Upgrading to the Enterprise plan
The purpose of this page is to help you if you are currently using Snyk on either the Free or Team plan and are interested in upgrading to the Enterprise plan or ready to upgrade. For information about plan options, see the Snyk Plans and pricing page.
For information about how to implement Snyk on the Enterprise plan, see:
Snyk Enterprise features include:
As you work through the rest of this page, use the following checklist to ensure you have completed the steps to upgrade to the Enterprise plan. There are links to the relevant documentation throughout the page.
- Set up your Snyk environment:
- Set your Snyk Group settings.
- Structure your account with multiple Snyk Organizations if applicable.
- Define your Snyk Project structure.
- Use the Snyk API.
- Set up SSO if applicable.
- If you are using SSO, delete social logins.
- Implement service accounts.
- Consider setting up security policies.
- Use Snyk Reports.
- Consider using GitHub Enterprise integration.
- Consider setting up Snyk Broker for on-premise or private cloud code repositories, container registries, Jira instances, and other special integrations.
A notable difference between the Free/Team plan and the Enterprise plan is having a Snyk Group and the ability to create multiple Snyk Organizations.
Confirm your Snyk Group name. It should reflect your company name. If it needs to be updated, go to Group Settings > General.
Set session expiration within the Group. This will be the default for all Snyk Organizations within the Group.
When you plan to use multiple Organizations in Snyk, decide how to structure your account before you invite members to the account or scan a large number of Snyk Projects. To make this decision, consider the following:
- Which team members can access specific Snyk Projects?
- How do you want to apply policies to Projects for prioritizing and automating tests?
- How do you want to report on Projects?
- Specifically, what level of granularity would you like to see in the reports?
To create a new Organization, open the Organization switcher in the navigation panel and select Create new Organization. See Manage Snyk organizations for more details.
You can use an existing Organization as a template.
After you configure your first Snyk Organization, you can use it as a template for creating additional Organizations. Make sure you have completed the configurations for the Organization before copying it.
Select the Organization you want to use as a template from your list of Organizations. The following settings will be copied from the selected Organization:
- Source control integrations (GitHub, GitLab, BitBucket)
- Container registry integrations (ACR, Docker Hub, ECR, GCR)
- Container orchestrator integrations (Kubernetes)
- PaaS and Serverless integrations (Heroku, AWS Lambda)
- Notification integrations (Slack, Jira)
- Policies
- Ignore settings
- Language settings
- Snyk Code settings
- Infrastructure as Code settings
The new Organization will not use the same settings from the copied Organization for the following:
- Service accounts
- Members
- Projects
- Notification preferences
Any of the Organization settings that you configured for the first Organization can then be customized for the new Organization.
When you create a new Organization, Snyk Code (SAST) scanning is disabled by default. Snyk recommends enabling Snyk Code before you import your first Projects to Snyk. If Snyk Code is enabled after a Project is imported, Snyk will not detect Snyk Code files.
- 1.Select the Settings > Snyk Code option.
- 2.Click the toggle to enable Snyk Code, then click Save changes
You may want to house different Projects in different Organizations.
You cannot move Projects between Organizations directly.
To re-house Projects, you must re-import your Projects into your new Organizations.
If you are working with a large number of Projects, you should use the API to re-import Projects. For details, see Use the Snyk API.
Access to the Snyk API allows you to scale and automate different processes, including importing Projects. You will want to use this strategy if you have a large number of Projects that need to be moved to your new Snyk Organizations.
You can use the Snyk API import tool to import Projects into Snyk at a controlled pace using available Snyk APIs.
If you plan to run SAST scans with Snyk Code, check that Snyk Code is enabled within the related Snyk Organization settings before importing Snyk Code Projects.
Users can authenticate with their Snyk accounts in several ways, such as with a GitHub or Google account. However, now that you have Enterprise access, you may want to set up Single Sign-On (SSO) via your existing identity provider to streamline sign-ins and provisioning of new users.
If you are using SSO, after you set it up, you must remove any duplicate users from social login accounts. These are users who have logged in with other methods than SSO.
See Setting up Single Sign-On (SSO) for authentication for more details on steps for using your identity provider to authenticate and provision Snyk to your teams.
- If you use CI/CD, either by using a CI/CD integration or the Snyk CLI, Snyk recommends that you use a service account.
- If you use an IDE plugin or the CLI to test in your local environment, Snyk recommends that you use personal access tokens.
Security policies allow you to customize the prioritization of speciFor more details, see issues from the default and create rules. This is particularly helpful for changing the severities of issues that are not relevant to a specific Project or environment.
Snyk Reports offer data and analytics across all of your Projects, displaying historical and aggregated data about Projects, issues, dependencies, and licenses.
If you use GitHub as your SCM with the Snyk Enterprise plan, you now have access to GitHub Enterprise integration. The GitHub Enterprise integration allows the use of a single personal access token across a Snyk Organization rather than a personal access token tied to an individual user account. Because of this, Snyk recommends switching from GitHub integration to GitHub Enterprise integration.
You do not need a GitHub Enterprise license or subscription to use the GitHub Enterprise integration within Snyk.
See Using Github or Github Enterprise integration for steps in migrating from Github to Github Enterprise integration.
If you have on-premise repositories, you can scan them with Snyk using Snyk Broker. Consider setting up Snyk Broker for on-premise or private cloud code repositories, container registries, and on-premises Jira, JFrog Artifactory, and Nexus instances.
Using Snyk Broker you. can scan Snyk Projects in:
- An SCM that is not internet reachable
- A publicly-accessible SCM, allowing you to view and control Snyk activity for increased data security