Standardswebhook + Snyk API

Snyk Integration

Vulnerability scan results correlated with deployment events and error spikes in TigerOps. Track CVE introduction, remediation velocity, and security posture alongside runtime observability.

Connect Snyk Book a Demo

Setup

How It Works

Configure Snyk Webhooks

Set up Snyk organization webhooks to forward scan events to TigerOps. TigerOps receives new vulnerability findings, issue status changes, and project scan completions in real time.

Map Projects to Services

In TigerOps, map Snyk project names to your service names. TigerOps correlates vulnerability events with runtime metrics from the corresponding services automatically.

Enable CI/CD Scan Export

Add the TigerOps Snyk exporter to your CI/CD pipeline. Export scan results as metrics to TigerOps after every build, tracking vulnerability counts, severity distributions, and fix rates over time.

Correlate with Deploy Events

TigerOps links Snyk scan results to deployment events. When a new CVE is introduced in a deploy, TigerOps surfaces the finding alongside the deploy marker on runtime metric timelines.

Capabilities

What You Get Out of the Box

CVE Introduction Tracking

Track when new CVEs enter your codebase via Snyk scans. TigerOps marks CVE introduction events on deployment timelines and correlates new vulnerabilities with runtime error rate changes.

Vulnerability Severity Metrics

Track open vulnerability counts by severity (critical, high, medium, low) per project and service over time. TigerOps dashboards show security debt accumulation trends and remediation velocity.

Exploit Availability Alerting

TigerOps fires priority alerts when Snyk marks a vulnerability as having a known exploit or proof-of-concept. Cross-reference exploitable CVEs with deployed service versions for immediate triage.

Fix Rate and SLA Tracking

Measure mean time to remediate (MTTR) per severity level. TigerOps tracks Snyk issue open/closed timestamps and generates SLA compliance reports for your vulnerability management program.

Dependency License Compliance

Ingest Snyk license compliance findings alongside vulnerability data. TigerOps surfaces license policy violations introduced by dependency updates and tracks compliance posture per service.

Security Posture Score Trending

TigerOps computes a per-service security posture score from Snyk open issue counts, severity distribution, and fix rates. Track posture trends over time and across your entire application portfolio.

Configuration

Snyk Webhook & CI/CD Integration

Configure Snyk webhooks and export scan metrics to TigerOps from your CI/CD pipeline.

snyk-tigerops.sh

#!/bin/bash
# Configure Snyk webhook for TigerOps

# 1. Create Snyk organization webhook
curl -X POST "https://api.snyk.io/v1/org/${SNYK_ORG_ID}/webhooks" \
  -H "Authorization: token ${SNYK_TOKEN}" \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://ingest.atatus.net/snyk/webhook",
    "secret": "'${TIGEROPS_API_KEY}'"
  }'

# 2. Export scan results from CI/CD (GitHub Actions example)
# .github/workflows/security.yml
# - name: Snyk scan and export to TigerOps
#   run: |
#     npx snyk test --json > snyk-results.json || true
#     curl -X POST https://ingest.atatus.net/snyk/scan-results \
#       -H "Authorization: Bearer ${TIGEROPS_API_KEY}" \
#       -H "Content-Type: application/json" \
#       -d @snyk-results.json \
#       -H "X-Service-Name: ${SERVICE_NAME}" \
#       -H "X-Deploy-SHA: ${GITHUB_SHA}"

# 3. Snyk metric export format for TigerOps:
# {
#   "service": "payment-api",
#   "commit_sha": "abc123",
#   "scan_type": "open-source",
#   "vulnerabilities": {
#     "critical": 0,
#     "high": 2,
#     "medium": 7,
#     "low": 12
#   },
#   "new_vulns": [{"id": "CVE-2024-1234", "severity": "high", "package": "lodash"}]
# }

FAQ

Common Questions

How does TigerOps receive Snyk vulnerability data?

TigerOps supports two ingestion methods: Snyk organization webhooks (real-time event delivery) and periodic Snyk REST API polling. Webhooks are recommended for real-time CVE introduction alerts; API polling is used for historical backfill.

Can TigerOps correlate a new Snyk CVE with the deployment that introduced it?

Yes. When Snyk finds a new vulnerability, TigerOps looks up the most recent deployment event for the affected service and links them. The deploy event is annotated with the CVE details on your metric and log timelines.

Does TigerOps support Snyk Container scans alongside code scans?

Yes. Snyk Container scan results (container image CVEs) are ingested alongside Snyk Open Source and Snyk Code findings. TigerOps maps container image vulnerabilities to the runtime services deploying those images.

Can TigerOps alert my team when a critical Snyk CVE is introduced?

Yes. Configure a TigerOps alert rule on Snyk events with severity=critical AND status=open. The alert fires within seconds of TigerOps receiving the Snyk webhook and routes to PagerDuty, Slack, or your incident management tool.

How does TigerOps handle Snyk projects across multiple organizations?

Configure a webhook per Snyk organization, each pointing to the same TigerOps workspace with an org_id tag. TigerOps stores the org_id as a label, allowing you to filter and compare security posture across multiple Snyk organizations.

Get Started

Know Exactly When a CVE Lands in Production

Real-time CVE tracking correlated with deploys, error spikes, and runtime behavior. Security and observability in one platform.

Start Free Talk to an Engineer