announcement
Introducing the new Snyk Source Plugin
Marcel Tyszkiewicz •
CloudQuery is an open source high performance data integration platform designed for security and infrastructure teams. Today, we are happy to announce the release of the new Snyk source plugin.
Snyk is a robust security and vulnerability detection tool that is well known in the cybersecurity domain. At CloudQuery we have had a plugin that allowed users to sync Snyk data for a while, but we recently rewrote it take advantage of Snyk's new REST API.
With the release of
v5.x.x
the CloudQuery Snyk Source Plugin supports fetching the following resources:- organizations into the
snyk_organizations
table, - projects into the
snyk_projects
table, - SBOM into the
snyk_sbom
table, - issues into the
snyk_issues
table, - audit logs into the
snyk_audit_logs
table, - container images into the
snyk_container_images
table, - custom base images into the
snyk_custom_base_images
table.
Let's look at a few use cases to help you get started.
Use cases #
Open critical vulnerabilities #
It's crucial to stay on top of known vulnerabilities in your code and especially so if they are critical. Use the query below to pull out all open critical issues in your code.
select
attributes->>'key' as key,
attributes->>'title' as title,
attributes->>'classes' as classes,
attributes->>'problems' as problems
from
snyk_issues
where
attributes->>'status' = 'open'
and attributes->>'effective_severity_level' = 'critical'
In this example we're using Postgres as our destination which allows us to use its advanced SQL querying methods.
Remember you can always add more filters. For example, to filter by vulnerability discovery date:
select
s.attributes->>'key' as key,
s.attributes->>'title' as title,
s.attributes->>'classes' as classes,
p->>'id' as problem_id,
p->>'type' as problem_type,
p->>'discovered_at' as problem_discovered_at
from
snyk_issues as s,
jsonb_array_elements(s.attributes->'problems') as p
where
s.attributes->>'status' = 'open'
and s.attributes->>'effective_severity_level' = 'critical'
and to_date(p->>'discovered_at', 'YYYY-MM-DD') = '2024-01-01'
Open SQL injection vulnerabilities #
SQL injection attacks are particularly nasty as your application can leak confidential data to attackers. To scan for open SQL injection vulnerabilities run this query:
select
attributes->>'key' as key,
attributes->>'title' as title,
attributes->>'classes' as classes,
attributes->>'problems' as problems
from
snyk_issues
where
attributes->>'status' = 'open'
and attributes->>'title' = 'SQL Injection'
Likewise, you can apply the filtering options used above.
Getting Started #
To get started syncing Snyk data, see the Snyk source plugin documentation for instructions.
Incremental audit logs #
To prevent repeated syncing of the same data CloudQuery supports incremental tables. We designed the
snyk_audit_logs
table to be incremental, as the size of audit logs can quickly get out of control.To take advantage of this feature be sure to add the
backend_options
field to your sync spec.For example, to sync from Snyk to Postgres you could use the following config (remember to update the versions and add your API key):
kind: source
spec:
name: snyk
path: cloudquery/snyk
registry: cloudquery
version: "v5.x.x"
tables:
- "snyk_audit_logs"
- "snyk_container_images"
- "snyk_custom_base_images"
- "snyk_issues"
- "snyk_organizations"
- "snyk_projects"
- "snyk_sbom"
destinations: ["postgresql"]
backend_options:
table_name: "cq_state_snyk"
connection: "@@plugins.postgresql.connection"
spec:
api_key: "${SNYK_API_KEY}"
---
kind: destination
spec:
name: postgresql
path: cloudquery/postgresql
registry: cloudquery
version: "v7.x.x"
spec:
connection_string: "${POSTGRES_DSN}"