Skip to main content

Overview

Snyk is a developer security platform covering open source dependencies (SCA), container images, infrastructure as code, and code (SAST). The Pwnbook Snyk integration imports findings from your Snyk organization so you can review and track them alongside other engagement findings.

Prerequisites

  • A Snyk account (Free, Team, or Enterprise)
  • A Snyk API token
  • Your Snyk organization ID
  • Admin or Owner access in Pwnbook to configure the integration

Credentials required

FieldDescription
API TokenA Snyk personal or service account token. Generate one at Snyk Account Settings → General → Auth Token.
Organization IDThe UUID of your Snyk organization. Found at Snyk Organization Settings → General.

Setup

1

Generate a Snyk API token

  1. Log in to snyk.io.
  2. Click your account name → Account Settings.
  3. Under General, copy your Auth Token.
For team or enterprise environments, create a service account token instead:
  1. Go to Organization Settings → Service Accounts.
  2. Click Create a service account.
  3. Give it a name (e.g., pwnbook) and assign the Viewer role.
  4. Copy the generated token.
Service account tokens are preferred for integrations because they aren’t tied to a personal account and have finer-grained permissions.
2

Find your organization ID

  1. In Snyk, go to Organization Settings → General.
  2. Copy the Organization ID (UUID format).
If you have multiple Snyk orgs, repeat the integration setup for each one.
3

Configure the integration in Pwnbook

  1. Go to Organization Settings → Marketplace → Snyk.
  2. Click Configure.
  3. Enter your API Token and Organization ID.
  4. Click Save & Test.

What gets synced

DataDescription
Open source vulnerabilitiesCVEs in npm, pip, Maven, Go, and other package managers
Container vulnerabilitiesBase image and package vulnerabilities in Docker/OCI images
IaC misconfigurationsSecurity issues in Terraform, CloudFormation, and Kubernetes manifests
Code issuesSAST findings from Snyk Code
SeverityCritical, high, medium, low
CVE / CWEStandard identifiers with CVSS scores
Fix availabilityWhether a fix version exists and what it is
Exploit maturityProof-of-concept or in-the-wild exploit availability

Viewing findings in Pwnbook

Synced Snyk findings appear in the engagement under Security Findings → Snyk. You can:
  • Filter by severity, issue type, and project
  • View CVSS scores, CVE details, and fix recommendations
  • Assign findings to tasks
  • Mark findings as resolved or suppressed

Disconnecting

To remove the Snyk integration:
  1. Go to Organization Settings → Marketplace → Snyk.
  2. Click Disconnect.
  3. Confirm.
Previously synced findings remain in Pwnbook until manually deleted.