- Documentation: https://support.snyk.io/hc/en-us/articles/360007584578-API-documentation
- Summary: Snyk is a cybersecurity company that offers various services to detect vulnerable dependencies in open-source libraries and containers as well as other security threats. It provides both an API and a CLI to test a package for issues. This detector aims at catching the API key used for authentication.
- IPs allowlist: This feature is not mentioned in the documentation.
- Scopes: No scopes are available. A unique personal API key is associated to an account.
Revocation and rotation of the API key can be done from the account settings tab.
A usage tab that shows number of scans on the period is available in the dashboard. This can help in detecting suspicious usage of API keys.
Category: Code analysis
High recall: False
Validity check available: True
On-premise instances exist: False
Only valid secrets raise an alert: True
Minimum number of matches: 1
Occurrences found for one million commits: 0.18
- type: FilenameBanlistPreValidator banlist_extensions: - ^ipynb$ - ^lock$ banlist_filenames:  check_binaries: false include_default_banlist_extensions: true ban_markup: false- type: ContentWhitelistPreValidator patterns: - snyk
- text: "url=https://snyk.io/api/v1/ Authorization: token c1427dab-3e2f-4439-8e73-26b3e5ce9f55" apikey: c1427dab-3e2f-4439-8e73-26b3e5ce9f55- text: "url=https://snyk.io/api/v1/ Authorization: token c1427dab-3e2f-4439-8e73-26b3e5ce9f55" apikey: c1427dab-3e2f-4439-8e73-26b3e5ce9f55 filename: some_file.md