Send Snyk data to Security Command Center

The Snyk for Google Security Command Center (SCC) integration, available in Cloud Marketplace, lets you view and manage issues identified by Snyk as security findings in Google Cloud. Issues received from Snyk are represented in Security Command Center as code security findings. When Snyk issues are updated, the corresponding Security Command Center findings are automatically updated as well.

Complete the following sections in order:

1. Before you begin

2. Configure the integration in the Google Cloud console

3. Configure the integration in Snyk

Before you begin

• Create a Snyk user account with permissions to edit and view group integrations.

• Prepare your Google Cloud environment.

  1. Create a Google Cloud organization with Security Command Center enabled at the organization level. See either Activate Security Command Center or Activate Security Command Center Enterprise tier for information about how to do this.

  2. Identify or create a Google Cloud project in the organization from the previous step. Record the project information. You need this when configuring the integration.

  3. (Optional) Manually create a service account in the project from the previous step, then do the following. If you don't create the service account manually, you must create it when configuring the integration. It is used to authenticate with Google Cloud.

     1. Assign the Security Center Findings Editor (roles/securitycenter.findingsEditor) role to the service account.

     2. Create a service account key for the service account. Create the key in JSON format.

     3. Record the following information. You use this when configuring the integration.

        • Service account name
        • Service account ID
        • Service account key

Configure the integration in the Google Cloud console

During this process, you configure the Snyk integration and create or configure a service account.

1. If you manually created the service account, get the following information:

   • Service account name: display name for this service account.
   • Service account ID: alphanumeric ID used in the service account email address.

2. In the Google Cloud console, go to the Snyk for Google Security Command Center (SCC) in Marketplace.

   Go to Snyk listing

   As an alternative, you can search for Snyk for Google Security Command Center (SCC) in Google Cloud Marketplace.

3. Select the organization where Security Command Center is enabled.

4. Click Sign up with partner to configure the integration.

5. Click Change to select a project in the organization. This is where the service account exists if you have already created it. If you have not created the service account, this is where it is created.

6. Select one of the following options:

   • Create a new service account. Select this if you didn't create a service account manually. Enter the following information:

     • Service account name: display name for this service account.
     • Service account ID: alphanumeric ID used in the service account email address.

   • Use an existing service account. Select this if you created a service account manually. From the menu, select the service account.

7. Click Submit.

8. In Security Command Center, go to Settings > Integrated services.

9. Find the listing for Snyk for Google Security Command Center (SCC).

10. Record the Source ID value for the integration. You need this information in the following section. This is also known as the relative resource name stored in the finding source name field.

11. If you selected Create a new service account in the previous step, go to IAM in Google Cloud console and Create a service account key for the service account that was created. Create the key in JSON format and save it. You use it in a later step.

Configure the integration in Snyk

1. Collect the following information:

   • Source ID: the relative resource name that you saved in the previous section. The Google Cloud organization ID is parsed automatically from this field.

   • Service account key: the JSON key that you created from the service account.

2. Navigate to your Snyk group-level integrations page, called Integrations Hub, and then sign in using your Snyk credentials.

3. Search for Google SCC, and then click Use integration in the Google SCC entry that is returned.

4. Enter values for the following:

   • Profile name: a name that you define for this integration.
   • Source ID: you recorded this previously.
   • Service account key: you recorded this previously.

5. Click Done.

After the connection is established, the Google SCC integration status changes to Setup in progress. The status automatically changes to Connected when the next Snyk scan occurs in your environment.

What's next

Review and manage Snyk code security findings.