From 5c9404a0ee0b1514c84da77985d68ac0072d3ce2 Mon Sep 17 00:00:00 2001 From: Brian 'bdougie' Douglas Date: Tue, 18 Nov 2025 01:48:53 -0500 Subject: [PATCH 1/4] docs: add Snyk integration documentation for Mission Control - Create comprehensive Snyk integration page with OAuth flow - Update integration listings to include Snyk as 4th integration - Add Snyk to sidebar navigation in docs.json - Align examples with existing Snyk MCP cookbook - Focus on OAuth authentication without manual token configuration - Add redirect to hub.continue.dev/inbox?view=snyk after auth Generated with [Continue](https://continue.dev) Co-Authored-By: Continue --- docs/docs.json | 1 + docs/index.mdx | 7 +- docs/mission-control/integrations/index.mdx | 10 +- docs/mission-control/integrations/snyk.mdx | 316 ++++++++++++++++++++ 4 files changed, 329 insertions(+), 5 deletions(-) create mode 100644 docs/mission-control/integrations/snyk.mdx diff --git a/docs/docs.json b/docs/docs.json index f30d60aa26f..f4638dd4796 100644 --- a/docs/docs.json +++ b/docs/docs.json @@ -48,6 +48,7 @@ "mission-control/integrations", "mission-control/integrations/github", "mission-control/integrations/sentry", + "mission-control/integrations/snyk", "mission-control/integrations/slack-agent" ] }, diff --git a/docs/index.mdx b/docs/index.mdx index 6c4a2f2dc68..e2b5d9a2266 100644 --- a/docs/index.mdx +++ b/docs/index.mdx @@ -33,7 +33,7 @@ description: "Create, run, and automate AI agents across Mission Control, termin Connect Continue to your existing developer tools to power Tasks and Workflows. - + Enable repository access for Agents to read and create PRs. @@ -43,6 +43,9 @@ description: "Create, run, and automate AI agents across Mission Control, termin Automatically generate PRs to fix new issues from Sentry alerts. + + Detect and fix security vulnerabilities automatically. + @@ -139,6 +142,6 @@ description: "Create, run, and automate AI agents across Mission Control, termin icon="plug" href="/mission-control/integrations" > - Connect GitHub, Slack, and Sentry to power your automations. + Connect GitHub, Slack, Sentry, and Snyk to power your automations. diff --git a/docs/mission-control/integrations/index.mdx b/docs/mission-control/integrations/index.mdx index 9485edb1a50..9bb796866fe 100644 --- a/docs/mission-control/integrations/index.mdx +++ b/docs/mission-control/integrations/index.mdx @@ -1,6 +1,6 @@ --- title: "Overview" -description: "Connect GitHub, Slack, and Sentry to power richer Agents, Tasks, and Workflows." +description: "Connect GitHub, Slack, Sentry, and Snyk to power richer Agents, Tasks, and Workflows." sidebarTitle: "Overview" --- @@ -8,9 +8,9 @@ sidebarTitle: "Overview" Integrations let Continue connect to the tools you already use, so Agents can read code, open pull requests, send messages, react to real-world events, and more. -Mission Control currently supports three first-class integrations: +Mission Control currently supports four first-class integrations: - + Required for PR creation, repo access, diffs, and workflow triggers. @@ -24,6 +24,10 @@ Mission Control currently supports three first-class integrations: Trigger Agents automatically when new Sentry issues appear. + + Detect and fix security vulnerabilities automatically. + + diff --git a/docs/mission-control/integrations/snyk.mdx b/docs/mission-control/integrations/snyk.mdx new file mode 100644 index 00000000000..a5a980c4fba --- /dev/null +++ b/docs/mission-control/integrations/snyk.mdx @@ -0,0 +1,316 @@ +--- +title: "Snyk Integration" +description: "Automatically detect and fix vulnerabilities with Continue Agents connected to Snyk" +--- + +## Overview + +Connect Snyk to Continue Mission Control to enable agents to automatically detect, analyze, and resolve security vulnerabilities. When Snyk is enabled, Continue can generate PRs to fix vulnerabilities, analyze security patterns, and maintain application security posture. + + + + - Automatically generate PRs to fix security vulnerabilities + - Analyze dependency risks and suggest updates + - Monitor security posture across projects + - Create detailed vulnerability reports with remediation steps + - Track vulnerability trends and compliance status + + + +## Setup + + + + + + Go to your [Integrations Settings](https://hub.continue.dev/integrations). + + + + + + Click "Connect" next to Snyk integration. + + + + + + Click the "Connect with Snyk" button to authorize Continue Mission Control: + + - You'll be redirected to Snyk's OAuth authorization page + - Review and approve the requested permissions + - You'll be automatically redirected back to the [Snyk inbox view](https://hub.continue.dev/inbox?view=snyk) + + + + + + Once redirected back, you'll see: + - A confirmation that Snyk is connected + - Your Snyk projects available for monitoring + - Any active vulnerability alerts + + + + + + + + **OAuth Authorization**: No manual token configuration needed! Simply click the authorization button and Continue will securely handle the authentication flow with Snyk. + + + +## Use Cases + +### Code Vulnerability Scanning (SAST) + +Scan your source code for security vulnerabilities: + + + + **Task Example**: "Run a Snyk Code scan on this repo with severity threshold medium. Summarize issues with file:line locations and propose minimal fixes for the top 3 critical issues." + + **What the Agent Does**: + - Performs static application security testing on your code + - Identifies security vulnerabilities with exact file and line numbers + - Prioritizes issues by severity and exploitability + - Generates minimal, targeted fixes for critical issues + - Re-runs scans to verify fixes resolve the vulnerabilities + + **Run in Mission Control**: Set up as pre-commit hook or PR check + + + +### Dependency Scanning (SCA) + +Check open source dependencies for known vulnerabilities: + + + + **Task Example**: "Run Snyk Open Source scan including dev dependencies. Summarize vulnerable dependency paths and propose a minimal-risk upgrade plan." + + **What the Agent Does**: + - Performs software composition analysis on all dependencies + - Maps vulnerability paths through dependency tree + - Identifies minimal-risk upgrade strategies + - Creates dependency update plans with compatibility checks + - Re-tests after proposed changes to confirm resolution + + **Run in Mission Control**: Schedule weekly or trigger on package updates + + + +### Infrastructure as Code (IaC) Security + +Scan Terraform, CloudFormation, and Kubernetes configs: + + + + **Task Example**: "Scan ./infra directory with Snyk IaC. Report high/critical misconfigurations with exact files and lines. Provide corrected configurations." + + **What the Agent Does**: + - Scans infrastructure code for security misconfigurations + - Identifies exposed secrets and overly permissive policies + - Reports exact file locations and line numbers + - Provides secure configuration alternatives + - Re-scans to confirm misconfigurations are resolved + + **Run in Mission Control**: Run before infrastructure deployments + + + +### Container Security Scanning + +Analyze Docker images for vulnerabilities: + + + + **Task Example**: "Scan Docker image my-api:latest excluding base image vulnerabilities. Show dependency tree and recommend safer base images." + + **What the Agent Does**: + - Scans container images for OS and application vulnerabilities + - Analyzes complete dependency tree in containers + - Recommends security-hardened base images + - Creates optimized Dockerfiles with security improvements + - Re-tests after changes to verify vulnerability reduction + + **Run in Mission Control**: Trigger on container builds or before deployments + + + +### Pull Request Security Scanning + +Focus scanning on modified files: + + + + **Task Example**: "Scan only files changed since origin/main with Snyk Code. Block if new high severity issues would be introduced." + + **What the Agent Does**: + - Targets security scanning to changed files only + - Compares security posture before and after changes + - Identifies newly introduced vulnerabilities + - Shows security impact delta for the PR + - Blocks merge if critical issues are detected + + **Run in Mission Control**: Set up as PR check automation + + + +### Security Learning Integration + +Access contextual security education: + + + + **Task Example**: "Open Snyk Learn lessons related to the top CWE vulnerabilities from this scan." + + **What the Agent Does**: + - Maps vulnerabilities to Common Weakness Enumeration (CWE) categories + - Retrieves relevant Snyk Learn educational content + - Provides contextual security training based on actual issues + - Links to remediation guides and best practices + - Tracks security knowledge gaps across the team + + **Run in Mission Control**: Run after security scans for team education + + + +## Running Snyk Agents in Mission Control + +You can run Snyk-connected agents in two ways: + +### 1. Manual Tasks + +Trigger agents on-demand for vulnerability analysis: + +1. Go to [Mission Control Agents](https://hub.continue.dev/agents) +2. Select or create a Snyk-enabled agent +3. Click "Run Agent" and provide your task description +4. Monitor progress and review results in real-time + +**Example Tasks:** +- "Scan all projects for critical vulnerabilities and prioritize fixes" +- "Update all npm dependencies with known vulnerabilities" +- "Generate a security report for the last sprint" + +### 2. Automated Workflows + +Set up agents to run automatically: + +- **Webhook-triggered**: Execute when new vulnerabilities are detected +- **Scheduled**: Run daily or weekly security scans +- **PR-triggered**: Scan new dependencies before merge + + + + Start with manual tasks to understand your vulnerability patterns, then automate the most common remediation workflows for continuous security. + + + +## Integration with GitHub + +Combine Snyk with GitHub integration for a complete security workflow: + + + + + + Enable both Snyk and GitHub integrations in Mission Control + + + + + + Build an agent that: + - Receives Snyk vulnerability alerts + - Analyzes the security issue in your codebase + - Creates a PR with the security fix + - Adds security impact analysis to the PR + + + + + + Configure the agent to run automatically on new critical vulnerabilities + + + + + +## Monitoring Agent Activity + +Track your agent's security remediation performance: + +1. **View in Inbox**: Navigate to the [Snyk view](https://hub.continue.dev/inbox?view=snyk) to see all Snyk-related agent activity +2. **Check Snyk Dashboard**: Verify that vulnerabilities are being addressed +3. **Review PRs**: Ensure quality and security of generated fixes +4. **Monitor Metrics**: Track mean time to remediation (MTTR) and fix rate + +## Troubleshooting + + + + **Problem**: Can't complete the Snyk authorization flow + + **Solutions**: + - Ensure you have appropriate permissions in your Snyk organization + - Check if your organization allows OAuth integrations + - Try logging out and back into Snyk before authorizing + - Clear browser cookies and try again + + + + + + **Problem**: Snyk projects aren't visible after connection + + **Solutions**: + - Verify you have access to projects in Snyk + - Check that projects are properly imported in Snyk + - Refresh the integration connection + - Ensure the OAuth scope includes project access + + + + + + **Problem**: Agent returns errors when trying to fetch Snyk data + + **Solutions**: + - Verify the OAuth connection is still valid + - Re-authorize if the token has expired + - Check that the agent has the necessary Snyk context provider + - Review agent logs for specific error messages + + + + + + **Problem**: Agent isn't running when new vulnerabilities are found + + **Solutions**: + - Verify webhook configuration in Snyk settings + - Check that webhook URL points to Continue Mission Control + - Ensure webhook events include vulnerability detection + - Review webhook delivery logs in Snyk + + + +## Support & Resources + + + + + + Complete guide with security scanning recipes, CI/CD integration, and automated remediation workflows + + + + + + Combine Snyk with GitHub for complete security automation + + + + \ No newline at end of file From 7bb3fbc790c4938efa16c9b5021dfc78ad1871ab Mon Sep 17 00:00:00 2001 From: Brian 'bdougie' Douglas Date: Tue, 18 Nov 2025 01:54:10 -0500 Subject: [PATCH 2/4] docs: add Mission Control integration note to Snyk MCP cookbook - Add prominent note recommending the new Snyk Mission Control integration - Highlight Continuous AI benefits with links to relevant guides - Emphasize OAuth simplicity and team collaboration features - Connect cookbook concepts to enterprise-ready automation - Position Mission Control as the next step for scaling security automation Generated with [Continue](https://continue.dev) Co-Authored-By: Continue --- docs/guides/snyk-mcp-continue-cookbook.mdx | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/docs/guides/snyk-mcp-continue-cookbook.mdx b/docs/guides/snyk-mcp-continue-cookbook.mdx index 06c50645ad4..44a3ce4f0e4 100644 --- a/docs/guides/snyk-mcp-continue-cookbook.mdx +++ b/docs/guides/snyk-mcp-continue-cookbook.mdx @@ -4,6 +4,22 @@ description: "Set up an AI-powered security workflow that automatically scans yo sidebarTitle: "Snyk Security Scanning with Continue" --- + + + **🚀 New: Snyk Mission Control Integration** + + For teams looking to scale security automation across their organization, try the new [Snyk Mission Control Integration](/mission-control/integrations/snyk). It provides: + + - **One-click OAuth setup** - No manual token configuration needed + - **Centralized security workflows** - Manage Tasks and automations from the Mission Control dashboard + - **Team collaboration** - Share security agents and workflows across your organization + - **Webhook automations** - Automatically trigger security scans on new vulnerabilities + - **[Level 2 Continuous AI](/guides/continuous-ai#the-continuous-ai-maturity-model)** - Move from manual security scans to automated vulnerability remediation + + The Mission Control integration builds on the foundation described in this cookbook, making it easier to implement [Continuous AI security practices](/guides/continuous-ai#best-practices-for-sustainable-continuous-ai) at scale. Start with this cookbook to understand the core concepts, then upgrade to Mission Control for enterprise-ready automation. + + + An automated security scanning system that uses Continue's AI agent with Snyk MCP to identify vulnerabilities in code, dependencies, infrastructure, and From 7946f94f8f479e30aa9c25773c9b036a510f8d93 Mon Sep 17 00:00:00 2001 From: Brian 'bdougie' Douglas Date: Tue, 18 Nov 2025 02:01:49 -0500 Subject: [PATCH 3/4] docs: enhance Snyk cookbook note to emphasize Continuous AI capabilities - Reframe note to highlight autonomous agent problem-solving - Emphasize zero-touch remediation and independent agent actions - Add specific examples of how agents solve security issues - Include intervention rates metric as key Continuous AI benefit - Better explain Level 2 Continuous AI in security context - Strengthen connection between cookbook and Mission Control benefits Generated with [Continue](https://continue.dev) Co-Authored-By: Continue --- docs/guides/snyk-mcp-continue-cookbook.mdx | 24 ++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/docs/guides/snyk-mcp-continue-cookbook.mdx b/docs/guides/snyk-mcp-continue-cookbook.mdx index 44a3ce4f0e4..6a0e4eb17df 100644 --- a/docs/guides/snyk-mcp-continue-cookbook.mdx +++ b/docs/guides/snyk-mcp-continue-cookbook.mdx @@ -6,17 +6,25 @@ sidebarTitle: "Snyk Security Scanning with Continue" - **🚀 New: Snyk Mission Control Integration** + **🚀 Transform Security with Snyk Mission Control + Continuous AI** - For teams looking to scale security automation across their organization, try the new [Snyk Mission Control Integration](/mission-control/integrations/snyk). It provides: + The new [Snyk Mission Control Integration](/mission-control/integrations/snyk) takes security automation to the next level by enabling **[Continuous AI](/guides/continuous-ai)** - where AI agents autonomously detect, analyze, and fix vulnerabilities across your entire codebase. - - **One-click OAuth setup** - No manual token configuration needed - - **Centralized security workflows** - Manage Tasks and automations from the Mission Control dashboard - - **Team collaboration** - Share security agents and workflows across your organization - - **Webhook automations** - Automatically trigger security scans on new vulnerabilities - - **[Level 2 Continuous AI](/guides/continuous-ai#the-continuous-ai-maturity-model)** - Move from manual security scans to automated vulnerability remediation + **How Continuous AI Changes Security:** + - **Agents solve problems independently** - When Snyk detects a vulnerability, your agent automatically analyzes it, generates a fix, creates a PR, and validates the solution + - **Zero-touch remediation** - Vulnerabilities are fixed before they reach production, without manual intervention + - **Team-wide automation** - Share pre-configured agents and workflows that encode your security best practices + - **Intelligent triage** - Agents prioritize fixes based on severity, exploitability, and business impact - The Mission Control integration builds on the foundation described in this cookbook, making it easier to implement [Continuous AI security practices](/guides/continuous-ai#best-practices-for-sustainable-continuous-ai) at scale. Start with this cookbook to understand the core concepts, then upgrade to Mission Control for enterprise-ready automation. + **Mission Control Benefits:** + - **One-click OAuth** - No tokens, no configuration files, just connect and go + - **Centralized workflows** - Manage all security Tasks and automations from one dashboard + - **Webhook triggers** - Automatically respond to new vulnerabilities as they're discovered + - **Metrics & intervention rates** - Track how often agents successfully fix issues without human help + + This represents **[Level 2 Continuous AI](/guides/continuous-ai#the-continuous-ai-maturity-model)**: AI handles routine security work autonomously while developers focus on complex problems. As outlined in our [Continuous AI guide](/guides/continuous-ai#best-practices-for-sustainable-continuous-ai), this reduces intervention rates and accelerates secure development. + + **Get Started:** Use this cookbook to understand the fundamentals, then [enable Mission Control](/mission-control/integrations/snyk) to deploy autonomous security agents across your organization. From 08ae70411c064bb3de40d5812b860108aec3a6bb Mon Sep 17 00:00:00 2001 From: Brian 'bdougie' Douglas Date: Tue, 18 Nov 2025 02:03:35 -0500 Subject: [PATCH 4/4] docs: simplify Snyk cookbook note by removing redundant section - Remove 'How Continuous AI Changes Security' bullet points - Keep core message about autonomous agent problem-solving - Maintain focus on Mission Control benefits and Continuous AI level - Streamline note while preserving essential information Generated with [Continue](https://continue.dev) Co-Authored-By: Continue --- docs/guides/snyk-mcp-continue-cookbook.mdx | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/docs/guides/snyk-mcp-continue-cookbook.mdx b/docs/guides/snyk-mcp-continue-cookbook.mdx index 6a0e4eb17df..90463f74f1d 100644 --- a/docs/guides/snyk-mcp-continue-cookbook.mdx +++ b/docs/guides/snyk-mcp-continue-cookbook.mdx @@ -6,15 +6,9 @@ sidebarTitle: "Snyk Security Scanning with Continue" - **🚀 Transform Security with Snyk Mission Control + Continuous AI** + **🚀 New: Snyk Mission Control Integration with Continuous AI** - The new [Snyk Mission Control Integration](/mission-control/integrations/snyk) takes security automation to the next level by enabling **[Continuous AI](/guides/continuous-ai)** - where AI agents autonomously detect, analyze, and fix vulnerabilities across your entire codebase. - - **How Continuous AI Changes Security:** - - **Agents solve problems independently** - When Snyk detects a vulnerability, your agent automatically analyzes it, generates a fix, creates a PR, and validates the solution - - **Zero-touch remediation** - Vulnerabilities are fixed before they reach production, without manual intervention - - **Team-wide automation** - Share pre-configured agents and workflows that encode your security best practices - - **Intelligent triage** - Agents prioritize fixes based on severity, exploitability, and business impact + The new [Snyk Mission Control Integration](/mission-control/integrations/snyk) enables **[Continuous AI](/guides/continuous-ai)** - where AI agents autonomously detect, analyze, and fix vulnerabilities. When Snyk detects an issue, your agent automatically generates a fix, creates a PR, and validates the solution without manual intervention. **Mission Control Benefits:** - **One-click OAuth** - No tokens, no configuration files, just connect and go