Implementing Snyk: Enterprise plan users

See Implementing Snyk: Free and Team plan users for details of using Snyk with those pricing plans.
There are a few key considerations and tasks to get started using Snyk, including:

Make implementation decisions

Get off to the right start with a few planning steps before inviting your teams and scanning your projects. There are a few decisions to make to get started:

Where to implement Snyk

As you prepare for your teams to start adopting Snyk as part of a secure development workflow, you’ll want to decide where in your software development lifecycle you are implementing Snyk and which of the Snyk platform products you are using. You'll also want to roll Snyk out in phases based on where you are with developer security (awareness, visibility, preventing issues, fixing the backlog, optimizing).
More information:

How to structure your account

There are different ways to arrange the organizations in your account. Before inviting members to your account or scanning for issues, plan which organizations you'll need based on how you want to allow permissions and access to projects. The way you set policies are the next order of consideration. And how you want to report on projects are the third consideration.
More information:

How to access Snyk

There are a few different ways that users can authenticate into their Snyk accounts, such as with a GitHub or Google account. You may want to set up single sign-on (SSO) via your existing identity provider to streamline sign-ins and new user provisioning.
If using SSO, after you set it up, you'll need to remove any social login accounts from Snyk.
More information:

Plan for importing projects

There are different ways to add projects in Snyk, including via an integration, the CLI, or Snyk API. However, before importing projects, make sure your organizations in Snyk are configured appropriately.
More information:

Set up your first organization

For a small team, you may only need one organization. For bigger teams, you'll identify more organizations, which are aligned to your needs, in the earlier decisions. When planning multiple organizations, you'll want to complete all of the configurations for the first organization, so that you can use those settings as a template for creating any other organizations via the Snyk Web UI or via an API.

Configure Git repository integrations

Snyk includes a number of automations for Snyk Open Source when integrated with a source code manager (SCM) on a Git repository. These automations are a great way to mature your developer security program. However, the automations can introduce frustration for developers if introduced too early in your journey. Make sure your settings align with your phase of adoption.
More information:
If you are using an on-premise source code manager, learn more about Snyk Broker:

Define default license policy

Snyk can identify license compliance issues in your Open Source packages. The Default License Policy indicates the severity associated with the use of different licenses, along with an option to provide license instructions if Snyk finds these licenses in your projects.
More information:

Configure notifications

Snyk sends teams different types of alerts based on settings defined for the group and for the organization. It's highly recommended to define the default settings for the group and the first organization with most notifications disabled by default before you create additional organizations and import projects. Individual users can set up their own notification preferences to receive alerts for specific projects.
More information:

Set ignore permissions

Before inviting additional team members to Snyk, determine who can ignore the vulnerabilities and license issues that Snyk identifies.
More information:

Define language settings

Based on the nuances of the tech stack you are using, you'll want to also set your language preferences.
More information:

Integrate private registries

If you are using private registries, you'll want to set up those integrations.
More information:

Set up Jira integration

To allow Snyk users to create a Jira issue for vulnerabilities and license issues that Snyk identifies, you'll want to integrate Snyk with your Jira instance.
More information:

Create additional organizations

Once the first organization has the desired configurations, you can copy it to create additional organizations. Other organizations can have different settings for the following as needed: source control manager integrations, license policy, notification settings, ignore permissions, language settings, and Jira integration.
More information:

Roll out Snyk to developers

Prepare teams for using Snyk

Our Developer Launch Package provides a number of resources to help you prepare for launching Snyk to a wider audience.

Invite members

Once your organization(s) are configured, you're ready to invite other users to Snyk.
More information:

Find, prioritize, and fix issues

Use Snyk in an IDE

Empower developers to find and fix issues early in the development process by adding the Snyk plugin to their integrated development environment.
More information:

Use Snyk in the CLI

The Snyk CLI provides a way to find security and license issues locally or in your CI/CD pipeline.
More information:

Use Snyk in the Web UI

The Snyk Web UI scans different types of projects (depending on which product you have purchased), displays and scores the scan results, allows you to prioritize the results, and offers different types of fix advice or options (depending on several factors).
More information:
© 2022 Snyk Limited