Alert Management page.

To Integrate Snyk:

1. Navigate to Config > Integrations.

2. In the Source panel, click Snyk.

3. The Snyk integration page is displayed.

4. Enter the token to access your Synk account in the Token field. (See Generating API Token for details on how to generate API token).

5. Enable the Helm Scan toggle button if you wish to add helm scan to the artifact stage.

Helm scans the helm charts continuously and automatically so that the security issues are addressed before the deployment. This scan is helpful when Kubernetes is used to run complex applications with many microservices as you can easily automate the deployment and management of the application, thus improving the reliability and stability.

4. Click Save. The Synk account gets integrated in the artifact stage.

5. Click Edit to edit the entered token.

8. Enter the new token and click Update.

The new values get updated.