Importing projects via the API
We’ve just released a shiny new API endpoint that will let you import your repositories, projects, functions and apps so that they are monitored for vulnerabilities.
It’s really very simple to use. You make a request with the integration you wish to import from (e.g. GitHub) and the repo/project/function/app you wish to target (e.g. the specific GitHub repo), and we do the rest. You can optionally specify files that you wish us to scan for vulnerabilities, such as
Gemfile.lock, otherwise we’ll scan all dependency files we can find (scan depth differs by integration).
This API call is asynchronous, due to the time it can take to complete an import. It’ll return a 201 response with a location header specifying the endpoint to query for status updates on the import job.
We’ve had a lot of customers asking us for a way to programmatically import projects into Snyk, so we’re really excited to see how people use the import API to better integrate Snyk into their current systems. Once you’ve taken the import API for a test drive, please let us know your thoughts so that we can understand how we can improve it in the future!
Some of our customers have automated the creation of repositories, and they’ll be using this API to ensure that all new repositories automatically get monitored for security vulnerabilities or license policy violations.
A common request is to automatically import new repositories and serverless applications as they are created, so to help you get started, we put together a little codebase showing a simple example using the GitHub repos API to list all repos modified since a point in time, and import them into Snyk.
This is available as an npm module, so with a single command you can import a day’s worth of new or modified repos:
$ npm install -g snyk-github-import $ snyk-github-import --orgId=c0caaa2f-6c04-4be3-876b-c72553a5551f --integrationId=ab4633ac-e6bb-4d27-854a-328c0f33c3e8 --githubToken=212312cq1bfb1bcfb13042ff5a13d01ab12f12f4
As an example, by setting up a Cron job, you could use this script to auto-import repos on a regular basis. You can also use it to programmatically set up new organisations with all the codebases you wish to monitor.