Cortex integrates with Snyk to help map vulnerabilities to services in the catalog and Scorecards.
Snyk is a vulnerability scanner used by many engineering teams to bolster security across the codebase. While Snyk as a standalone tool does a great job of surfacing vulnerabilities in your codebase, it can often be tough to map these issues back to actual services and their owners. Viewing vulnerabilities within the context of other important metrics your team cares about around security of services would typically involve creating an Excel sheet with manual data entry. No one wants to do that!
Cortex enhances the Snyk platform and enables you to start tracking vulnerabilities in Scorecards and the service catalog. You can start using Snyk by adding your org id / api key in your Cortex settings page (email email@example.com to get set up with a Cortex account if you don't have one)!
Cortex will then map services to the Snyk project associated with the repo directly in the service catalog. This allows you to quickly associate vulnerabilities to services, owners, and on-call info.
Cortex also enables you to grade the quality of your services using our Scorecards product. You can write rules in a Scorecard tracking data across services like:
For example, you can track whether your Tier 0 services have less than 5 high severity Snyk vulnerabilities and Cortex will give you a dashboard of which services are passing / failing along with who owns them.
The Snyk integration in Scorecards makes it easy to start grading the quality of your services using vulnerabilities found in your codebase! If you have any questions or need help setting up this integration, please email firstname.lastname@example.org.