Official

Premium

Snyk source integration documentation

The CloudQuery Snyk plugin pulls configuration out of Snyk resources and loads it into any supported CloudQuery destination

Publisher

cloudquery

Latest version

v8.1.3

Type

Source

Platforms

Date Published

Documentation Tables Changelog Destinations

Overview Licenses

Overview #

The CloudQuery Snyk plugin pulls configuration out of Snyk resources and loads it into any supported CloudQuery destination (e.g. PostgreSQL, BigQuery, Snowflake, and more).

Authentication #

In order to fetch information from Snyk, cloudquery needs to be authenticated. An API key is required for authentication. See Authentication for API for more information.

Snyk Source Plugin Configuration Reference

Example #

This example syncs from Snyk to a Postgres destination, using api_key authentication. The (top level) source spec section is described in the Source Spec Reference.

kind: source
# Common source-plugin configuration
spec:
  name: snyk
  path: cloudquery/snyk
  registry: cloudquery
  version: "v8.1.3"
  tables:
    - "snyk_audit_logs"
    - "snyk_container_images"
    - "snyk_custom_base_images"
    - "snyk_issues"
    - "snyk_organizations"
    - "snyk_projects"
    - "snyk_sbom"
  destinations: ["postgresql"]
  # Snyk specific configuration
  # Learn more about the configuration options at https://cql.ink/snyk_source
  spec:
    # required
    api_key: "${SNYK_API_KEY}"
    # optional, default: all organizations accessible via `api_key`
    organizations:
      - "<YOUR_ORG_1>"
      - "<YOUR_ORG_2>"
    # optional, default: all projects accessible via `api_key`
    projects:
      - "<YOUR_PROJECT_1>"
      - "<YOUR_PROJECT_2>"

Snyk Spec #

This is the (nested) spec used by the Snyk source plugin.

api_key (string) (required)
An API key to access Snyk resources. See Authentication for API for more information.
organizations ([]string) (optional) (default: all organizations accessible via api_key)
You can choose to limit what organizations to sync information from.
projects ([]string) (optional) (default: all projects accessible via api_key)
You can choose to limit what projects to sync information from.
endpoint_url (string) (optional) (default: https://api.snyk.io/rest)
Endpoint URL to make the API requests to.
table_options (Table Options spec) (optional)
Options to apply to specific tables. See [Table Options](#Table Options) for more information.
concurrency (integer) (optional) (default: 10000)
Amount of concurrent request that may be issued to Snyk API.
scheduler (string) (optional) (default: dfs) The scheduler to use when determining the priority of resources to sync. Supported values are dfs (depth-first search), round-robin, shuffle and shuffle-queue.
For more information about this, see performance tuning.

Snyk Table Options Spec #

audit_logs
- from (string formatted as ISO 8601 time string) (optional)
  Sync audit logs created after this date.
  Examples: 2022-01-01T01:00:01.000Z.
- to (string formatted as ISO 8601 time string) (optional)
  Sync audit logs created before this date.
  Examples: 2024-12-31T23:59:59.999Z.
group_audit_logs
- from (string formatted as ISO 8601 time string) (optional)
  Sync group audit logs created after this date.
  Examples: 2022-01-01T01:00:01.000Z.
- to (string formatted as ISO 8601 time string) (optional)
  Sync group audit logs created before this date.
  Examples: 2024-12-31T23:59:59.999Z.
issues
- created_after (string formatted as ISO 8601 time string) (optional)
  Sync issues created after this time.
  Examples: 2022-01-01T01:00:01.000Z.
- created_before (string formatted as ISO 8601 time string) (optional)
  Sync issues created before this time.
  Examples: 2024-12-31T23:59:59.999Z.
- updated_after (string formatted as ISO 8601 time string) (optional)
  Sync issues updated after this time.
  Examples: 2022-01-01T01:00:01.000Z.
- updated_before (string formatted as ISO 8601 time string) (optional)
  Sync issues updated before this time.
  Examples: 2024-12-31T23:59:59.999Z.

Note: Utilizing relative timestamps in table options using ${time:} substitution will result in incremental syncs performing a full sync on each attempt.

Full config example #

Below is an example of the full config file with all the optional fields.

kind: source
spec:
  name: snyk
  path: cloudquery/snyk
  registry: cloudquery
  version: "v8.1.3"
  tables:
    - "snyk_audit_logs"
    - "snyk_container_images"
    - "snyk_custom_base_images"
    - "snyk_issues"
    - "snyk_organizations"
    - "snyk_projects"
    - "snyk_sbom"
  destinations: ["postgresql"]

  spec:
    # required fields:
    api_key: "${SNYK_API_KEY}"
    
    # optional fields:
    organizations:
      - "<YOUR_ORG_1>"
      - "<YOUR_ORG_2>"
    projects:
      - "<YOUR_PROJECT_1>"
      - "<YOUR_PROJECT_2>"
    endpoint_url: "api.snyk.io"
    table_options:
      audit_logs:
        from: "2022-01-01"
        to: "2024-12-31"
      issues:
        created_after: "2022-01-01T01:00:01.000Z"
        created_before: "2024-12-31T23:59:59.999Z"
    concurrency: 10000

Licenses #

The following tools / packages are used in this plugin:

Name	License
github.com/adrg/xdg	MIT
github.com/apache/arrow-go/v18	Apache-2.0
github.com/apache/arrow/go/v13	Apache-2.0
github.com/apapsch/go-jsonmerge/v2	MIT
github.com/aws/aws-sdk-go-v2	Apache-2.0
github.com/aws/aws-sdk-go-v2/config	Apache-2.0
github.com/aws/aws-sdk-go-v2/credentials	Apache-2.0
github.com/aws/aws-sdk-go-v2/feature/ec2/imds	Apache-2.0
github.com/aws/aws-sdk-go-v2/internal/configsources	Apache-2.0
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2	Apache-2.0
github.com/aws/aws-sdk-go-v2/internal/ini	Apache-2.0
github.com/aws/aws-sdk-go-v2/internal/sync/singleflight	BSD-3-Clause
github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding	Apache-2.0
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url	Apache-2.0
github.com/aws/aws-sdk-go-v2/service/licensemanager	Apache-2.0
github.com/aws/aws-sdk-go-v2/service/marketplacemetering	Apache-2.0
github.com/aws/aws-sdk-go-v2/service/sso	Apache-2.0
github.com/aws/aws-sdk-go-v2/service/ssooidc	Apache-2.0
github.com/aws/aws-sdk-go-v2/service/sts	Apache-2.0
github.com/aws/smithy-go	Apache-2.0
github.com/aws/smithy-go/internal/sync/singleflight	BSD-3-Clause
github.com/bahlo/generic-list-go	BSD-3-Clause
github.com/buger/jsonparser	MIT
github.com/cenkalti/backoff/v5	MIT
github.com/cloudquery/cloudquery-api-go	MPL-2.0
github.com/cloudquery/codegen/jsonschema/docs	MPL-2.0
github.com/cloudquery/plugin-pb-go	MPL-2.0
github.com/cloudquery/plugin-sdk/v2/internal/glob	MIT
github.com/cloudquery/plugin-sdk/v2/schema	MIT
github.com/cloudquery/plugin-sdk/v2/types	MPL-2.0
github.com/cloudquery/plugin-sdk/v4	MPL-2.0
github.com/cloudquery/plugin-sdk/v4/glob	MIT
github.com/cloudquery/plugin-sdk/v4/scalar	MIT
github.com/davecgh/go-spew/spew	ISC
github.com/deepmap/oapi-codegen/pkg/securityprovider	Apache-2.0
github.com/ghodss/yaml	MIT
github.com/go-logr/logr	Apache-2.0
github.com/go-logr/stdr	Apache-2.0
github.com/goccy/go-json	MIT
github.com/google/flatbuffers/go	Apache-2.0
github.com/google/uuid	BSD-3-Clause
github.com/grpc-ecosystem/go-grpc-middleware/v2/interceptors	Apache-2.0
github.com/grpc-ecosystem/grpc-gateway/v2	BSD-3-Clause
github.com/hashicorp/go-cleanhttp	MPL-2.0
github.com/hashicorp/go-retryablehttp	MPL-2.0
github.com/invopop/jsonschema	MIT
github.com/julienschmidt/httprouter	BSD-3-Clause
github.com/klauspost/compress	Apache-2.0
github.com/klauspost/compress/internal/snapref	BSD-3-Clause
github.com/klauspost/compress/zstd/internal/xxhash	MIT
github.com/mailru/easyjson	MIT
github.com/mattn/go-colorable	MIT
github.com/mattn/go-isatty	MIT
github.com/mitchellh/hashstructure/v2	MIT
github.com/oapi-codegen/runtime	Apache-2.0
github.com/pierrec/lz4/v4	BSD-3-Clause
github.com/pmezard/go-difflib/difflib	BSD-3-Clause
github.com/rs/zerolog	MIT
github.com/samber/lo	MIT
github.com/santhosh-tekuri/jsonschema/v6	Apache-2.0
github.com/spf13/cobra	Apache-2.0
github.com/spf13/pflag	BSD-3-Clause
github.com/stretchr/testify	MIT
github.com/thoas/go-funk	MIT
github.com/wk8/go-ordered-map/v2	Apache-2.0
github.com/zeebo/xxh3	BSD-2-Clause
go.opentelemetry.io/auto/sdk	Apache-2.0
go.opentelemetry.io/otel	Apache-2.0
go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp	Apache-2.0
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp	Apache-2.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace	Apache-2.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp	Apache-2.0
go.opentelemetry.io/otel/log	Apache-2.0
go.opentelemetry.io/otel/metric	Apache-2.0
go.opentelemetry.io/otel/sdk	Apache-2.0
go.opentelemetry.io/otel/sdk/log	Apache-2.0
go.opentelemetry.io/otel/sdk/metric	Apache-2.0
go.opentelemetry.io/otel/trace	Apache-2.0
go.opentelemetry.io/proto/otlp	Apache-2.0
golang.org/x/exp	BSD-3-Clause
golang.org/x/net	BSD-3-Clause
golang.org/x/sync	BSD-3-Clause
golang.org/x/sys	BSD-3-Clause
golang.org/x/text	BSD-3-Clause
golang.org/x/xerrors	BSD-3-Clause
google.golang.org/genproto/googleapis/api/httpbody	Apache-2.0
google.golang.org/genproto/googleapis/rpc/status	Apache-2.0
google.golang.org/grpc	Apache-2.0
google.golang.org/protobuf	BSD-3-Clause
gopkg.in/yaml.v2	Apache-2.0
gopkg.in/yaml.v3	MIT

Loading plugin documentation