Snyk Documentation

Upload Snyk scan reports to Fortify SSC

To view Snyk results data from the Fortify SSC feed, the data can be pushed to SSC in one of two ways:

Upload Snyk data with the Fortify SSC REST API

  1. From the location where the Snyk CLI executes the command line for the relevant Snyk project, run the command:

    snyk test --json > scan.json

    For more information about running tests from the CLI, see our help.  

  2. Package the Snyk results (scan.json) and the engineType together in a scan.zip file.
    From your CLI, enter:

    echo "engineType=SNYK" > scan.info
    zip -v scan.zip scan.json scan.info
  3. Get an upload token from Fortify SSC:

    curl --noproxy <FORTIFY_SSC_HOSTNAME> -X POST -H "Content-Type: 
    application/json" -u admin:<PASSWORD> -d '{"fileTokenType""UPLOAD"}'
    https://<FORTIFY_SSC_HOSTNAME>:8180/ssc/api/v1/fileTokens
  4. Use the resulting token to upload the file:

    curl --noproxy localhost -X POST --form files=@"scan.json" "https://<FORTIFY_SSC_HOSTNAME>:8180/ssc/upload/resultFileUpload.html?mat=<TOKEN>&
    entityId=<APP_ID>&engineType=SNYK"
  5. Navigate to the the app version dashboard (https://<FORTIFY_SSC_HOSTNAME>:8180/ssc/html/ssc/version/<APP_ID>/).
  6. Click the Audit tab.
    All issues reported by Snyk as uploaded from the scan.json are displayed in the table with the Analysis Type SNYK appearing for each entry of an issue. 

Upload Snyk data from the Fortify SSC web UI

  1. From the location where the Snyk CLI executes the command line for the relevant Snyk project, run the command:

    snyk test --json > scan.json

    For more information about running tests from the CLI, see our help.  

  2. Package the Snyk results (scan.json) and the engineType together in a scan.zip file.
    From your CLI, enter:

    echo "engineType=SNYK" > scan.info
    zip -v scan.zip scan.json scan.info
  3. Navigate to the Fortify SSC app:
    https://<FORTIFY_SSC_HOSTNAME>:8180/ssc/html/ssc/version
  4. Click Applications and click the project version for the project to which you would like to bind the scan results report:

  5. Click the ARTIFACTS tab and then click ARTIFACT.

  6. From the dialog box that opens, click ADD FILES, browse to the location where you saved the Snyk scan results and select the scan.zip you just made.
  7. Click START UPLOAD:

  8. Once uploaded, click CLOSE to close the window and return to the app.
  9. Once results are successfully processed, the status Processing Complete appears from the Applications list for the newly added scan.zip report.
  10. Navigate to the  app version dashboard (https://<FORTIFY_SSC_HOSTNAME>:8180/ssc/html/ssc/version/<APP_ID>/).
  11. Click the AUDIT tab.
    All issues reported by Snyk as uploaded from the scan.zip are displayed in the table with the Analysis Type SNYK appearing for each issue that Snyk found.
  12. Click on any row to reveal additional detailed information for a specific issue: