OpsLevel Logo
Product
Developer portal
Software catalog
Understand your entire architecture at a glance
Standards
Your guide to safe, reliable software
Developer self-service
Empower developers to move faster, risk-free
Integrations
Connect your most powerful third-party tools
Use Cases
Ownership
Build accountability and clarity into your catalog
Standardization
Set and rollout best practices for your software
Developer Experience
Free up your team to focus on high-impact work
Customers
Resources
All Resources
Our full library of resources
Pricing
Flexible and designed for your unique needs
Podcast
Podcast
Conversations with technical leaders
Blog
Blog
DevOps resources, tips, and best practices
Demo
Demo
Videos of our product and features
Tech talk
Tech talk
Our POV on technical topics
Guide
Guide
Practical resources to roll out new programs and features
DocsLog In
Talk to usTry for free
No items found.
Share this
Table of contents
 
Resources
Blog

Integrate Snyk Scan Results with OpsLevel's Service Catalog

Product
Standardization
Developer
Platform engineer
Checks
Integration
Integrate Snyk Scan Results with OpsLevel's Service Catalog
John Laban
|
October 21, 2021
Integrate Snyk Scan Results with OpsLevel's Service Catalog

Snyk is rapidly becoming the de facto standard for businesses that want to build security into their continuous software development processes. And with their developer-first tooling and best-in-class security intelligence, it’s no surprise.

From open source and containers to your application code and infrastructure-as-code, Snyk has solutions for finding (and often fixing) security vulnerabilities across your stack. In any context, the insights surfaced by Snyk are valuable, whether critical vulnerabilities are found or not (we think the peace of mind resulting from no vulnerabilities detected is fantastic).

Microservice Complexity

But a reoccurring challenge in a microservices context is connecting the dots so that the correct service owners can quickly review (and act on) Snyk scan results. Shipping quality, secure services is always the goal, but amidst so many operational concerns, vulnerabilities can fall through the cracks.

Plus, platform, security, or SRE teams that are focused on security posture and best practices often struggle to assess the overall state of their architecture. With thousands of scans and hundreds of services, how can they easily identify which services and teams are out of compliance and falling behind?

Using Snyk scan results and OpsLevel checks together overcomes these challenges.

Snyk + OpsLevel

Combining these two solutions unlocks many benefits:

  • It’s clear if a service isn’t being scanned as expected
  • Check writers (e.g. platform or SRE teams) have fine-grained controls for evaluating scan results
  • Automatic reporting on which services and teams are out of compliance
  • Service owners never lose sight of their scan results (and know how urgently they need to address any open vulnerabilities)

And, for all users, reviewing scan results becomes easier and more meaningful thanks to the complete context provided by OpsLevel’s service catalog.

Mapping Vulns to Services

In order to integrate Snyk with OpsLevel, follow our documentation here. It uses OpsLevel’s extensible Custom Event Check framework to receive JSON payloads. To send the scan result JSON payloads, we recommend using Snyk’s CLI tool. An example script can be found in our docs.

Scan results are mapped to services by setting up a check. OpsLevel provides Snyk-specific templates (e.g. No Critical Vulns or Less than 5 Low Vulns) that you can use as a starting point.

You can also write your own with jq–for payload parsing and pass/fail logic–and Markdown plus Liquid–for formatting and templating of result messages.

Education and Prioritization

All checks in OpsLevel come with a natural place for check writers to explicitly educate service owners on what steps to take in order to pass a check, as well as explain why a particular check matters in the first place.

Incorporating Snyk scan results into OpsLevel’s Service Maturity model also makes prioritization clear for service owners. In addition to using the result message and notes sections of a check to give complete context, check writers can use the filters and levels in OpsLevel’s rubric to create a targeted, graduated approach to shipping more secure and mature services.

A service owner's view of their scan results, with more than 3 medium vulnerabilities
A service owner's view of their scan results, with more than 3 medium vulnerabilities


For example, the presence of high vulnerabilities in scan results may be a show-stopper for any customer-facing services, but much less concerning for internal-only services. Distinctions like this are quickly encoded in OpsLevel and then easily reviewed by service owners, so their time is always spent on the right operational or security tasks.

Automated Reporting

Individual check results guide service owners to the appropriate next steps for improving and securing their services. In aggregate, they can inform key stakeholders–platform teams or engineering management–on their organization’s current security posture.

Answering questions like which part of my application is most at risk? or what team is falling behind? is straightforward with OpsLevel’s check reports.

A top down view of all the relevant services' status for this check
A top down view of all the relevant services' status for this check: 1 passing, 1 failing, and 1 with no scan results.

Try OpsLevel + Snyk

If you’re already using Snyk, you’re on the right track towards shipping more secure services. If you haven’t tried Snyk, you can start using it for free. Then accelerate your security journey by embedding your scan results into a comprehensive service catalog. Request your OpsLevel demo today.

More resources

Blog
September 19, 2023
by
Fernando Villalba
The OpsLevel Developer Experience (DevEx) series. Part 1: What is DevEx?

Great developer experience (DevEx) is what you get when developers can easily achieve and maintain flow state at work. This article begins a series where we tackle all of the areas that affect flow state and impair your developer experience at your company and provide example metrics and suggestion to help you operate like a potential future unicorn.

Blog
August 31, 2023
by
OpsLevel
August 2023 release notes

This month included an update to our Service Maturity features—to give you even more flexibility—plus more sorting and syncing improvements. Read on to learn more!

Blog
May 31, 2023
by
Haley Hnatiw
May 2023 release notes

See what we’ve shipped in the month of May.

OpsLevel Logo
Subscribe
Join our newsletter to stay up to date on features and releases.
By subscribing you agree to with our Privacy Policy and provide consent to receive updates from our company.
SOC 2AICPA SOC
Product
Software CatalogMaturityIntegrationsSelf-serviceRequest a demo
Company
About usCareersContact UsCustomersPartnersSecurity
Resources
Docs
Blog
Demo
© 1999 J/K Labs Inc. All rights reserved.
Cookie Preferences
Terms of Use
Privacy Policy
Responsible Disclosure
By using this website, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Data Processing Agreement for more information.
Okay!