October 6, 20210 mins read
Today at SnykCon, we announced the early beta of Snyk Apps — new extensibility points that enable you to expand the Snyk platform to easily integrate into your specific workflows. With this new capability, our customers and partners can build apps for integrating Snyk into their tools and workflows in an easier and more secure way.
Our goal is to empower developers to embrace security. A big part of that is providing developers with the tools they need to extend Snyk to fit their specific needs. Our vision is for a fully extensible application security experience that ensures you are increasingly able to tune Snyk’s security automation to your specific workflows and that you are not constrained to security processes within the Snyk platform.
Snyk Apps is the first — and definitely not last — step in helping us accomplish this vision!
What are Snyk Apps?
A Snyk app enables you to extend, expand, and automate Snyk’s functionality to fit into your customized environment and workflow. An example app might automate Snyk’s application security testing as part of a build tool. Another example might be an app that streams Snyk’s security testing results into an incident management tool.
Snyk Apps turn integrations into first-class citizens of the Snyk platform and as such, have the following characteristics:
Snyk Apps are easy to build and use with a great UX for both authors and end users provisioning them.
Snyk Apps are based on the Snyk API. This means that integrations are inherently more stable and safer to use than before. A Snyk app will not, for example, break when a user accidentally deletes their personal API key!
Snyk Apps are more secure. Implementing OAuth 2.0, they have granular permissions that you define so they only get access to what they need.
Our customers and partners will be able to build their Snyk app using the existing API and the new version of the Snyk API also announced today at SnykCon — Snyk API v3. Based on the latest version of the OpenAPI specification, this new version was designed to provide you with a consistent, friendly, and easy-to-use API framework and introduces some pretty major improvements in comparison to the current version, including consistent versioning, pagination and caching, and dramatically improved performance.
Get started with your first Snyk app!
To help you build your first Snyk app, we’ve prepared a demo app that can be used to easily get started. The process itself is simple, and includes the following steps:
Clone the Demo Snyk App Github repository. The Demo App already includes an implementation of the OAuth 2.0 flow which allows users to seamlessly connect their Snyk accounts.
Use the provided script right from your terminal to register your app with Snyk. You will receive credentials for your app, a client Id, and a secret, which must be stored securely.
Modify the Demo App to suit your needs. The Snyk API documentation lists all of our available endpoints which can be used to display data and perform actions. Please note, Snyk apps were designed to be tied to a specific Snyk Org. Some API endpoints, such as those relevant to Groups, cannot be used for building the app.
More details on building a Snyk App can be found in our Snyk Apps documentation.
We are excited to provide our customers and partners with these new extensibility points and would love to invite you to begin building your own apps with these new capabilities.
Snyk Apps is currently in open beta and we look forward to collecting your feedback to help us improve as we proceed towards general availability expected early next year.