Hi team,
First off, thank you for developing and maintaining this project.
I'm looking into using agent-scan and have a question regarding its authentication and integration with vulnerability scanning providers.
The "Get Started" section of the documentation states the following:
Sign up at Snyk and get an API token from https://app.snyk.io/account (API Token → KEY → click to show). Set the token as an environment variable before running any scan: export SNYK_TOKEN=your-api-token-here
This documentation strongly implies that the agent is exclusively tied to the Snyk platform via the SNYK_TOKEN.
My Question
Is the agent strictly coupled with the Snyk API, or is there a way to configure it to use API tokens from other vulnerability scanning platforms (e.g., GitHub Advanced Security, Trivy, Mend, SonarQube, etc.)?
Use Case / Rationale
For organizations that utilize multiple security scanners or have standardized on a platform other than Snyk, it would be incredibly valuable if agent-scan could function as a more generic client. This would allow us to leverage the agent's scanning and orchestration capabilities while plugging into our existing security data ecosystem.
Summary
To be clear, I'm trying to understand:
- Is SNYK_TOKEN the only supported authentication method, making Snyk the only compatible backend?
- If so, are there any plans to support other scanners in the future?
- If the agent is currently Snyk-only, please consider this issue a feature request to explore making the scanner integration pluggable or extensible.
Thanks for your time and clarificationa
Hi team,
First off, thank you for developing and maintaining this project.
I'm looking into using agent-scan and have a question regarding its authentication and integration with vulnerability scanning providers.
The "Get Started" section of the documentation states the following:
Sign up at Snyk and get an API token from https://app.snyk.io/account (API Token → KEY → click to show). Set the token as an environment variable before running any scan: export SNYK_TOKEN=your-api-token-here
This documentation strongly implies that the agent is exclusively tied to the Snyk platform via the SNYK_TOKEN.
My Question
Is the agent strictly coupled with the Snyk API, or is there a way to configure it to use API tokens from other vulnerability scanning platforms (e.g., GitHub Advanced Security, Trivy, Mend, SonarQube, etc.)?
Use Case / Rationale
For organizations that utilize multiple security scanners or have standardized on a platform other than Snyk, it would be incredibly valuable if agent-scan could function as a more generic client. This would allow us to leverage the agent's scanning and orchestration capabilities while plugging into our existing security data ecosystem.
Summary
To be clear, I'm trying to understand:
Thanks for your time and clarificationa