Snyk Key
#
Description#
General- Documentation: https://support.snyk.io/hc/en-us/articles/360007584578-API-documentation
- Summary: Snyk is a cybersecurity company that offers various services to detect vulnerable dependencies in open-source libraries and containers as well as other security threats. It provides both an API and a CLI to test a package for issues. This detector aims at catching the API key used for authentication.
- IPs allowlist: This feature is not mentioned in the documentation.
- Scopes: No scopes are available. A unique personal API key is associated to an account.
#
Revoke the secretRevocation and rotation of the API key can be done from the account settings tab.
#
Check for suspicious activityA usage tab that shows number of scans on the period is available in the dashboard. This can help in detecting suspicious usage of API keys.
Snyk key
#
Details for Family: Api
Category: Code analysis
Company: Snyk
High recall: False
Validity check available: True
On-premise instances exist: False
Only valid secrets raise an alert: True
Minimum number of matches: 1
Occurrences found for one million commits: 0.18
Prefixed: False
PreValidators:
- type: FilenameBanlistPreValidator banlist_extensions: - ^ipynb$ - ^lock$ banlist_filenames: [] check_binaries: false include_default_banlist_extensions: true ban_markup: false- type: ContentWhitelistPreValidator patterns: - snyk
#
Examples- text: "url=https://snyk.io/api/v1/ Authorization: token c1427dab-3e2f-4439-8e73-26b3e5ce9f55" apikey: c1427dab-3e2f-4439-8e73-26b3e5ce9f55- text: "url=https://snyk.io/api/v1/ Authorization: token c1427dab-3e2f-4439-8e73-26b3e5ce9f55" apikey: c1427dab-3e2f-4439-8e73-26b3e5ce9f55 filename: some_file.md