Documentation

Heroku Integration

Connecting Snyk to Heroku

In order for Snyk to be able to monitor your deployed Heroku applications, you’ll first need to connect Snyk to your Heroku account. You can do this by navigating to the Integrations page and clicking on “Connect to Heroku”.

Screenshot of the Integrations page for Snyk

This will take you to a page where you’ll be prompted to enter your Heroku API Key. There is only one API Key per Heroku user so we recommend setting up a dedicated user for your Snyk organization.

Screenshot of the form for entering your Heroku credentials

Instructions for how to generate and locate your Heroku API key are below.

Generating your Heroku API Key

You can find and generate your Heroku API key in your “Account Settings” section of your Heroku Account.

Alternatively, you can use the Heroku CLI to generate your API key and copy it directly to your clipboard:

heroku auth:token | pbcopy

From there you can login to your Snyk account and paste in your Heroku credentials.

Adding Heroku Projects to Snyk

Once you’ve successfully connected Snyk to your Heroku account, you’ll be able to select Heroku projects that you would like Snyk to monitor. You can do this either using the “Add projects” button on the integrations page, or directly from the Heroku integration settings page.

In either case, you’ll see a list of any available projects on the Heroku account you connected. Select the ones you want to monitor and click the “add to Snyk” button.

Screenshot of the screen displaying the available Heroku apps to monitor

As soon as you’ve added the projects to Snyk, Snyk will test them and begin to display a list of all monitored Heroku applications in your project dashbard. You’ll also see a snapshot of any current vulnerabilities, and be able to click through for a more detailed report including any steps to remediate.

Screenshot of the screen displaying the available Heroku apps to monitor

Snyk will now continuously monitor each of those projects for known vulnerabilities. You can add more projects at any time.

Checking your connection status

At any time after you’ve entered your Heroku credentials, you can check on the connection status in one of two places.

The first is on your integration settings page, where you’ll see your current integrations listed as well as their connection status.

Screenshot of the integration settings page

The connection status is also displayed directly on the Heroku integration settings page (found by clicking “Edit settings” on the integration settings page shown above). If you’ve entered credentials, you’ll see a box indicating whether or not Snyk is able to correctly connect to Heroku.

Screenshot showing Snyk correctly connected to Heroku

If you are unable to connect, please re-enter your account credentials to verify that they are correct.

Screenshot showing Snyk unable to connect to Heroku

Adding a Snyk-specific user to Heroku

On Heroku, each user is limited to one API key so we suggest adding a dedicated user for your Snyk organization. That way if at some point you need to revoke the key for any reason, you can do so without impacting anyone within your organization.

This can be accomplished through the Heroku admin interface, or from the command line using the following command:

heroku access:add joe@example.com

You can learn more about how to add another user to your application on the Heroku documentation.

Disabling the Heroku Integration

If you decide to disable the Heroku integration for any reason, you can accomplish this from the “Integration Settings” page in your settings.

You’ll need to find the Heroku integration in your list of integrations, and click “Edit Settings”. You’ll be taken to a page that shows the current status of your Heroku connection, a place to update your API key, and a red box at the bottom to disconnect from Heroku.

Screenshot showing the Disconnect screen for disabling the Heroku integration

If you choose to disconnect, your Heroku credentials will be removed from Snyk and any Heroku projects we had been monitoring will be deactivated on Snyk.

If you choose to re-enable the Heroku integration at any time, you’ll need to re-enter your credentials and activate your projects.