Implementing Snyk: Business and Enterprise plan users
See Implementing Snyk: Free and Team plan users for details of using Snyk with those pricing plans.
There are a few key considerations and tasks to get started using Snyk, including:

Get off to the right start with a few planning steps before inviting your teams and scanning your projects. There are a few decisions to make to get started:

As you prepare for your teams to start adopting Snyk as part of a secure development workflow, you’ll want to decide where in your software development lifecycle you are implementing Snyk and which of the Snyk platform products you are using. You'll also want to roll Snyk out in phases based on where you are with developer security (awareness, visibility, preventing issues, fixing the backlog, optimizing).
More information:

There are different ways to arrange the organizations in your account. Before inviting members to your account or scanning for issues, plan which organizations you'll need based on how you want to allow permissions and access to projects. The way you set policies are the next order of consideration. And how you want to report on projects are the third consideration.
More information:

There are a few different ways that users can authenticate into their Snyk accounts, such as with a GitHub or Google account. You may want to set up single sign-on (SSO) via your existing identity provider to streamline sign-ins and new user provisioning.
If using SSO, after you set it up, you'll need to remove any social login accounts from Snyk.
More information:

There are different ways to add projects in Snyk, including via an integration, the CLI, or Snyk API. However, before importing projects, make sure your organizations in Snyk are configured appropriately.
More information:

For a small team, you may only need one organization. For bigger teams, you'll identify more organizations, which are aligned to your needs, in the earlier decisions. When planning multiple organizations, you'll want to complete all of the configurations for the first organization, so that you can use those settings as a template for creating any other organizations via the Snyk Web UI or via an API.

Snyk includes a number of automations for Snyk Open Source when integrated with a source code manager (SCM) on a Git repository. These automations are a great way to mature your developer security program. However, the automations can introduce frustration for developers if introduced too early in your journey. Make sure your settings align with your phase of adoption.
More information:
If you are using an on-premise source code manager, learn more about Snyk Broker:

Snyk can identify license compliance issues in your Open Source packages. The Default License Policy indicates the severity associated with the use of different licenses, along with an option to provide license instructions if Snyk finds these licenses in your projects.
More information:

Snyk sends teams different types of alerts based on settings defined for the group and for the organization. It's highly recommended to define the default settings for the group and the first organization with most notifications disabled by default before you create additional organizations and import projects. Individual users can set up their own notification preferences to receive alerts for specific projects.
More information:

Before inviting additional team members to Snyk, determine who can ignore the vulnerabilities and license issues that Snyk identifies.
More information:

Based on the nuances of the tech stack you are using, you'll want to also set your language preferences.
More information:

If you are using private registries, you'll want to set up those integrations.
More information:

To allow Snyk users to create a Jira issue for vulnerabilities and license issues that Snyk identifies, you'll want to integrate Snyk with your Jira instance.
More information:

Once the first organization has the desired configurations, you can copy it to create additional organizations. Other organizations can have different settings for the following as needed: source control manager integrations, license policy, notification settings, ignore permissions, language settings, and Jira integration.
More information:

Our Developer Launch Package provides a number of resources to help you prepare for launching Snyk to a wider audience.

Once your organization(s) are configured, you're ready to invite other users to Snyk.
More information:

Empower developers to find and fix issues early in the development process by adding the Snyk plugin to their integrated development environment.
More information:

The Snyk CLI provides a way to find security and license issues locally or in your CI/CD pipeline.
More information:

The Snyk Web UI scans different types of projects (depending on which product you have purchased), displays and scores the scan results, allows you to prioritize the results, and offers different types of fix advice or options (depending on several factors).
More information:
Export as PDF
Copy link
Edit on GitHub
On this page
Make implementation decisions
Set up your first organization
Create additional organizations
Roll out Snyk to developers
Find, prioritize, and fix issues