announcement

Introducing the new Snyk Source Plugin

Marcel Tyszkiewicz • February 29, 2024

CloudQuery is an open source high performance data integration platform designed for security and infrastructure teams. Today, we are happy to announce the release of the new Snyk source plugin.

Snyk is a robust security and vulnerability detection tool that is well known in the cybersecurity domain. At CloudQuery we have had a plugin that allowed users to sync Snyk data for a while, but we recently rewrote it take advantage of Snyk's new REST API.

With the release of v5.x.x the CloudQuery Snyk Source Plugin supports fetching the following resources:

organizations into the snyk_organizations table,
projects into the snyk_projects table,
SBOM into the snyk_sbom table,
issues into the snyk_issues table,
audit logs into the snyk_audit_logs table,
container images into the snyk_container_images table,
custom base images into the snyk_custom_base_images table.

Let's look at a few use cases to help you get started.

Use cases #

Open critical vulnerabilities #

It's crucial to stay on top of known vulnerabilities in your code and especially so if they are critical. Use the query below to pull out all open critical issues in your code.

select
    attributes->>'key' as key,
    attributes->>'title' as title,
    attributes->>'classes' as classes,
    attributes->>'problems' as problems
from
    snyk_issues
where
    attributes->>'status' = 'open'
    and attributes->>'effective_severity_level' = 'critical'

In this example we're using Postgres as our destination which allows us to use its advanced SQL querying methods.

Remember you can always add more filters. For example, to filter by vulnerability discovery date:

select
    s.attributes->>'key' as key,
    s.attributes->>'title' as title,
    s.attributes->>'classes' as classes,
    p->>'id' as problem_id,
    p->>'type' as problem_type,
    p->>'discovered_at' as problem_discovered_at
from
    snyk_issues as s,
    jsonb_array_elements(s.attributes->'problems') as p
where
    s.attributes->>'status' = 'open'
    and s.attributes->>'effective_severity_level' = 'critical'
    and to_date(p->>'discovered_at', 'YYYY-MM-DD') = '2024-01-01'

Open SQL injection vulnerabilities #

SQL injection attacks are particularly nasty as your application can leak confidential data to attackers. To scan for open SQL injection vulnerabilities run this query:

select
    attributes->>'key' as key,
    attributes->>'title' as title,
    attributes->>'classes' as classes,
    attributes->>'problems' as problems
from
    snyk_issues
where
    attributes->>'status' = 'open'
    and attributes->>'title' = 'SQL Injection'

Likewise, you can apply the filtering options used above.

Getting Started #

To get started syncing Snyk data, see the Snyk source plugin documentation for instructions.

Incremental audit logs #

To prevent repeated syncing of the same data CloudQuery supports incremental tables. We designed the snyk_audit_logs table to be incremental, as the size of audit logs can quickly get out of control.

To take advantage of this feature be sure to add the backend_options field to your sync spec.

For example, to sync from Snyk to Postgres you could use the following config (remember to update the versions and add your API key):

kind: source
spec:
  name: snyk
  path: cloudquery/snyk
  registry: cloudquery
  version: "v5.x.x"
  tables:
    - "snyk_audit_logs"
    - "snyk_container_images"
    - "snyk_custom_base_images"
    - "snyk_issues"
    - "snyk_organizations"
    - "snyk_projects"
    - "snyk_sbom"
  destinations: ["postgresql"]
  backend_options:
    table_name: "cq_state_snyk"
    connection: "@@plugins.postgresql.connection"
  spec:
    api_key: "${SNYK_API_KEY}"
---
kind: destination
spec:
  name: postgresql
  path: cloudquery/postgresql
  registry: cloudquery
  version: "v7.x.x"
  spec:
    connection_string: "${POSTGRES_DSN}"