Security Posture - Snyk
API capability pack for bounded Snyk REST API reads against https://api.snyk.io/rest only, pinned with version=2024-10-15 on every operation. Enroll a Snyk connection named snyk that injects Authorization with either the documented token header or bearer auth; no credential is embedded in this manifest. The pack reads groups, organizations, projects, issues, targets, collections, and inventory assets for security posture review, vulnerability triage, asset inventory, and developer remediation planning. It bundles a scheduled security posture digest and an AI-assisted issue investigation brief. This slice is read-only: it intentionally excludes deletes, ignore/resolution mutation, project/target/collection mutation, invite and membership administration, app secrets, service account secrets, SSO, settings, policy mutation, export jobs, SBOM uploads/tests, package issue POST queries, and arbitrary Snyk API passthrough.
What this pack installs
- Snyk security posture digest Recipe
- Snyk issue investigation brief Recipe
- snyk Ingredient
Trust & control
What installing this whole pack would let it do. Recued grants these permissions at install — review them there before approving.