Skip to main content

How to scan a Cloudflare connection for Asset Discovery

Learn how to connect with Cloudflare for Snyk API & Web’s Asset Discovery to identify assets from its attack surface.

Written by Ana Pascoal

Oftentimes, people are not aware of all the assets (web apps and APIs) their organization has, which leads them to overlook their vulnerabilities and inadvertently have them (and the organization) exposed to potential cyber-attacks. With Snyk API & Web’s Asset Discovery, you have a way of identifying your company’s assets so that you can effectively protect them before becoming a liability.

Scanning a Cloudflare connection for asset discovery involves two steps:

  1. Obtain the Cloudflare API Token

  2. Add the Cloudflare connection

This article describes these steps in detail.

Step 1: Obtain the Cloudflare API Token

To add a Cloudflare connection, you will need the Cloudflare API Token. To obtain it, follow these steps:

  1. Go to your Cloudflare account, click on My Profile, and then click on API Tokens, in order to access the User API Tokens tab.

    Note that Account API Tokens won't work in this scenario.

  2. Click on Create Token and then click on the Get Started button of the Create Custom Token configuration.

  3. Under the Permissions section, choose the Zone permission group, the item Zone, and the Read access permission.
    Then, add another Zone permission, with the item DNS, and with the Read access permission as well.

  4. Under the Zone Resources section, select the specific zones you want to include in the scan. We recommend choosing All zones to include current and future zones from your Cloudflare account.

  5. Click on Continue to summary to review the details and then click on Create Token.

  6. After the token is created, you will be presented with the token value. Copy the token and store it securely, as you will not be able to view it again. You will need this token value in the next step.

Step 2: Add the Cloudflare connection

In the Snyk API & Web app, add a Cloudflare connection for asset discovery as follows:

  1. Select the DISCOVERY tab and click the ADD SOURCE button to open the configuration.

  2. Select the Connect with Cloudflare option and click on NEXT.

  3. Paste the Cloudflare API Token (obtained in step 1) into the Cloudflare API Token field and click on CONNECT.

After successfully connecting with Cloudflare, Snyk API & Web will start running regular Discovery scans automatically on your Cloudflare account. In the Snyk API & Web app, check the DISCOVERY tab. Once the asset discovery is finished, you should have all the newly found assets added to the list. At the top of the page, you have information on the number of newly found assets, which you can click on to filter them in the list.

If, at any point, you wish to update or remove Snyk API & Web’s connection to Cloudflare, you can do so on the Integrations page on the Snyk API & Web app.

Did this answer your question?