Snyk-Watcher: keep Snyk in sync
Welcome to Snyk API Wednesdays! This is our newest blog series that highlights the different ways the Snyk API is leveraged by our customers. Snyk’s extensibility and API enable developers to tune Snyk’s security automation to their specific workflows, ensuring both developer experience and consistent platform governance. We’re proud to start the series with a new open source tool called Snyk-Watcher, built by the Product Security team at Twilio to help them automate the process of importing projects into Snyk, at scale.
This article was originally published on the Twilio Blog.
The product security team at Twilio is responsible for securing all applications built by Twilio. We work with Engineering teams to help secure Twilio and our customers. We use Snyk, a cloud native application security platform, to make sure our code is secure at all stages of design and deployment.
Automation is the key to building security at scale, because it eliminates human error. When we automate, we catch more vulnerabilities. Snyk scans repositories automatically—that is, as long as you’ve told Snyk which ones to scan.
We needed a way to automate the process of keeping Snyk up to date with projects in our SCM, detecting when repositories are added, deleted, or renamed, and configuring Snyk automatically.
We created Snyk-Watcher, a GitHub App that listens to webhooks on the main branch for repository changes and pull requests. When a pull request is merged to main, Snyk-Watcher imports the project into Snyk for scanning. When a repository is created, deleted, or renamed, Snyk-Watcher triggers the appropriate actions in Snyk. These automated actions are facilitated by the Snyk API which can be used to integrate and automate Snyk’s various security functions.
With Snyk-Watcher, you don’t have to remember to add and remove projects from Snyk. It just happens. Today, we are open sourcing the tool, so you can automate the process of importing projects to keep your SCM and Snyk in sync.
To get started with Snyk-Watcher, check out the README here.