This repository contains some examples on how to subscribe to Snyk notifications and process the information in order to forward these notifications to Microsoft Teams or Azure DevOps Boards.
Please refer to the Snyk docs page for further information about Snyk Webhooks:
Please also note that the webhooks feature is currently in beta. While in this status, Snyk may change the API and the structure of webhook payloads at any time, without notice.
Steps you need to follow in order to set-up this integration:
Samples provided include Azure Functions for:
Azure DevOps Boards
Microsoft Teams
New Relic Events
DataDog
Slack (This one is using AWS Lambda)
Splunk Observability Cloud
These are all written in C# in order to process the payload from Snyk and send it to an Azure DevOps Board.
This Azure Functions require the following environment variables to be set-up
- AZURE_DEVOPS_ORG: the name of the Azure DevOps organisation
- AZURE_DEVOPS_PROJECT: (optional) the Azure DevOps project to create work items for, by default the code will map to the same project that it identified in Snyk
- AZURE_DEVOPS_USER: the Azure DevOps user name
- AZURE_DEVOPS_PAT: the Azure DevOps personall access token
- AZURE_DEVOPS_API_VERSION: the Azure DevOps API version to use, e.g. "7.1-preview.3"
For more information on how to create work items in Azure DevOps Boards, see this docs page.
This integration also supports the use case of specifying a specific Azure Boards project per Snyk organization. If you want to leverage this, then please speficy the below application settings:
- AZURE_DEVOPS_SNYKORG_BOARDS_MAPPING: a JSON representation of the mapping for Snyk orgs to Azure Boards projects, format: [{"snykOrgId": "SNYK_ORG_ID", "azureBoardsProject": "AZURE_BOARDS_PROJECT_NAME"}]
- AZURE_DEVOPS_SNYKORG_BOARDS_MAPPING_ENABLED: true/false, whether or not you want to leverage custom mapping
- MS_TEAMS_WEBHOOK: the webhook connector for your Microsoft Teams channel
For more information on how to format messages for Microsoft Teams connectors, see this docs page.
- NEW_RELIC_INSIGHTS_URL: URL for the New Relic accounts' event API, i.e. https://insights-collector.newrelic.com/v1/accounts/{NR-ACCOUNT-ID}/events
- NEW_RELIC_LICENSE_KEY: New Relic License Key
- DATADOG_EVENTS_URL: URL for the DataDog event API, i.e. https://api.datadoghq.com/api/v1/events
- DATADOG_API_KEY: DataDog API Key
- SPLUNK_EVENTS_URL: URL for the Splunk datapoints API, i.e. https://ingest.us1.signalfx.com/v2/datapoint
- SPLUNK_ACCESS_TOKEN: Splunk Access Token
Select the appropriate Azure Function and copy the Function URL (pls. find below an example for my New Relic Azure Function).
This is the URL you will need for the next step in order to create the Snyk Webhook.
POST https://snyk.io/api/v1/org/{SNYK-ORG-ID}/webhooks HTTP/2
Host: snyk.io
Authorization: token {SNYK-TOKEN}
Content-Type: application/json
{
"url": "https://{URL}",
"secret": "my-secret-string"
}As a result, you will get a response like this:
{
"id": "{SNYK-WEBHOOK-ID}",
"url": "https://{URL}",
}You could then use the Snyk Ping API in order to pro-actively trigger the webhook in order to test your integration:
POST https://snyk.io/api/v1/org/{SNYK-ORG-ID}/webhooks/{SNYK-WEBHOOK-ID}/ping HTTP/2
Host: snyk.io
Authorization: token {SNYK-TOKEN}
Content-Type: application/json3. Based on the notifications settings in your Snyk account, you will then be notified of new issues in your repositories
