For Agents
Test packages and projects for security vulnerabilities, monitor dependencies for new issues, and retrieve detailed findings with severity scores and fix recommendations across multiple programming ecosystems.
Get started with Snyk API in minutes using your preferred integration method.
# Add to your MCP client config (Claude Desktop, Cursor, Windsurf)
{
"jentic": {
"url": "https://api.jentic.com/mcp",
"auth": "oauth"
}
}
# Then ask your agent:
"scan dependencies for security vulnerabilities"
# → Jentic returns the GET /events tool with parameter schema, agent executes.What an agent can do with Snyk API API.
Test a package or project against Snyk's vulnerability database and receive severity-scored findings with upgrade paths
Monitor dependencies continuously and receive webhook notifications when new vulnerabilities are disclosed
Import projects from SCM integrations like GitHub, GitLab, and Bitbucket for automated scanning
Retrieve aggregated vulnerability issues across an organization with filtering by severity and exploitability
GET STARTED
Use for: I need to test a Python package for known vulnerabilities, Check whether my project has any critical security issues, List all high-severity vulnerabilities in my organization's projects, Monitor a GitHub repository for new dependency vulnerabilities
Not supported: Does not handle runtime application monitoring, code quality analysis, or SAST scanning — use for dependency vulnerability detection and license compliance only.
Jentic publishes the only available OpenAPI document for Snyk API, keeping it validated and agent-ready.
Jentic publishes the only available OpenAPI specification for Snyk API, keeping it validated and agent-ready. Scan open-source dependencies, containers, and infrastructure-as-code for known vulnerabilities and license violations through 103 endpoints covering project monitoring, vulnerability testing, and organizational management. The API supports programmatic integration with Snyk's vulnerability database across multiple package managers including npm, Maven, pip, and Go modules, delivering severity-scored findings with remediation guidance. Rate-limited at 2000 requests per minute per user, it serves teams on Business and Enterprise plans who need automated security posture reporting and CI/CD pipeline gating.
Configure integration settings and provision authentication tokens for source control connections
Generate license compliance reports showing policy violations across all monitored projects
Tag and group projects within organizations for structured vulnerability reporting
Patterns agents use Snyk API API for, with concrete tasks.
★ AI Agent Vulnerability Assessment
An AI agent uses the Snyk API through Jentic to automatically test packages before deployment, checking dependency trees against Snyk's vulnerability database. The agent submits a dependency graph to the monitor endpoint and receives severity-scored findings with actionable upgrade paths, enabling automated security gates in CI/CD pipelines without manual configuration of API tokens or endpoint discovery.
Submit a dep-graph to POST /monitor/dep-graph for a Node.js project and retrieve the list of vulnerabilities with their severity scores and upgrade paths
Continuous Dependency Monitoring
Set up automated monitoring of open-source dependencies across all projects in a Snyk organization. The API imports projects from connected SCM integrations, tests them on configurable schedules, and delivers webhook notifications when new vulnerabilities are disclosed. Teams track vulnerability trends over time using the reporting endpoints and filter by severity, exploitability, and fixability to prioritize remediation efforts.
List all projects in an organization via GET /org/{orgId}/projects and retrieve aggregated issues for each project showing critical and high severity counts
License Compliance Auditing
Audit software dependencies for license compliance violations by querying Snyk's license analysis across an organization's entire project portfolio. The API returns license types for every dependency along with policy violation flags based on the organization's configured license policy, enabling legal and security teams to identify GPL, AGPL, or other restricted licenses before code ships to production.
Retrieve license issues for a project via GET /org/{orgId}/licenses and identify any dependencies with GPL or AGPL licenses that violate the org's policy
SCM Integration and Project Import
Connect source code management platforms like GitHub, GitLab, and Bitbucket to Snyk for automated project discovery and import. The API manages integration credentials, provisions tokens, and triggers batch imports of repositories. Once connected, Snyk monitors pull requests for new vulnerability introductions and can suggest fix PRs directly in the SCM, reducing mean-time-to-remediation for development teams.
Configure a GitHub integration via POST /org/{orgId}/integrations and import a specific repository using POST /org/{orgId}/integrations/{integrationId}/import
103 endpoints — jentic publishes the only available openapi specification for snyk api, keeping it validated and agent-ready.
METHOD
PATH
DESCRIPTION
/org/{orgId}/project/{projectId}/aggregated-issues
List aggregated vulnerability issues for a project
/monitor/dep-graph
Submit a dependency graph for continuous monitoring
/org/{orgId}/projects
List all projects in an organization
/org/{orgId}/integrations/{integrationId}/import
Import a project from a connected SCM integration
/org/{orgId}/licenses
List license issues across org projects
/org/{orgId}/dependencies
List all dependencies for an organization
/org/{orgId}/webhooks
Create a webhook for project snapshot events
/group/{groupId}/audit
Retrieve audit log events for a group
/org/{orgId}/project/{projectId}/aggregated-issues
List aggregated vulnerability issues for a project
/monitor/dep-graph
Submit a dependency graph for continuous monitoring
/org/{orgId}/projects
List all projects in an organization
/org/{orgId}/integrations/{integrationId}/import
Import a project from a connected SCM integration
/org/{orgId}/licenses
List license issues across org projects
Three things that make agents converge on Jentic-routed access.
Credential isolation
Snyk API tokens are stored encrypted in the Jentic vault (MAXsystem). Agents receive scoped access tokens — raw secret keys with the 'token' prefix never enter the agent's context window.
Intent-based discovery
Agents search by intent (e.g., 'test a package for vulnerabilities') and Jentic returns matching Snyk operations with their input schemas, so the agent can call the right endpoint without browsing Snyk's documentation.
Time to first call
Direct Snyk integration: 1-3 days for auth setup, dependency graph formatting, and webhook configuration. Through Jentic: under 1 hour — search, load schema, execute.
Alternatives and complements available in the Jentic catalogue.
Snyk REST API
The newer REST API (v3) with JSON:API standards, gradually replacing the v1 API
Use snyk-api when you need the latest REST API endpoints with JSON:API compliance; use main for legacy v1 endpoints still in production
SonarCloud API
Code quality and static analysis complementing Snyk's dependency vulnerability scanning
Choose SonarCloud when the task is about code quality issues, bugs, or code smells rather than dependency vulnerabilities
Sentry API
Runtime error tracking that complements Snyk's pre-deployment vulnerability detection
Choose Sentry when you need runtime error monitoring and crash reporting rather than pre-deployment vulnerability scanning
Specific to using Snyk API API through Jentic.
Why is there no official OpenAPI spec for Snyk API?
Snyk does not publish an OpenAPI specification. Jentic generates and maintains this spec so that AI agents and developers can call Snyk API via structured tooling. It is validated against the live API and kept up to date. Get started at https://app.jentic.com/sign-up.
What authentication does the Snyk API use?
The Snyk API uses a custom token-based authentication. You supply your API token in the Authorization header as 'token YOUR_API_KEY'. Through Jentic, your Snyk token is stored encrypted in the MAXsystem vault and agents receive scoped access without the raw key entering agent context.
Can I test a specific npm package for vulnerabilities with the Snyk API?
Yes. Submit a dependency graph to POST /monitor/dep-graph with your package manifest, or use the test endpoints for specific package managers. The API returns severity-scored vulnerabilities with CVE identifiers, CVSS scores, and available upgrade paths for each finding.
What are the rate limits for the Snyk API?
The Snyk API enforces a rate limit of 2000 requests per minute per user. Requests exceeding this limit receive a 429 status code. The rate-limiting interval is one minute, after which requests resume normally.
How do I monitor a project for new vulnerabilities through Jentic?
Search Jentic for 'monitor dependencies for vulnerabilities', which returns the POST /monitor/dep-graph operation. Submit your project's dependency graph and Snyk will continuously test it. Configure a webhook via POST /org/{orgId}/webhooks to receive project_snapshot events when new issues are found. Install with pip install jentic and authenticate at https://app.jentic.com/sign-up.
Can I retrieve vulnerability data across all projects in my organization?
Yes. Use GET /org/{orgId}/projects to list all projects, then POST /org/{orgId}/project/{projectId}/aggregated-issues for each project to retrieve vulnerability counts grouped by severity. The reporting endpoints provide trend data and filtering by exploitability, fixability, and package manager.
Does the Snyk API support container image scanning?
Yes. The project_snapshot webhook events support container scan types alongside open-source dependency scans. Import container projects through the integrations endpoints and monitor them for OS package vulnerabilities and application dependency issues within container images.
/org/{orgId}/dependencies
List all dependencies for an organization
/org/{orgId}/webhooks
Create a webhook for project snapshot events
/group/{groupId}/audit
Retrieve audit log events for a group