Skip to content

[snyk] Fix work list and cursor handling#18546

Merged
chrisberkhout merged 4 commits intoelastic:mainfrom
chrisberkhout:snyk-cursors
Apr 22, 2026
Merged

[snyk] Fix work list and cursor handling#18546
chrisberkhout merged 4 commits intoelastic:mainfrom
chrisberkhout:snyk-cursors

Conversation

@chrisberkhout
Copy link
Copy Markdown
Contributor

@chrisberkhout chrisberkhout commented Apr 21, 2026
edited
Loading

Proposed commit message

[snyk] Fix work list and cursor handling

Fixes two issues:

- Processing would stop when a work list was present but empty. Fixed by
  checking for a non-empty list rather than just any list.
- Cursor data for groups was persisted in id-keyed format, but not read
  back in that case. Fixed by reading that format for both groups and
  orgs.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Screenshots

@chrisberkhout
Treat an empty work list the same as no work list.
44a1f24
@chrisberkhout
Fix Snyk group audit cursor recovery
5b3a7ce 
Audit log cursor state is written as a map keyed by the configured audit
ID for both organization and group endpoints. The recovery path only
read that keyed cursor format for organization endpoints, so group audit
logs fell back to a fresh collection without last_created on each
interval.

Allow keyed cursor recovery for both organization and group audit log
endpoints while keeping the organization-only ALL discovery branch
unchanged.
@chrisberkhout chrisberkhout self-assigned this Apr 21, 2026
@chrisberkhout chrisberkhout requested a review from a team as a code owner April 21, 2026 15:11
@chrisberkhout chrisberkhout added Integration:snyk Snyk bugfix Pull request that fixes a bug issue Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations] labels Apr 21, 2026
@elasticmachine
Copy link
Copy Markdown

elasticmachine commented Apr 21, 2026

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

@chrisberkhout chrisberkhout requested a review from efd6 April 21, 2026 15:12
macroscopeapp[bot]
macroscopeapp Bot reviewed Apr 21, 2026
View reviewed changes
Comment thread packages/snyk/changelog.yml Outdated
@chrisberkhout @macroscopeapp
Update packages/snyk/changelog.yml
d1e6e00 
Co-authored-by: macroscopeapp[bot] <170038800+macroscopeapp[bot]@users.noreply.github.com>
@elastic-vault-github-plugin-prod
Copy link
Copy Markdown

elastic-vault-github-plugin-prod Bot commented Apr 21, 2026

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@elasticmachine
Copy link
Copy Markdown

elasticmachine commented Apr 21, 2026

💚 Build Succeeded

cc @chrisberkhout

@chrisberkhout chrisberkhout merged commit 39c752c into elastic:main Apr 22, 2026
9 checks passed
@elastic-vault-github-plugin-prod
Copy link
Copy Markdown

elastic-vault-github-plugin-prod Bot commented Apr 22, 2026

Package snyk - 3.4.2 containing this change is available at https://epr.elastic.co/package/snyk/3.4.2/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@macroscopeapp macroscopeapp[bot] macroscopeapp[bot] left review comments

@efd6 efd6 efd6 approved these changes

Assignees

@chrisberkhout chrisberkhout

Labels

bugfix Pull request that fixes a bug issue Integration:snyk Snyk Team:Security-Service Integrations Security Service Integrations team [elastic/security-service-integrations]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@chrisberkhout @elasticmachine @efd6