Snyk Static Application Security Testing (SAST) data ingestion - How Cortex Cloud ingests, normalizes, and displays SAST data from Snyk - Administrator Guide - Cortex Cloud Posture Management - Cortex CLOUD

Cortex Cloud Posture Management Documentation
Product
Cortex Cloud Application Security > Cortex CLOUD
License
Cloud Posture Management
Creation date
2025-01-22
Last date published
2026-06-04
Category
Administrator Guide
Abstract

How Cortex Cloud ingests, normalizes, and displays SAST data from Snyk

What Snyk SAST integration delivers

The Snyk integration enables automated ingestion of Snyk scan results into Cortex Cloud. The ingested findings appear alongside findings from other third-party integrations (such as Semgrep).

Key benefits

  • Centralizing Snyk findings: Snyk SAST findings are normalized into the same data model as other vendor code weakness findings, enabling unified triage, policy enforcement, and reporting

  • Extending Coverage visibility: The AppSec Coverage page displays a dedicated Snyk column that indicates which repositories have Snyk SAST scanning enabled and a Code Weaknesses column that reflects aggregate SAST scanning status

  • Enabling policy enforcement: Snyk SAST findings are evaluated against Application Security policies, enabling block actions on PRs and CI pipelines based on SAST-detected code weaknesses

View SAST issues generated from ingested Snyk findings

Issues generated from Snyk findings are displayed in the Code Weaknesses issues table: Navigate to ModulesApplication SecurityCode Weaknesses.

The table displays all code weakness issues across all data sources, including Snyk, although you cannot filter specifically for Snyk-related issues. To identify Snyk-originated vulnerability issues, use one of the following options:

  • Identify Snyk-origin issues in the issue side panel

    1. Open any vulnerability issue by selecting the row.

    2. In the issue side panel, locate the Scanner field in the impact fields section, which identifies Snyk as the originating scanner.

  • Identify Snyk-origin findings:

    1. Switch to the Findings tab (using the control at the top of the Code Weaknesses page).

    2. Select a row.

    3. View Snyk as the Data Sources in the side panel to isolate Snyk-originated findings.

  • Navigate from the AppSec Coverage page

    1. Navigate to ModulesApplication SecurityAppSec Coverage.

    2. The Code Weaknesses coverage column reflects the aggregate SAST scanning status, which all third-party SAST integrations such as Semgrep, Snyk and so on.

    3. Filter by Is scanned by Snyk = true to identify repositories with active Snyk scanning.

    4. Select a repository to drill down (including issues, findings cases and so on).