Snyk Key

Description

General

• Documentation: https://support.snyk.io/hc/en-us/articles/360007584578-API-documentation
• Summary: Snyk is a cybersecurity company that offers various services to detect vulnerable dependencies in open-source libraries and containers as well as other security threats. It provides both an API and a CLI to test a package for issues. This detector aims at catching the API key used for authentication.
• IPs allowlist: This feature is not mentioned in the documentation.
• Scopes: No scopes are available. A unique personal API key is associated to an account.

Revoke the secret

Revocation and rotation of the API key can be done from the account settings tab.

Check for suspicious activity

A usage tab that shows number of scans on the period is available in the dashboard. This can help in detecting suspicious usage of API keys.

Details for Snyk key

• Family: Api

• Category: Code analysis

• Company: Snyk

• High recall: False

• Validity check available: True

• On-premise instances exist: False

• Only valid secrets raise an alert: True

• Minimum number of matches: 1

• Occurrences found for one million commits: 0.27

• Prefixed: False

• PreValidators:

- type: FilenameBanlistPreValidator
  banlist_extensions:
    - ^ipynb$
    - ^lock$
  banlist_filenames: []
  check_binaries: false
  include_default_banlist_extensions: true
  ban_markup: false
- type: ContentWhitelistPreValidator
  patterns:
    - snyk

Examples

- text: 'url=https://snyk.io/api/v1/ Authorization: token c1427dab-3e2f-4439-8e73-26b3e5ce9f55'
  apikey: c1427dab-3e2f-4439-8e73-26b3e5ce9f55
- text: 'url=https://snyk.io/api/v1/ Authorization: token c1427dab-3e2f-4439-8e73-26b3e5ce9f55'
  apikey: c1427dab-3e2f-4439-8e73-26b3e5ce9f55