Snapsec VM Integration with Vulnerability Scanner (VS)
The Snapsec VM integration allows the Vulnerability Scanner to automatically push discovered vulnerabilities into Snapsec VM.This enables unified vulnerability management, centralized triage, and reporting across your entire attack surface.
1. Prerequisites
Before enabling the integration, ensure you have:- Access to Snapsec VM
- An Assessment created inside Snapsec VM
- The Assessment ID
- The API Key for your VM workspace
2. Open the Snapsec VM Integration in Vulnerability Scanner
- Go to Vulnerability Scanner → Integrations
- Locate the Snapsec VM integration tile
- Click Install (or Configure if already connected)
- Asset Inventory API Key
- Assessment for storing vulnerabilities
- Auto-sync Severities
- Custom Headers (optional)
3. Enter Snapsec VM Configuration
In the integration dialog:Asset Inventory API Key
Paste the API key from Snapsec VM.Assessment for Storing Vulnerabilities
Choose the VM Assessment where you want vulnerabilities from VS to be stored.Auto-sync Severities
Select which severities should automatically sync:- Critical
- High
- Medium
- Low
- Info
Custom Headers (Optional)
You may add headers for environments that require:- Gateway authorization
- Tenant routing
- Custom authentication tokens
| Header | Value |
|---|---|
x-org | acme |
x-api-version | 2 |
4. How Syncing Works
Once configured:- Every scan in Vulnerability Scanner will generate a list of vulnerabilities.
- VS will automatically send selected-severity vulnerabilities to the configured VM Assessment.
- Each synced vulnerability will show a “Send to VM” icon or status indicator.
- In Snapsec VM, they appear under Vulnerabilities, linked back to the scanned asset.
- No duplicated entries
- Continuous enrichment from ASM / AIM if assets overlap
- Centralized triage and remediation
5. Manual Sync (Optional)
From the Vulnerabilities list in VS:- Open Vulnerability Scanner → Vulnerabilities
- Select any vulnerability
- Click Send to VM
- Testing the integration
- Sending low-severity vulnerabilities that are not auto-synced
6. Troubleshooting
Invalid API Key
- Ensure the key matches EXACTLY as generated in Snapsec VM
- Regenerate the key if needed
Assessment not showing
- Ensure the API key has permissions
- Refresh the integration page
- Try reloading VS
Vulnerabilities not syncing
- Check auto-sync severities
- Ensure the assessment is correctly selected
- Verify VM is reachable (network access allowed)
Next Steps
Open Vulnerability Scanner
Start scanning assets and sync findings directly into Snapsec VM.