Using the Vanta and Snyk integration, Vanta will collect projects and vulnerabilities from Snyk and display them under a new tab on the vulnerabilities page. You’ll be alerted if new vulnerabilities are added as well as if any of your vulnerabilities are approaching SLAs, so you can track remediation!
Prerequisites
In order to access the Snyk API, an Enterpise plan is required.
Procedure
Verify that your current Snyk plan supports Rich API
From Vanta, open the Integrations page and go to the Available tab
Find Snyk and click Connect
After clicking connect, the following pop-up will appear
Add the API token from your Snyk account
Select the correct Organization you want to integrate with Vanta
Alternatively, you may provide the API token from a service account
For every API Request, a Service Account is necessary to generate a token with the correct permissions. Ideally, users should have a Group Viewer token to have read-only access to all Snyk API Endpoints
Ensure you are in the correct Snyk Group and Organization
Select Validate and Store
Snyk Groups & Organizations
Snyk can segment its user base into Groups, and these groups can also be divided into Organizations.
You can choose how you would like to filter your resources by selecting Manage followed by Edit groups and organizations
Choose how you would like to filter your resources, and select Save