Skip to main content

Snyk Key

Description#

General#

  • Documentation: https://support.snyk.io/hc/en-us/articles/360007584578-API-documentation
  • Summary: Snyk is a cybersecurity company that offers various services to detect vulnerable dependencies in open source libraries and containers as well as other security threats. It provides both an API and a CLI to test a package for issues. This detector aims at catching the API key used for authentication.
  • IPs allowlist: This feature is not mentioned in the documentation.
  • Scopes: No scopes are available. A unique personal API key is associated to an account.

Revoke the secret#

Revocation and rotation of the API key can be done from the account settings tab.

Check for suspicious activity#

A usage tab that shows number of scans on the period is available in the dashboard. This can help in detecting suspicious usage of API keys.

Details for Snyk key#

  • Family: Api

  • Category: Development tool

  • Company: Snyk

  • High recall: False

  • Validity check available: True

  • On-premise instances exist: False

  • Only valid secrets raise an alert: True

  • Minimum number of matches: 1

  • Occurrences found for one million commits: 0.81

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions:  - ^(cs|x|p|s|r|m)?html5?~?$  - ^[aps]?cssc?~?$  - ^ipynb$  - ^lock$  - ^mdx?~?$  - ^storyboard(c|er)?~?$  - ^xib$  banlist_filenames: []  check_binaries: false- type: ContentWhitelistPreValidator  patterns:  - snyk

Examples#

- text: "url=https://snyk.io/api/v1/ Authorization: token c1427dab-3e2f-4439-8e73-26b3e5ce9f55"  apikey: c1427dab-3e2f-4439-8e73-26b3e5ce9f55