Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ By default, the Snyk CLI connects to `https://api.snyk.io/`. You can use the fol

`SNYK_API`

Specifying this variable sets the API host that will be used for Snyk requests. This is useful for [regional hosting](https://app.gitbook.com/s/ELvljsaLKPkSpffOkmsQ/regional-hosting-and-data-residency#cli-and-ci-pipeline-urls), on-premise instances, or when you are using a proxy server. If this variable is set with the `http` protocol, the CLI upgrades the requests to `https` unless `SNYK_HTTP_PROTOCOL_UPGRADE` is set to `0`.
Specifying this variable sets the API host used for Snyk requests. This is useful for [regional hosting](https://app.gitbook.com/s/ELvljsaLKPkSpffOkmsQ/regional-hosting-and-data-residency#cli-and-ci-pipeline-urls), on-premise instances, or when you are using a proxy server. If this variable is set with the `http` protocol, the CLI upgrades the requests to `https` unless `SNYK_HTTP_PROTOCOL_UPGRADE` is set to `0`.

`SNYK_HTTP_PROTOCOL_UPGRADE=0`

Expand All @@ -24,7 +24,7 @@ Specifying this variable disables all Snyk CLI analytics.

`SNYK_TOKEN`

Specifying this variable allows you to override the token that may be available in your Snyk configuration settings (`~/.config/configstore/snyk.json`). Use `SNYK_TOKEN` in a CI/CD environment. After setting `SNYK_TOKEN` you can [get started](../../../snyk-cli/getting-started-with-the-snyk-cli.md) using the CLI.
Specifying this variable lets you override the token available in your Snyk configuration settings (`~/.config/configstore/snyk.json`). Use `SNYK_TOKEN` in a CI/CD environment. After setting `SNYK_TOKEN` you can [get started](../../../snyk-cli/getting-started-with-the-snyk-cli.md) using the CLI.

For information on how to get your account token see [Authenticate the CLI with your account](../../../snyk-cli/authenticate-to-use-the-cli.md). You can also use a service account to authenticate; for more information see [Service accounts](https://app.gitbook.com/s/IgtgtomLQ2TUgSKOMSAm/service-accounts/service-accounts). For additional information, see [Authentication for third-party tools](../../../implementation-and-setup/enterprise-setup/authentication-for-third-party-tools.md).

Expand Down
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# Authentication for third-party tools

When you work with Snyk from within any third-party tool, Snyk requires authentication in order to initiate its processes.
When you work with Snyk from within any third-party tool, Snyk requires authentication to initiate its processes.

Snyk offers API tokens to enable integrations with third-party developer tools. You can authenticate through your personal account using your personal token or through a [service account](https://app.gitbook.com/s/IgtgtomLQ2TUgSKOMSAm/service-accounts/service-accounts) using the token associated with that account. When you authenticate through a service account, you do not use any personal token.

Expand Down
4 changes: 2 additions & 2 deletions developer-tools/integrations/event-forwarding/README.md
Original file line number Diff line number Diff line change
@@ -1,13 +1,13 @@
# Event forwarding

Snyk event forwarding integrations allow you to push Snyk platform events directly to certain products on other platforms, enabling you to set up custom alerting, build your own reporting, trigger automation, and more.
Snyk event forwarding integrations let you push Snyk platform events directly to certain products on other platforms, so you can set up custom alerting, build your own reporting, trigger automation, and more.

## Event types

Snyk supports sending two different types of events:

1. **Snyk issue events** - these events are sent when new issues are discovered in a Snyk Project, or when an issue is updated. Each event contains information about the vulnerability or other problem found, including whether a remediation is available.
2. **Snyk platform audit events** - these events are sent every time a Snyk user performs an action within the Snyk platform. For more information, see [Audit logs](https://app.gitbook.com/s/IgtgtomLQ2TUgSKOMSAm/user-management/user-management-with-the-api/retrieve-audit-logs-of-user-initiated-activity-by-api-for-an-org-or-group).
2. **Snyk platform audit events** - these events are sent every time a Snyk user performs an action in the Snyk platform. For more information, see [Audit logs](https://app.gitbook.com/s/IgtgtomLQ2TUgSKOMSAm/user-management/user-management-with-the-api/retrieve-audit-logs-of-user-initiated-activity-by-api-for-an-org-or-group).

{% hint style="info" %}
The **Snyk issue** event type does not include Snyk Cloud issues.
Expand Down
Original file line number Diff line number Diff line change
@@ -1,13 +1,13 @@
# Amazon EventBridge

The [Amazon EventBridge](https://aws.amazon.com/eventbridge/) integration sends Snyk platform events to EventBridge, allowing you to integrate Snyk events into your existing AWS environments. The integration can be configured to send two different types of events:
The [Amazon EventBridge](https://aws.amazon.com/eventbridge/) integration sends Snyk platform events to EventBridge, so you can integrate Snyk events into your existing AWS environments. You can configure the integration to send two different types of events:

* **Snyk issue events**: These events are sent when new issues are discovered in a Snyk Project, or when an issue is updated. Each event contains information about the vulnerability or other problem found, including whether a remediation is available.
* **Snyk platform audit events**: These events are sent every time a Snyk user performs an action within the Snyk platform. For more information, see [Retrieve audit logs of user-initiated activity by API for an Org or Group](https://app.gitbook.com/s/IgtgtomLQ2TUgSKOMSAm/user-management/user-management-with-the-api/retrieve-audit-logs-of-user-initiated-activity-by-api-for-an-org-or-group). This event type is available with Snyk Enterprise plans. For more information, see this page about [trials](https://app.gitbook.com/s/L7HyJj9FsK1W4pNt8Gzl/implementation-guides/enterprise-implementation-guide/trial-limitations) and [Plans and pricing](https://snyk.io/plans/).
* **Snyk platform audit events**: These events are sent every time a Snyk user performs an action in the Snyk platform. For more information, see [Retrieve audit logs of user-initiated activity by API for an Org or Group](https://app.gitbook.com/s/IgtgtomLQ2TUgSKOMSAm/user-management/user-management-with-the-api/retrieve-audit-logs-of-user-initiated-activity-by-api-for-an-org-or-group). This event type is available with Snyk Enterprise plans. For more information, see this page about [trials](https://app.gitbook.com/s/L7HyJj9FsK1W4pNt8Gzl/implementation-guides/enterprise-implementation-guide/trial-limitations) and [Plans and pricing](https://snyk.io/plans/).

To set up the integration, there are two steps:

1. Configure an EventBridge integration in the Snyk dashboard. This will create a Snyk **Partner Event Source** in your AWS account, which you can see in the EventBridge dashboard.
1. Configure an EventBridge integration in the Snyk dashboard. This creates a Snyk **Partner Event Source** in your AWS account, which you can see in the EventBridge dashboard.
2. Configure the Snyk integration in Amazon EventBridge. This step involves associating the Snyk event source created in step one with an EventBridge **Event Bus**.

After you complete these steps, Snyk immediately starts sending events to the configured event bus.
Expand All @@ -26,19 +26,19 @@ When the form is completed, click **Add integration**. After this step is done,

## Snyk App authorization

If this is the first time you have set up an Amazon EventBridge integration for your Organization, you will be prompted to complete the Snyk App authorization flow.
If this is the first time you have set up an Amazon EventBridge integration for your Organization, Snyk prompts you to complete the Snyk App authorization flow.

<figure><img src="../../.gitbook/assets/integrations-eventforwarding-eventbridge-auth.png" alt="" width="375"><figcaption></figcaption></figure>

After completing the authorization flow, you will be redirected to the settings page for the integration.
After completing the authorization flow, Snyk redirects you to the settings page for the integration.

## Configure the integration in Amazon EventBridge

After configuring the EventBridge integration on the Snyk side, you should see a new **Partner Event Source** in the EventBridge console. Navigate to the EventBridge console and navigate to the **Partner event sources** page under the **Integration** section.
After configuring the EventBridge integration on the Snyk side, a new **Partner Event Source** appears in the EventBridge console. Navigate to the EventBridge console and navigate to the **Partner event sources** page under the **Integration** section.

<figure><img src="../../.gitbook/assets/integrations-eventforwarding-eventbridge-eventsource.png" alt="Partner event sources"><figcaption><p>Partner event sources</p></figcaption></figure>

Snyk-generated event sources will have a naming pattern like this:
Snyk-generated event sources have a naming pattern like this:

`aws.partner/snyk.io/org_<SNYK_ORG_ID>/<EVENT_TYPE>`\
\
Expand All @@ -53,14 +53,14 @@ Navigate to the [EventBridge integration settings page](https://app.snyk.io/mana
Clicking on the name of the integration opens the integration settings page, which displays configuration information for the integration.

{% hint style="info" %}
Because EventBridge integrations create an external resource that depends on the configured AWS Account ID, Region, and event type, it is not possible to edit these configuration fields. If you need to change one of these fields, delete the integration and create a new one. This deletes the existing **partner event source** in AWS and creates a new one, which you will need to associate with an **event bus** as described above.
Because EventBridge integrations create an external resource that depends on the configured AWS Account ID, Region, and event type, it is not possible to edit these configuration fields. If you need to change one of these fields, delete the integration and create a new one. This deletes the existing **partner event source** in AWS and creates a new one, which you must associate with an **event bus** as described in the preceding steps.
{% endhint %}

To delete an integration, scroll to the bottom of the page and click the **Remove integration** button, then confirm the deletion.
To delete an integration, scroll to the bottom of the page and click **Remove integration**, then confirm the deletion.

<figure><img src="../../.gitbook/assets/integrations-eventforwarding-eventbridge-delete.png" alt="Remove integration"><figcaption><p>Remove integration</p></figcaption></figure>

This deletes the integration configuration on the Snyk side and the **Partner Event Source** associated with this integration in AWS. You can verify that the event source has been deleted in the EventBridge console.
This deletes the integration configuration on the Snyk side and the **Partner Event Source** associated with this integration in AWS. You can verify that Snyk deleted the event source in the EventBridge console.

## Understanding event data

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
The AWS CloudTrail Lake integration is available only with Snyk Enterprise plans. For more information, see [plans and pricing](https://snyk.io/plans/).
{% endhint %}

The AWS CloudTrail Lake integration allows you to forward [Snyk audit logs](https://app.gitbook.com/s/IgtgtomLQ2TUgSKOMSAm/user-management/user-management-with-the-api/retrieve-audit-logs-of-user-initiated-activity-by-api-for-an-org-or-group) to AWS CloudTrail Lake, which lets you run SQL-based queries on your logs and retain them for up to seven (7) years.
The AWS CloudTrail Lake integration lets you forward [Snyk audit logs](https://app.gitbook.com/s/IgtgtomLQ2TUgSKOMSAm/user-management/user-management-with-the-api/retrieve-audit-logs-of-user-initiated-activity-by-api-for-an-org-or-group) to AWS CloudTrail Lake, which lets you run SQL-based queries on your logs and retain them for up to seven years.

This integration can be configured to forward audit logs for a single Snyk Organization, or for a Snyk Group and all of its child Organizations. In either case, there are two steps required to set up the integration:

Expand All @@ -20,18 +20,18 @@ This integration sends logs beginning when you enable it. Logs generated before

Audit logs are captured when Snyk users perform actions on the Snyk platform, such as making changes to settings, adding other users, or accessing protected APIs. When you are setting up this integration, it is important to understand how audit logs are captured, based on how a customer's Snyk account is set up:

* For customers using Snyk with a single Snyk Organization (or with multiple disconnected Organizations), all audit logs are captured within the scope of the single Organization.
* For customers using Snyk with a single Snyk Organization (or with multiple disconnected Organizations), all audit logs are captured in the scope of the single Organization.
* For customers who have a Snyk Group with child Organizations, actions such as adding new Organizations to the group or adding users to the group are audited at the Group level, and are not typically associated with an Organization.

This integration supports both use cases:

1. Integrate CloudTrail Lake with a single Snyk Organization
1. All audit logs associated directly with that Organization will be sent to CloudTrail Lake.
1. All audit logs associated directly with that Organization are sent to CloudTrail Lake.
2. If the Organization has a parent Group, actions taken on that Group **a**re not sent to CloudTrail Lake.
3. If the Organization has members who are also members of other Organizations and Groups, actions taken by those members will only be sent to CloudTrail Lake if they are directly associated with the Organization.
3. If the Organization has members who are also members of other Organizations and Groups, actions taken by those members are sent to CloudTrail Lake only if they are directly associated with the Organization.
2. Integrate CloudTrail Lake with a Snyk Group and all of its child Organizations
1. All audit logs associated with the Group or any of its child Organizations will be sent to CloudTrail Lake.
2. When new Organizations are added to the Group, audit logs for those Organizations will be sent automatically to CloudTrail Lake.
1. All audit logs associated with the Group or any of its child Organizations are sent to CloudTrail Lake.
2. When new Organizations are added to the Group, audit logs for those Organizations are sent automatically to CloudTrail Lake.

## Add a Snyk integration in AWS CloudTrail Lake

Expand All @@ -43,23 +43,23 @@ During the setup, you must supply an **External ID** for the integration. The va

### External ID for a Single Snyk Organization

If you are creating this integration for a single Snyk Organization, you will use your Snyk **Organization ID** as the **External ID.** You can find your Organization ID under Snyk **Organization Settings**.
If you are creating this integration for a single Snyk Organization, use your Snyk **Organization ID** as the **External ID.** You can find your Organization ID under Snyk **Organization Settings**.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
If you are creating this integration for a single Snyk Organization, use your Snyk **Organization ID** as the **External ID.** You can find your Organization ID under Snyk **Organization Settings**.
If you are creating this integration for a single Snyk Organization, use your Snyk **Organization ID** as the **External ID**. You can find your Organization ID under Snyk **Organization Settings**.


<div align="left"><figure><img src="../../.gitbook/assets/event_forwarding_aws_cloudtrail_lake_org_id.png" alt="Organization ID on Snyk Organization Settings page"><figcaption><p>Organization ID on Snyk Organization settings page</p></figcaption></figure></div>

Copy the value in the **Organization ID** field to the **External ID** field in the AWS CloudTrail Lake integration setup and continue following the instructions in the AWS CloudTrail Lake documentation.

### External ID for a Snyk group

If you are setting up this Organization for a Snyk Group, which will automatically include all child organizations, you will use your **Snyk Group ID** as the **External ID**. You can find your Group ID by clicking on the name of your Snyk group in the Snyk dashboard, and then navigating to the **Settings** page.
If you are setting up this Organization for a Snyk Group, which automatically includes all child Organizations, use your **Snyk Group ID** as the **External ID**. You can find your Group ID by clicking on the name of your Snyk group in the Snyk dashboard, and then navigating to the **Settings** page.

<figure><img src="../../.gitbook/assets/integrations-eventforwarding-groupid.png" alt="Group settings page"><figcaption><p>Group settings page</p></figcaption></figure>

Copy the value in the **Group ID** field to the **External ID** field in the AWS CloudTrail Lake integration setup and continue following the instructions in the AWS CloudTrail Lake documentation.

### CloudTrail Lake Channel ARN

When you are finished creating the Snyk integration in AWS CloudTrail Lake, copy the **Channel ARN** that is displayed on the integration page. You will need this for the next step.
When you are finished creating the Snyk integration in AWS CloudTrail Lake, copy the **Channel ARN** displayed on the integration page. You need this for the next step.

## Configure the integration in Snyk (single Organization)

Expand All @@ -77,11 +77,11 @@ After this step is complete, Snyk immediately begins forwarding audit logs to AW

## Snyk App authorization

If this is the first time you have set up an AWS CloudTrail Lake integration for your Organization, you will be prompted to complete the Snyk App authorization flow.
If this is the first time you have set up an AWS CloudTrail Lake integration for your Organization, Snyk prompts you to complete the Snyk App authorization flow.

<figure><img src="../../.gitbook/assets/integrations-eventforwarding-cloudtrail-auth.png" alt="Snyk App authorization" width="375"><figcaption><p>Snyk App authorization</p></figcaption></figure>

After completing the authorization flow you will be redirected to the settings page for the integration.
After completing the authorization flow, Snyk redirects you to the settings page for the integration.

## Configure the integration in Snyk (Snyk Group and child Organizations)

Expand Down Expand Up @@ -132,7 +132,7 @@ Select **Remove integration** and confirm that you want to remove the integratio

<figure><img src="../../.gitbook/assets/aws-ctl-6.png" alt="Remove integration button"><figcaption><p>Remove integration button</p></figcaption></figure>

This action removes Snyk’s configuration for this integration, which will prevent any further audit logs from being sent to AWS CloudTrail Lake. This does not remove the Snyk integration in AWS CloudTrail Lake. To do this, navigate to AWS CloudTrail Lake and delete the Snyk integration from the **Integration** list.
This action removes the Snyk configuration for this integration, which prevents any further audit logs from being sent to AWS CloudTrail Lake. This does not remove the Snyk integration in AWS CloudTrail Lake. To do this, navigate to AWS CloudTrail Lake and delete the Snyk integration from the **Integration** list.

## Remove an AWS CloudTrail Lake integration (Snyk Group and child Organizations)

Expand Down Expand Up @@ -161,7 +161,7 @@ Replace `<EVENT-DATA-STORE-ID>` with the ID of the event data store that is asso

## Understanding the log data

There are three (3) key fields to note when using the Snyk audit log data in AWS CloudTrail Lake.
There are three key fields to note when using the Snyk audit log data in AWS CloudTrail Lake.

`eventdata.useridentity`

Expand All @@ -173,4 +173,4 @@ This represents the type of audit event, for example, `api.access` or `org.cloud

`eventdata.additionaleventdata`

This field contains a raw JSON payload with more detailed information about the audit event. The content of the payload depends on the type of the event. For example, an API access event will include the accessed URL, while a settings change event will include before and after values for the changed setting.
This field contains a raw JSON payload with more detailed information about the audit event. The content of the payload depends on the type of the event. For example, an API access event includes the accessed URL, while a settings change event includes before and after values for the changed setting.
Loading