Snyk Integration Setup
This guide walks you through gathering the information needed to configure a Snyk organization for use with RAD Security’s Application Security connector. Snyk is a SaaS application and cloud security platform. Once connected, RAD Security can import Snyk findings for correlation with runtime and cloud security data.Prerequisites
Before you begin, ensure you have:- A Snyk tenant on the Snyk Enterprise plan
- Access to your Snyk organization with a user account that has the Org Admin, Group Admin, or Group Member role
- Access to a RAD Security workspace with integration permissions
Service Account authentication only. The RAD Security integration authenticates using Snyk’s OAuth 2.0 Service Account flow (Client ID + Client Secret). Personal API Tokens are not supported.
Required Permissions
Ensure the role assigned to the service account includes the following Snyk permissions:| Operation | Required Snyk Permissions |
|---|---|
| Query applications | org.project.read |
| Query application findings | org.read, org.project.read, org.project.snapshot.read |
| Query findings across all applications | org.read, org.project.read, org.project.snapshot.read |
| Get application finding details | org.read, org.project.read, org.project.snapshot.read |
Step 1: Locate your Organization ID
Log in to Snyk
Sign in to Snyk with a user account that has the Org Admin, Group Admin, or Group Member role.
Step 2: Create a Service Account
Fill in the service account details
Enter a Name for the service account (e.g., “RAD Security AppSec”) and select a role that encompasses all of the required permissions.
Select OAuth 2.0 Client Credentials
Under Service account type, select OAuth 2.0 Client credentials.
Step 3: Identify your Data Region
Your Snyk organization is hosted in one of several regional Snyk environments. You can determine your region from your Snyk URL and on the Snyk login page. For more detail, see the Snyk regional hosting documentation. RAD Security accepts the following data region values:| Region | Value |
|---|---|
| United States 01 | SNYK-US-01 |
| United States 02 | SNYK-US-02 |
| European Union 01 | SNYK-EU-01 |
| Australia 01 | SNYK-AU-01 |
Step 4: Configure in RAD Security
Navigate to your RAD Security workspace and configure the Snyk integration with the following parameters:| Parameter | Required | Description | Example |
|---|---|---|---|
| Client ID | Yes | Client ID from the service account created in Step 2 | abc123-def456-ghi789 |
| Client Secret | Yes | Client Secret from the service account created in Step 2 | your-client-secret-here |
| Organization ID | Yes | Organization ID gathered in Step 1 | xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx |
| Data Region | Yes | Region where your Snyk organization is hosted | SNYK-US-01 |
Verify Integration
After completing the setup, verify your integration is working:- Navigate to Data Sources > Integrations > AppSec in RAD Security
- Locate your Snyk integration
- Check the connection status shows as Connected
- Verify application security findings are being synced
Your Snyk integration is now configured! RAD Security can now import Snyk findings for vulnerability management and correlation with runtime data.
What Data is Synced
Once configured, RAD Security will sync the following data from Snyk:Applications
Applications
- Snyk projects and their metadata
- Associated repositories and targets
- Project organization structure
Security Findings
Security Findings
- SAST findings (Snyk Code)
- Open source vulnerabilities (Snyk Open Source)
- Container image vulnerabilities (Snyk Container)
- Infrastructure as Code issues (Snyk IaC)
Finding Details
Finding Details
- Severity and CVSS scores
- Affected files, packages, and line numbers
- Vulnerability descriptions and references
- Remediation recommendations
- Finding status and history
Use Cases
Unified Vulnerability View
Aggregate Snyk findings alongside runtime and cloud findings for a single view of application risk.
Shift-Left Correlation
Correlate vulnerabilities discovered by Snyk in code and dependencies with runtime behavior observed by RAD Security.
Risk Prioritization
Prioritize Snyk findings based on runtime exposure, reachability, and blast radius.
Compliance Reporting
Include Snyk findings in compliance and audit reporting generated from RAD Security.
Troubleshooting
Authentication Failed
Authentication Failed
Possible causes:
- Client ID or Client Secret copied incorrectly
- Wrong service account type (API key instead of OAuth 2.0 Client credentials)
- Service account was deleted or rotated
- Credentials were used in the wrong Data Region
- Verify Client ID and Client Secret were copied exactly (no extra spaces)
- Confirm the service account type is OAuth 2.0 Client credentials
- Ensure the Data Region matches the region where the organization is hosted
- Create a new service account if the original is missing or its secret has been lost
Insufficient Permissions
Insufficient Permissions
Possible causes:
- Service account role missing required permissions
- Role was changed after service account creation
- Review the Required Permissions table
- Confirm the assigned role includes
org.read,org.project.read, andorg.project.snapshot.read - Update the role or assign a different role that covers the required permissions
Organization Not Found
Organization Not Found
Possible causes:
- Wrong Organization ID supplied
- Organization ID copied from the wrong organization
- Data Region mismatch
- Re-copy the Organization ID from Settings → Organization ID in Snyk
- Confirm you are reading the setting from the correct organization
- Ensure the Data Region matches the region where the organization is hosted
Enterprise Plan Required
Enterprise Plan Required
Possible causes:
- Snyk tenant is not on the Enterprise plan
- REST API access is not enabled for the tenant
- Confirm your Snyk tenant is on the Enterprise plan
- Contact Snyk support to verify REST API access
- Upgrade the tenant if required before retrying the integration
No Findings Syncing
No Findings Syncing
Possible causes:
- No projects or scans exist in the Snyk organization
- Initial sync still in progress
- API rate limits reached
- Verify projects and findings exist in the Snyk organization
- Allow up to 15 minutes for the initial sync to complete
- Review the integration logs in RAD Security for errors
- Monitor Snyk API usage for rate-limit errors
Security Best Practices
Use Service Accounts
Prefer a dedicated service account over user credentials so the integration survives user role or employment changes.
Least Privilege
Assign a role that grants only the permissions listed in the Required Permissions table. Avoid broad administrative roles.
Rotate Credentials Regularly
Periodically rotate the service account Client Secret as part of normal security hygiene.
Secure Credential Storage
Store Client ID and Client Secret in a secrets vault. Never commit them to source control.
Monitor Service Account Activity
Review Snyk audit logs to detect unusual activity by the integration service account.
Revoke Unused Accounts
Periodically review service accounts and delete any that are no longer in use.
Additional Resources
Snyk Service Accounts
Upstream documentation for Snyk service accounts
Authentication for API
Snyk documentation on API authentication
Regional Hosting & Data Residency
Snyk documentation on regional URLs and data residency
AppSec Integrations Overview
Explore other Application Security integrations
Next Steps
Evidence Room
View and analyze security findings
Runtime Security
Learn about RAD’s container runtime security
RADBot
Use RADBot to prioritize and remediate findings
Data Sources Overview
Explore all available data sources