Integrate Sysdig Risk Spotlight with Snyk

Snyk.io vulnerability management workflow can consume Runtime Insights information to filter and prioritize detected vulnerabilities, following a similar approach as Risk Spotlight Integrations.

The Risk Spotlight integration enables Snyk to ingest and correlate Sysdig’s In-Use package context, enhancing prioritization. Note: This integration currently supports only Kubernetes clusters.

Prerequisites

Ensure you have an active account and valid license for:
- Snyk
- Sysdig Secure
Verify that In-Use results appear in your Sysdig screen:
See Vulnerabilities > Findings > Runtime. If no in-use results are generated, they cannot be forwarded to Snyk.

Installation Instructions

Both the Sysdig Agent and the Snyk Controller must be installed and interconnected in the same clusters. To interconnect them, a specific set of secrets must be configured for the Snyk Controller.

If the Sysdig Agent is not installed, install it by using the Sysdig Agent Install Guide or the Cluster Shield Installation Docs.

If the Snyk Controller is not installed, install it by using the Snyk Documentattion.

Install the Snyk Controller (sample command)

   kubectl create secret generic snyk-monitor -n snyk-monitor \
         --from-literal=dockercfg.json={} \
         --from-literal=integrationId=abcd1234-abcd-1234-abcd-1234abcd1234 \
         --from-literal=serviceAccountApiToken=bdca4123-dbca-4343-bbaa-1313cbad4231

   helm upgrade --install snyk-monitor snyk-charts/snyk-monitor \
               --namespace snyk-monitor \
               --set clusterName="Production cluster"

Once both components are installed in the same cluster, follow the Snyk Integration Docs for Sysdig to initialize the secrets required for the connection, and eventually upgrade your Snyk installation.

Initialize secrets (sample command)

   kubectl create secret generic snyk-sysdig-secret -n snyk-monitor \
   --from-literal=token=$SYSDIG_RISK_SPOTLIGHT_TOKEN \
   --from-literal=endpoint=$SYSDIG_ENDPOINT_URL \
   --from-literal=cluster=$SYSDIG_AGENT_CLUSTER

Upgrade the Snyk Controller (sample command)

   helm upgrade --install snyk-monitor snyk-charts/snyk-monitor \
   --namespace snyk-monitor \
   --set clusterName="Production cluster" \
   --set sysdig.enabled=true

Wait about 30 minutes for Snyk to collect all the information from Sysdig. Then, in your browser, go to Snyk Console Integrations > Container Orchestration > Kubernetes and re-import all the clusters/namespaces you want to enrich.

Verifying Integration Results in the Snyk UI

Runtime vulnerabilities should be enriched with the “Executed at Runtime” label in the Snyk UI:

Troubleshooting

Check Snyk-Monitor pod logs to see if Sysdig information is being captured successfully.

Feedback

Was this page helpful?

Glad to hear it! Please tell us how we can improve.

Sorry to hear that. Please tell us how we can improve.