• Browse topics
Login
Login

SNYK LEARN LOGIN

OTHER REGIONS

For Snyk Enterprise customers with regional contracts. More info

Integrations for asset management and discovery

Product Training

~10mins estimated

Overview

To configure Snyk inventory management, navigate to the Group level, and click the Integrations menu on the left.

  • Add integrations by clicking the Integration Hub option
INFO

Group vs Organization level integrations

  • Group-level integrations are designed to configure asset discovery and management-related integrations. This helps identify assets that Snyk does not monitor while providing application context and extra capabilities!
  • Organization-level integrations allow developer, security, and support teams to configure security scans for their applications, manage access, and generate reports.

Preconfigured integrations

  • Snyk products, are configured at the Organization level.
    • Snyk will automatically start to identify assets and create an inventory from the configured targets and projects.

Integration types

  • Application context - an external data source describing the asset or providing additional information pertinent to that asset. For example, Backstage provides the Owner, lifecycle, system, and other context.
  • Source Code Management (SCM) - Create direct connections to code repositories to identify assets that exist outside the Organization-level scans. This is the first integration you should configure using a token with broad visibility.

Snyk Inventory management

Integrating code repositories

  • Click on Integration Hub and select the code repository to connect, providing the necessary information for each field.

Application Context with Backstage , ServiceNow CMDB and other tools

There are two flavors of Application context sources: Backstage, and integration based sources.

For Backstage:

  • Snyk can consume Backstage files and utilize key fields for searching, setting policies, and providing application context.
  • Enable Backstage in the SCM integration settings if your supported file, such as catalog-info.yaml, is located in the root directory.
  • Update the field values if you are using different names or wish to display alternate values in Snyk.
  • The field usage is explained in the Backstage paragraph of the Policy and Inventory sections below.

For Integration sourced application context:

  • Click Integration Hub, select the relevant integration
  • Map the fields in Snyk to the corresponding elements for that integration.
  • Individual modules will be available in Snyk docs and Snyk Learn.

Important Considerations

When you integrate SCM code repositories with Snyk Essentials, use a secondary token. This token will allow access to the entire code repository, ensuring a complete overview rather than just the sections that have been imported into Snyk. This strategy offers an alternative view to using Snyk for security scans and reduces the risk of blind spots caused by limited tokens. Organizations often issue tokens that only provide access to their own applications.

  • Plan on your first import/sync taking up to 24 hours to complete.

Last Sync/Next Sync

Updates to your controls and assets are analyzed on a schedule. You can determine the last/next run by observing the "Last Sync" and "Next Sync" on each integration.

Video: 7m48s

Please note, that on the Group level integrations screen, the Integrations Hub button now appears as Add Integration .

Congratulations

You've completed this lesson on integrations for asset discovery and management ! Now you know more about how to discover and manage assets.

What to learn next?