Skip to main content


The Snyk Matano managed log source lets you ingest your Snyk Audit logs and vulnerabilty issues.


Use the managed log source by specifying the managed.type property in your log_source as SNYK.

name: snyk

type: SNYK
group_id: <MY_GROUP_ID>
org_id: <MY_ORG_ID>

Then create tables for each of the Snyk logs you want to ingest. For example, if you want to ingest Snyk audit logs, as well vulnerabilities, create table files like so:

└── log_sources/
└── snyk/
└── log_source.yml
└── tables/
└── audit.yml
└── vulnerabilities.yml
└── ...
# log_sources/snyk/tables/audit.yml
name: audit

For a complete reference on configuring log sources, including extending the table schema, see Log source configuration.


The Snyk managed log source supports the following tables:

  • audit
  • vulnerabilities


Pull (default)

Matano integrates with your Snyk account to automatically pull relevant logs on a regular basis (every 24 hrs).

To get started with the integration, specify the following properties in the log source configuration file:

type: SNYK
group_id: <MY_GROUP_ID>
org_id: <MY_ORG_ID>

After the first deployment, this log source will also generate a secret in AWS secret's manager to store secrets related to this integration.


To finish onboarding the log source, populate the api_token key in the secret generated by Matano in AWS Secrets Manager, with the value of your Snyk API token.


Snyk log data is normalized to ECS fields. Custom fields are normalized into the snyk field. You can view the complete mapping to see the full schema.