Glen

Join the waitlist

We onboard teams in waves. Leave your work email and we'll send your invite when your spot opens.

SnykBookStack

Record Snyk scan results as BookStack security pages

A Snyk + BookStack agent flow

When an auditor asks what your dependency posture looked like last quarter, a Slack thread won't cut it; you need a dated record. A BookStack security book that gets a new page after every scan gives you exactly that. This recipe writes those pages. The agent runs snyk_sca_scan against the repo, reads the findings, and creates a BookStack page with bookstack_pages_create: a Markdown summary of the scan, counts by severity, and a table of each vulnerability with its package, CVE, and fix. Snyk scans when the agent asks rather than on a schedule of its own, so this fires per release or weekly, and each run writes a fresh dated page so the book becomes a chronological audit trail rather than a single overwritten document.

The flow

Snyksnyk_sca_scan

Software composition analysis: inspects manifest files to find known vulnerabilities and license-compliance issues in open-source dependencies (uses absolute paths).

BookStackbookstack_pages_create

Creates a page from HTML or Markdown.

Step by step

  1. Run the scan

    Pointed at the absolute path to the checkout, snyk_sca_scan returns the known vulnerabilities and license issues across the dependency tree, each with a package, version, severity, and CVE.

  2. Compose the page

    Findings roll into Markdown: a header with the date and commit, a count by severity, and a table listing each vulnerability with its package, the upgrade that fixes it, and a CVE link. The narrative is what an auditor or a new engineer can actually read.

  3. Create the BookStack page

    With bookstack_pages_create the agent writes the Markdown body to the book or chapter id, titled with the date and service. Because every run makes a new page, the chapter holds a scan-by-scan history instead of one mutable summary.

Tell your agent

Every Monday, run snyk_sca_scan on /srv/app, then create a BookStack page in the Security book titled with today's date, containing a severity summary and a table of each vulnerability with package, CVE, and fix version.

Setup

This flow needs both servers connected to your agent. Follow each install guide:

Worth knowing

  • snyk_sca_scan needs the project's manifest files on disk at an absolute path, so the agent runs from a checkout; it can't scan a repo it only knows by URL.
  • bookstack_pages_create takes HTML or Markdown but renders into BookStack's own format, so keep tables simple; deeply nested Markdown can flatten in the editor.

Questions

Why a new page each scan instead of updating one?
A dated history is the point. Separate pages let you show exactly what was known on a given date, which is what compliance reviews ask for. Use bookstack_pages_update only if you instead want one always-current snapshot.
Can it include first-party code findings?
Yes. Run snyk_code_scan alongside the SCA scan and fold its results into the same page under a second section, so each entry covers both dependency and source-level issues.