> ## Documentation Index
> Fetch the complete documentation index at: https://docs.rad.security/llms.txt
> Use this file to discover all available pages before exploring further.

# Snyk

> Configure Snyk integration with RAD Security to import application security findings and vulnerability data.

# Snyk Integration Setup

This guide walks you through gathering the information needed to configure a Snyk organization for use with RAD Security's Application Security connector.

Snyk is a SaaS application and cloud security platform. Once connected, RAD Security can import Snyk findings for correlation with runtime and cloud security data.

## Prerequisites

Before you begin, ensure you have:

<Check>
  * A Snyk tenant on the **Snyk Enterprise** plan
  * Access to your Snyk organization with a user account that has the **Org Admin**, **Group Admin**, or **Group Member** role
  * Access to a RAD Security workspace with integration permissions
</Check>

<Warning>
  **Enterprise plan required.** Due to restrictions on Snyk REST API access, a Snyk Enterprise plan is required to use Snyk as an Application Security provider in RAD Security.
</Warning>

<Note>
  **Service Account authentication only.** The RAD Security integration authenticates using Snyk's OAuth 2.0 Service Account flow (Client ID + Client Secret). Personal API Tokens are not supported.
</Note>

***

## Required Permissions

Ensure the role assigned to the service account includes the following Snyk permissions:

| Operation                              | Required Snyk Permissions                                   |
| -------------------------------------- | ----------------------------------------------------------- |
| Query applications                     | `org.project.read`                                          |
| Query application findings             | `org.read`, `org.project.read`, `org.project.snapshot.read` |
| Query findings across all applications | `org.read`, `org.project.read`, `org.project.snapshot.read` |
| Get application finding details        | `org.read`, `org.project.read`, `org.project.snapshot.read` |

***

## Step 1: Locate your Organization ID

<Steps>
  <Step title="Log in to Snyk">
    Sign in to Snyk with a user account that has the **Org Admin**, **Group Admin**, or **Group Member** role.
  </Step>

  <Step title="Select your organization">
    Select the organization you want to use with the RAD Security integration.
  </Step>

  <Step title="Open organization settings">
    Click **Settings** for the selected organization.
  </Step>

  <Step title="Copy the Organization ID">
    Scroll to the **Organization ID** section and copy the value to a safe location.
  </Step>
</Steps>

***

## Step 2: Create a Service Account

<Steps>
  <Step title="Open Service Accounts">
    From the organization settings, select **Service Accounts**.
  </Step>

  <Step title="Fill in the service account details">
    Enter a **Name** for the service account (e.g., "RAD Security AppSec") and select a role that encompasses all of the [required permissions](#required-permissions).
  </Step>

  <Step title="Select OAuth 2.0 Client Credentials">
    Under **Service account type**, select **OAuth 2.0 Client credentials**.

    <Warning>
      RAD Security only supports the OAuth 2.0 Client credentials service account type. API key service accounts and Personal API Tokens will not work with this integration.
    </Warning>
  </Step>

  <Step title="Create the service account">
    Click **Create service account**.
  </Step>

  <Step title="Copy the credentials">
    Immediately copy and save the following values:

    * **Client ID**
    * **Client Secret**

    <Warning>
      **Store these values now.** The Client Secret is only displayed once at creation time. If lost, you will need to create a new service account.
    </Warning>
  </Step>
</Steps>

***

## Step 3: Identify your Data Region

Your Snyk organization is hosted in one of several regional Snyk environments. You can determine your region from your Snyk URL and on the Snyk login page. For more detail, see the [Snyk regional hosting documentation](https://docs.snyk.io/snyk-data-and-governance/regional-hosting-and-data-residency#regional-urls).

RAD Security accepts the following data region values:

| Region            | Value        |
| ----------------- | ------------ |
| United States 01  | `SNYK-US-01` |
| United States 02  | `SNYK-US-02` |
| European Union 01 | `SNYK-EU-01` |
| Australia 01      | `SNYK-AU-01` |

***

## Step 4: Configure in RAD Security

Navigate to your RAD Security workspace and configure the Snyk integration with the following parameters:

| Parameter           | Required | Description                                              | Example                                |
| ------------------- | -------- | -------------------------------------------------------- | -------------------------------------- |
| **Client ID**       | Yes      | Client ID from the service account created in Step 2     | `abc123-def456-ghi789`                 |
| **Client Secret**   | Yes      | Client Secret from the service account created in Step 2 | `your-client-secret-here`              |
| **Organization ID** | Yes      | Organization ID gathered in Step 1                       | `xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx` |
| **Data Region**     | Yes      | Region where your Snyk organization is hosted            | `SNYK-US-01`                           |

***

## Verify Integration

After completing the setup, verify your integration is working:

1. Navigate to **Data Sources > Integrations > AppSec** in RAD Security
2. Locate your Snyk integration
3. Check the connection status shows as **Connected**
4. Verify application security findings are being synced

<Check>
  Your Snyk integration is now configured! RAD Security can now import Snyk findings for vulnerability management and correlation with runtime data.
</Check>

## What Data is Synced

Once configured, RAD Security will sync the following data from Snyk:

<AccordionGroup>
  <Accordion title="Applications" icon="grid-2">
    * Snyk projects and their metadata
    * Associated repositories and targets
    * Project organization structure
  </Accordion>

  <Accordion title="Security Findings" icon="shield-exclamation">
    * SAST findings (Snyk Code)
    * Open source vulnerabilities (Snyk Open Source)
    * Container image vulnerabilities (Snyk Container)
    * Infrastructure as Code issues (Snyk IaC)
  </Accordion>

  <Accordion title="Finding Details" icon="magnifying-glass">
    * Severity and CVSS scores
    * Affected files, packages, and line numbers
    * Vulnerability descriptions and references
    * Remediation recommendations
    * Finding status and history
  </Accordion>
</AccordionGroup>

## Use Cases

<CardGroup cols={2}>
  <Card title="Unified Vulnerability View" icon="shield-exclamation">
    Aggregate Snyk findings alongside runtime and cloud findings for a single view of application risk.
  </Card>

  <Card title="Shift-Left Correlation" icon="arrow-left">
    Correlate vulnerabilities discovered by Snyk in code and dependencies with runtime behavior observed by RAD Security.
  </Card>

  <Card title="Risk Prioritization" icon="list-ol">
    Prioritize Snyk findings based on runtime exposure, reachability, and blast radius.
  </Card>

  <Card title="Compliance Reporting" icon="file-certificate">
    Include Snyk findings in compliance and audit reporting generated from RAD Security.
  </Card>
</CardGroup>

## Troubleshooting

<AccordionGroup>
  <Accordion title="Authentication Failed" icon="triangle-exclamation">
    **Possible causes:**

    * Client ID or Client Secret copied incorrectly
    * Wrong service account type (API key instead of OAuth 2.0 Client credentials)
    * Service account was deleted or rotated
    * Credentials were used in the wrong Data Region

    **Solution:**

    * Verify Client ID and Client Secret were copied exactly (no extra spaces)
    * Confirm the service account type is **OAuth 2.0 Client credentials**
    * Ensure the Data Region matches the region where the organization is hosted
    * Create a new service account if the original is missing or its secret has been lost
  </Accordion>

  <Accordion title="Insufficient Permissions" icon="shield-exclamation">
    **Possible causes:**

    * Service account role missing required permissions
    * Role was changed after service account creation

    **Solution:**

    * Review the [Required Permissions](#required-permissions) table
    * Confirm the assigned role includes `org.read`, `org.project.read`, and `org.project.snapshot.read`
    * Update the role or assign a different role that covers the required permissions
  </Accordion>

  <Accordion title="Organization Not Found" icon="magnifying-glass-minus">
    **Possible causes:**

    * Wrong Organization ID supplied
    * Organization ID copied from the wrong organization
    * Data Region mismatch

    **Solution:**

    * Re-copy the Organization ID from **Settings → Organization ID** in Snyk
    * Confirm you are reading the setting from the correct organization
    * Ensure the Data Region matches the region where the organization is hosted
  </Accordion>

  <Accordion title="Enterprise Plan Required" icon="lock">
    **Possible causes:**

    * Snyk tenant is not on the Enterprise plan
    * REST API access is not enabled for the tenant

    **Solution:**

    * Confirm your Snyk tenant is on the Enterprise plan
    * Contact Snyk support to verify REST API access
    * Upgrade the tenant if required before retrying the integration
  </Accordion>

  <Accordion title="No Findings Syncing" icon="database-slash">
    **Possible causes:**

    * No projects or scans exist in the Snyk organization
    * Initial sync still in progress
    * API rate limits reached

    **Solution:**

    * Verify projects and findings exist in the Snyk organization
    * Allow up to 15 minutes for the initial sync to complete
    * Review the integration logs in RAD Security for errors
    * Monitor Snyk API usage for rate-limit errors
  </Accordion>
</AccordionGroup>

## Security Best Practices

<CardGroup cols={2}>
  <Card title="Use Service Accounts" icon="user-gear">
    Prefer a dedicated service account over user credentials so the integration survives user role or employment changes.
  </Card>

  <Card title="Least Privilege" icon="shield-halved">
    Assign a role that grants only the permissions listed in the Required Permissions table. Avoid broad administrative roles.
  </Card>

  <Card title="Rotate Credentials Regularly" icon="rotate">
    Periodically rotate the service account Client Secret as part of normal security hygiene.
  </Card>

  <Card title="Secure Credential Storage" icon="lock">
    Store Client ID and Client Secret in a secrets vault. Never commit them to source control.
  </Card>

  <Card title="Monitor Service Account Activity" icon="chart-line">
    Review Snyk audit logs to detect unusual activity by the integration service account.
  </Card>

  <Card title="Revoke Unused Accounts" icon="clipboard-list">
    Periodically review service accounts and delete any that are no longer in use.
  </Card>
</CardGroup>

## Additional Resources

<CardGroup cols={2}>
  <Card title="Snyk Service Accounts" icon="user-gear" href="https://docs.snyk.io/implementation-and-setup/enterprise-setup/service-accounts">
    Upstream documentation for Snyk service accounts
  </Card>

  <Card title="Authentication for API" icon="key" href="https://docs.snyk.io/snyk-api/authentication-for-api">
    Snyk documentation on API authentication
  </Card>

  <Card title="Regional Hosting & Data Residency" icon="globe" href="https://docs.snyk.io/snyk-data-and-governance/regional-hosting-and-data-residency#regional-urls">
    Snyk documentation on regional URLs and data residency
  </Card>

  <Card title="AppSec Integrations Overview" icon="shield-check" href="/rad-security/integrations/appsec/overview">
    Explore other Application Security integrations
  </Card>
</CardGroup>

## Next Steps

<CardGroup cols={2}>
  <Card title="Evidence Room" icon="vault" href="/rad-security/platform/evidence-room">
    View and analyze security findings
  </Card>

  <Card title="Runtime Security" icon="shield" href="/rad-security/integrations/runtime-security">
    Learn about RAD's container runtime security
  </Card>

  <Card title="RADBot" icon="robot" href="/rad-security/getting-started/radbot">
    Use RADBot to prioritize and remediate findings
  </Card>

  <Card title="Data Sources Overview" icon="database" href="/rad-security/integrations/data-sources">
    Explore all available data sources
  </Card>
</CardGroup>