• Overview
  • Documentation
  • Version history

Description

  • The Snyk plugin scans Github, GitLab, or BitBucket repositories and pulls security alerts into HCL Accelerate. This vulnerability information is available as various metrics and charts in the metrics bar and dashboard. In addition, you can leverage these values in your pipeline for automated gates and deployments.
  • The Snyk Plugin works with existing GitHub plugin GitLab plugin , and BitBucket plugin to scan and link against known repositories. It's recommended to install and configure the existing GitHub, GitLab, or BitBucket plugin before you install the Snyk plugin.
  • Snyk scan should be performed on the repositories and should have separate projects. Automated pull requests generated by Snyk will be also visible in the Value Stream.

Quick Info

Product icon

Product

DevOps Velocity (HCL Accelerate)
Plugin type icon

Type

plugin
Compatibility icon

Compatibility

HCL Accelerate version 2.4.x or later
created by icon

Created by

HCLSoftware
Website icon

Website

Published Date

Last Updated

Summary

The Snyk plugin imports repository vulnerability data from Snyk server into HCL Accelerate. It scans for existing GitHub, Gitlab, or BitBucket integrations and retrieves data only for those particular repositories. The Plugin works on organisational level and imports data for entire organisation. It can import data from multiple organisations.

Compatibility

This plugin is compatible with HCL Accelerate version 2.4.x or later. The plugin works on top of GitHub, Gitlab, or BitBucket Plugin so at least one integration should be already there .

 

Usage

To use the Snyk plugin, the plugin must be loaded only if you have an existing GitHub, GitLab, or BitBucket integration . The Snyk data is imported only if Snyk scan is performed on the repositories .

Integration type

The Snyk plugin supports scheduled event integration which are listed in the following table.

Scheduled events
Name Description

SyncSnykDataEvent

Queries the Snyk data for the organisation.

Integration

The method to integrate the plugin:

  • Using the user interface

The tables in the Configuration properties topic describe the properties used to define the integration.

Using the user interface

  • From the Plugins page, click Settings > Integrations > Plugins.
  • Under the Action column for the plugin, click Add Integration.
  • On the Add Integration page enter values for the fields used to configure the integration and define communication.
  • Click Save.

Configuration Properties

The following tables describe the properties used to configure the integration.

  • The General Configuration Properties table describes configuration properties used by all plugin integrations.
  • The Snyk Plugin Configuration Properties table describes the Snyk configuration properties that define the connection and communications with the Snyk server.

Some properties might not be displayed in the user interface, to see all properties enable the Show Hidden Properties field.

General Configuration properties
Name Description Required Property Name
Integration Name An assigned name to the value stream. Yes name
Logging Level The level of Log4j messages to display in the log file. Valid values are: all, debug, info, warn, error, fatal, off, and trace. No loggingLevel
HCL Accelerate User Access Key An auto-generated user access key provides credentials for communicating with the HCL Accelerate server. Yes NA

 

 

 

 

Snyk Plugin Properties
Name Type Description Required
Personal Access Token String The token to use to authenticate with the Snyk server. Yes

Organisation IDs

String At least one Snyk organisation ID should be provided . For adding multiple IDs , separate IDs by a line . Yes

Project Names

String Add Snyk project names to run plugin for specific projects (line separated) . By default it will get data for all projects in the organisation . No

    Version

  • 1.0.1

ucv-ext-snyk:1.0.1.tar

Uploaded: 29-Apr-2022 06:37

Pull Command

docker pull hclcr.io/accelerate/ucv-ext-snyk:1.0.1
 

Release Notes

  • Imports Snyk vulnerability data
  • Works with GitHub, GitLab and Bitbucket integrations
  • Vulnerabilities will be displayed as Application vulnerabilities in metrics bar

Related Plugins