Risk Spotlight Integrations
Integrate with External Platforms
There are two integration models: in-cluster (for Snyk) and API-based (all others). The installation instructions for each are different.
For Snyk: See the Snyk integration page.
For all others: Use the following steps:
Generate a Token for the Integration
From the left navigation bar, select Integrations > Risk Spotlight Integration.
The Spotlight Integration page appears, with a list of existing tokens and their expiry dates.
Click +Add Token.
Fill in the attributes and click Create Token.
- Name: Choose a name that indicates the integration with which the token is associated.
- Expiration: Select an expiration date (
1/3/6 months
;1 year
).
Copy the new token as it is displayed in the list.
Store the token in a safe place; it will not be visible or recoverable again.
To Renew a token at any time, click the Renew
button, reset the expiry, and confirm.
To Delete a token, click the X
beside the token name and confirm. This action will sever the integration between Sysdig and the 3rd-party tool.
Follow the Platform-Specific Integration Steps
Current integrations include:
- Check the prerequisites.
- Follow the third-party integration guide provided, adding the Sysdig token as prompted.
- Verify the integration in the third-party UI.
Integrate Sysdig Risk Spotlight with Snyk
Snyk.io vulnerability management workflow can consume Runtime Insights information to filter and prioritize detected vulnerabilities, following a similar approach as Risk Spotlight Integrations.
Integrate Sysdig Risk Spotlight with Docker Scout
Integrating Sysdig Secure into Docker Scout helps Docker Scout users prioritize vulnerabilities by indicating which images are active in runtime, and which packages are in use.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.