Ingest and enrich Snyk vulnerability findings with Dynatrace

Dynatrace integrates with Snyk to break the silos between DevSecOps teams by unifying security findings along the Software Development Lifecycle (SDLC) and enriching them with runtime context. Dynatrace allows you to ingest, visualize, prioritize, and automate security findings, helping to reduce noise from alerts and provide focused remediation to the issues that matter to your critical production environments.

Managing vulnerabilities in a fragmented world

In today’s complex digital landscape, managing vulnerabilities effectively is crucial for maintaining robust security. However, the challenge often lies in the fragmentation of vulnerability data across different systems and tools.

Dynatrace provides deep insights into application runtime, offering a detailed view of application performance and the runtime impact of potential vulnerabilities. At the same time, Snyk focuses on various artifacts, conducting comprehensive assessments of code and container repositories.

During the SDLC development phases, various artifacts of your applications are assessed for security issues from their code phase throughout the build and deploy phases until they run in your production.

With the number of security findings generated, your DevSecOps teams can become overwhelmed and miss important issues that directly impact your production services and applications. A good example is a critical severity vulnerability discovered in a build-time artifact, such as a container image that isn’t deployed and doesn’t impact your runtime. Your DevSecOps teams shouldn’t be distracted by such findings and should focus on vulnerabilities in your production application that are exposed to the internet and present a real risk.

The Dynatrace solution

Dynatrace addresses these issues by providing unified security event ingest and analysis for security findings across tools and products. The ingested events are stored in the semantic dictionary format, which allows you to efficiently visualize, analyze, and automate the orchestration of security findings in a unified and product-independent way.

In addition, with runtime entity contextualization, security findings can be mapped to monitored entities. This runtime context can be used to better prioritize the findings based on runtime properties, such as focusing only on vulnerabilities affecting production applications.

Integration with Snyk

Dynatrace delivers Snyk integration as an extension that allows granular control over the data flow between Snyk and the Dynatrace platform.

• Snyk issues and audit logs are fetched periodically and pushed to Dynatrace via a dedicated security event ingestion endpoint.
• Events are processed, mapped to the Dynatrace Semantic Dictionary in OpenPipeline™, and stored in the Dynatrace Grail™ data lakehouse.
• With sample dashboards and workflows, users can start prioritizing and automating the orchestration of Snyk vulnerabilities.

As part of the integration, we provide a couple of ready-made documents to serve as a starting point for your data analysis and automation use cases.

Use case: Runtime contextualization of container findings

Use case: Visualize and analyze security findings

Use case: Discover coverage gaps in security scans

Use case: Automate and orchestrate security findings

“This integration complements the value Snyk AppRisk provides to the development teams, connecting the observability insights with the security findings. With the bi-directional integration, SREs and cloud teams now get security insights within the observability context in the Dynatrace Platform. The shared goal is to focus the DevSecOps teams and make them more efficient when addressing security issues.”

Jack Ryan, Partner Solutions Engineer at Snyk

Get started

With Dynatrace integration with Snyk, you can gain control over your security findings and help your DevSecOps teams focus their remediation efforts.

For more details about the prerequisites and the setup instructions, please visit Dynatrace Documentation, Ingest Snyk vulnerability findings, scans, and audit logs.

^{Dynatrace and the Dynatrace logo are trademarks of the Dynatrace, Inc. group of companies. All other trademarks are the property of their respective owners.}