Overview

Scrut integrates with Snyk via secure API key and organization ID to automatically ingest SCA and SAST vulnerability findings, including associated CVE IDs. The integration eliminates manual exports by syncing Snyk’s scan results directly into Scrut’s GRC platform, enabling centralized visibility, severity-based prioritization, SLA tracking, and streamlined compliance reporting.

Why Connect

Provide auditors with continuous vulnerability scan evidence Prove remediation is tracked with severity and SLA ownership Demonstrate compliance with code security requirements via SAST/SCA results.

Supported Automated Tests

Scrut provides pre-built automated tests for Snyk. Here are a few examples of Scrut’s Snyk tests:

• Access reviews completed for all in-scope applications
• Snyk accounts associated with users
• Snyk accounts deprovisioned when employees leave

Supported Automated Evidence

Scrut automates the collection of some evidences for Snyk. Here are a few examples of Scrut’s Snyk-driven evidences that can be collected:

• Offboarding - Logical Access & Physical Access Revocation
• Reports of User Access Reviews
• Report of Vulnerability Scan and Remediation Status
• User Access Approval list to Application, Infrastructure and Service