Risk Spotlight Integrations

Sysdig has a simplified way to integrate third-party tools with Risk Spotlight and In Use features.

Integrate with External Platforms

There are two integration models: in-cluster (for Snyk) and API-based (all others). The installation instructions for each are different.


From Sysdig Agent v 12.15+, Profiling and Risk Spotlight are automatically enabled.

To enable or disable manually, see Profiling.

Generate a Token for the Integration

  1. From the left navigation bar, select Integrations > Risk Spotlight Integration.

    The Spotlight Integration page appears, with a list of existing tokens and their expiry dates.

  2. Click +Add Token.

  3. Fill in the attributes and click Create Token.

    • Name: Choose a name that indicates the integration with which the token is associated.
    • Expiration: Select an expiration date (1/3/6 months; 1 year).
  4. Copy the new token as it is displayed in the list.

    Store the token in a safe place; it will not be visible or recoverable again.

To Renew a token at any time, click the Renew button, reset the expiry, and confirm.

To Delete a token, click the X beside the token name and confirm. This action will sever the integration between Sysdig and the 3rd-party tool.

Follow the Platform-Specific Integration Steps

Current integrations include:

Docker Scout

  • Check the prerequisites.
  • Follow the third-party integration guide provided, adding the Sysdig token as prompted.
  • Verify the integration in the third-party UI.
Topics in This Section
Integrate Sysdig Risk Spotlight with Snyk

Snyk.io vulnerability management workflow can consume Runtime Insights information to filter and prioritize detected vulnerabilities, following a similar approach as Risk Spotlight Integrations.

Integrate Sysdig Risk Spotlight with Docker Scout

Integrating Sysdig Secure into Docker Scout helps Docker Scout users prioritize vulnerabilities by indicating which images are active in runtime, and which packages are in use.