snyk

star 1

Snyk developer security platform for vulnerability scanning across code (SAST), open source dependencies (SCA), containers, and infrastructure as code (IaC). Use when working with Snyk APIs, CLI, integrating Snyk into CI/CD, analyzing scan results, or managing security policies.

rthexton1964 By rthexton1964 schedule Updated 1/26/2026
play_arrow Run Skill in Manus View GitHub

name: snyk description: "Snyk developer security platform for vulnerability scanning across code (SAST), open source dependencies (SCA), containers, and infrastructure as code (IaC). Use when working with Snyk APIs, CLI, integrating Snyk into CI/CD, analyzing scan results, or managing security policies."

Snyk Developer Security

Overview

Snyk platform for finding and fixing vulnerabilities in code, dependencies, containers, and IaC.

Products

Product Scans Use Case
Snyk Code SAST Source code vulnerabilities
Snyk Open Source SCA Dependency vulnerabilities
Snyk Container Container images Image vulnerabilities
Snyk IaC Terraform, K8s, CloudFormation Misconfigurations

Authentication

import requests

SNYK_API_URL = "https://api.snyk.io/v1"
SNYK_REST_URL = "https://api.snyk.io/rest"

def snyk_headers(token: str) -> dict:
    return {"Authorization": f"token {token}", "Content-Type": "application/json"}

def snyk_rest_headers(token: str) -> dict:
    return {"Authorization": f"token {token}", "Content-Type": "application/vnd.api+json"}

CLI Usage

# Authenticate
snyk auth <token>

# Test for vulnerabilities
snyk test                           # Current project
snyk test --all-projects            # Monorepo
snyk test --severity-threshold=high # Filter by severity

# Code analysis (SAST)
snyk code test

# Container scanning
snyk container test <image>:<tag>
snyk container test --file=Dockerfile

# IaC scanning
snyk iac test                       # Current directory
snyk iac test terraform/            # Specific path
snyk iac test --rules=snyk-rules/   # Custom rules

# Monitor (upload to Snyk dashboard)
snyk monitor
snyk container monitor <image>:<tag>
snyk iac test --report

# Generate SBOM
snyk sbom --format=cyclonedx1.4+json
snyk sbom --format=spdx2.3+json

Organization & Projects

def get_orgs(token: str) -> list:
    """List organizations."""
    return requests.get(
        f"{SNYK_API_URL}/orgs",
        headers=snyk_headers(token)
    ).json().get("orgs", [])

def get_projects(token: str, org_id: str) -> list:
    """List projects in organization."""
    return requests.get(
        f"{SNYK_API_URL}/org/{org_id}/projects",
        headers=snyk_headers(token)
    ).json().get("projects", [])

def get_project_issues(token: str, org_id: str, project_id: str,
                       severity: list = None) -> dict:
    """Get issues for a project."""
    body = {"filters": {}}
    if severity:
        body["filters"]["severity"] = severity  # ["critical", "high", "medium", "low"]
    
    return requests.post(
        f"{SNYK_API_URL}/org/{org_id}/project/{project_id}/aggregated-issues",
        headers=snyk_headers(token),
        json=body
    ).json()

Vulnerability Analysis

def test_package(token: str, org_id: str, package_manager: str,
                 package_name: str, version: str) -> dict:
    """Test a single package for vulnerabilities."""
    return requests.get(
        f"{SNYK_API_URL}/test/{package_manager}/{package_name}/{version}",
        headers=snyk_headers(token),
        params={"org": org_id}
    ).json()

def test_requirements(token: str, org_id: str, requirements_content: str) -> dict:
    """Test Python requirements.txt content."""
    return requests.post(
        f"{SNYK_API_URL}/test/pip",
        headers=snyk_headers(token),
        params={"org": org_id},
        json={"files": {"target": {"contents": requirements_content}}}
    ).json()

def test_package_json(token: str, org_id: str, package_json: dict,
                      package_lock: dict = None) -> dict:
    """Test npm package.json."""
    files = {"target": {"contents": package_json}}
    if package_lock:
        files["additional"] = [{"contents": package_lock}]
    
    return requests.post(
        f"{SNYK_API_URL}/test/npm",
        headers=snyk_headers(token),
        params={"org": org_id},
        json={"files": files}
    ).json()

Container Scanning

def test_container_image(token: str, org_id: str, image: str, 
                         dockerfile: str = None) -> dict:
    """Test container image for vulnerabilities."""
    body = {"image": image}
    if dockerfile:
        body["dockerfile"] = dockerfile
    
    return requests.post(
        f"{SNYK_API_URL}/test/docker",
        headers=snyk_headers(token),
        params={"org": org_id},
        json=body
    ).json()

# Parse container scan results
def parse_container_vulns(result: dict) -> list:
    """Extract vulnerabilities from container scan."""
    vulns = []
    for issue in result.get("issues", {}).get("vulnerabilities", []):
        vulns.append({
            "id": issue.get("id"),
            "title": issue.get("title"),
            "severity": issue.get("severity"),
            "cvss_score": issue.get("cvssScore"),
            "package": issue.get("packageName"),
            "version": issue.get("version"),
            "fixed_in": issue.get("fixedIn"),
            "description": issue.get("description")
        })
    return vulns

IaC Scanning

def test_iac(token: str, org_id: str, files: dict) -> dict:
    """Test IaC files for misconfigurations."""
    return requests.post(
        f"{SNYK_API_URL}/test/iac",
        headers=snyk_headers(token),
        params={"org": org_id},
        json={"files": files}
    ).json()

# IaC issue severities and categories
IAC_CATEGORIES = [
    "access_control",
    "encryption",
    "logging",
    "network_security", 
    "secrets_management",
    "configuration"
]

Reporting & Export

def get_org_issues(token: str, org_id: str, severity: str = None,
                   issue_type: str = None) -> list:
    """Get all issues across organization."""
    params = {"version": "2024-04-22"}
    filters = []
    if severity:
        filters.append(f"severity={severity}")
    if issue_type:
        filters.append(f"type={issue_type}")  # vuln, license, configuration
    
    return requests.get(
        f"{SNYK_REST_URL}/orgs/{org_id}/issues",
        headers=snyk_rest_headers(token),
        params=params
    ).json().get("data", [])

def export_sbom(token: str, org_id: str, project_id: str, 
                format: str = "cyclonedx1.4+json") -> dict:
    """Export SBOM for a project."""
    return requests.get(
        f"{SNYK_REST_URL}/orgs/{org_id}/projects/{project_id}/sbom",
        headers=snyk_rest_headers(token),
        params={"version": "2024-04-22", "format": format}
    ).json()

Ignoring & Policy

def ignore_issue(token: str, org_id: str, project_id: str, issue_id: str,
                 reason: str, expires: str = None) -> dict:
    """Ignore a vulnerability."""
    body = {
        "ignorePath": "",
        "reason": reason,
        "reasonType": "not-vulnerable"  # not-vulnerable, wont-fix, temporary-ignore
    }
    if expires:
        body["expires"] = expires  # ISO date
    
    return requests.post(
        f"{SNYK_API_URL}/org/{org_id}/project/{project_id}/ignore/{issue_id}",
        headers=snyk_headers(token),
        json=body
    ).json()

CI/CD Integration

# GitHub Actions
- name: Snyk Security Scan
  uses: snyk/actions/node@master
  with:
    args: --severity-threshold=high
  env:
    SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

# GitLab CI
snyk_scan:
  image: snyk/snyk:node
  script:
    - snyk auth $SNYK_TOKEN
    - snyk test --severity-threshold=high
    - snyk monitor
Install via CLI
npx skills add https://github.com/rthexton1964/dotfiles --skill snyk
Repository Details
star Stars 1
call_split Forks 0
navigation Branch main
article Path SKILL.md
More from Creator
rthexton1964
rthexton1964 Explore all skills →