Why a new page each scan instead of updating one?

A dated history is the point. Separate pages let you show exactly what was known on a given date, which is what compliance reviews ask for. Use bookstack_pages_update only if you instead want one always-current snapshot.

Can it include first-party code findings?

Yes. Run snyk_code_scan alongside the SCA scan and fold its results into the same page under a second section, so each entry covers both dependency and source-level issues.

SnykBookStack

Record Snyk scan results as BookStack security pages

A Snyk + BookStack agent flow

When an auditor asks what your dependency posture looked like last quarter, a Slack thread won't cut it; you need a dated record. A BookStack security book that gets a new page after every scan gives you exactly that. This recipe writes those pages. The agent runs snyk_sca_scan against the repo, reads the findings, and creates a BookStack page with bookstack_pages_create: a Markdown summary of the scan, counts by severity, and a table of each vulnerability with its package, CVE, and fix. Snyk scans when the agent asks rather than on a schedule of its own, so this fires per release or weekly, and each run writes a fresh dated page so the book becomes a chronological audit trail rather than a single overwritten document.

The flow

Snyksnyk_sca_scan

Software composition analysis: inspects manifest files to find known vulnerabilities and license-compliance issues in open-source dependencies (uses absolute paths).

BookStackbookstack_pages_create

Creates a page from HTML or Markdown.

Step by step

Run the scan
Pointed at the absolute path to the checkout, snyk_sca_scan returns the known vulnerabilities and license issues across the dependency tree, each with a package, version, severity, and CVE.
Compose the page
Findings roll into Markdown: a header with the date and commit, a count by severity, and a table listing each vulnerability with its package, the upgrade that fixes it, and a CVE link. The narrative is what an auditor or a new engineer can actually read.
Create the BookStack page
With bookstack_pages_create the agent writes the Markdown body to the book or chapter id, titled with the date and service. Because every run makes a new page, the chapter holds a scan-by-scan history instead of one mutable summary.

Tell your agent

Every Monday, run snyk_sca_scan on /srv/app, then create a BookStack page in the Security book titled with today's date, containing a severity summary and a table of each vulnerability with package, CVE, and fix version.

Setup

This flow needs both servers connected to your agent. Follow each install guide:

Snyk install guide BookStack install guide

Worth knowing

snyk_sca_scan needs the project's manifest files on disk at an absolute path, so the agent runs from a checkout; it can't scan a repo it only knows by URL.
bookstack_pages_create takes HTML or Markdown but renders into BookStack's own format, so keep tables simple; deeply nested Markdown can flatten in the editor.

Questions

Why a new page each scan instead of updating one?: A dated history is the point. Separate pages let you show exactly what was known on a given date, which is what compliance reviews ask for. Use bookstack_pages_update only if you instead want one always-current snapshot.
Can it include first-party code findings?: Yes. Run snyk_code_scan alongside the SCA scan and fold its results into the same page under a second section, so each entry covers both dependency and source-level issues.