Implementing Snyk in your teams
For security and DevOps professionals preparing to roll Snyk out to your development teams, here are some key considerations and tasks:
Make implementation decisions
Where to implement Snyk
As you prepare for your teams to start adopting Snyk as part of a secure development workflow, you’ll want to decide where in your software development lifecycle you are implementing Snyk and which of the Snyk platform products you are using.
More information:
How to structure your account
There are different ways to structure your account to align to the organization of your teams and desired project access. The highest level of the hierarchy within Snyk is a Group. Organizations, the next level of the hierarchy, manage access to projects. Projects are the hierarchy levels where Snyk scans for issues.
More information:
How to access Snyk
There are a few different ways that users can authenticate into their Snyk accounts, including setting up single sign-on via your existing identity provider.
More information:
Plan for importing projects
Before importing projects, make sure your organizations in Snyk are configured appropriately. There are different ways to add projects in Snyk, including via an integration, the CLI or Snyk API.
More information:
Set up your first organization
Plan for Snyk notifications
Snyk sends teams different types of alerts based on settings defined for the group and for the organization. It's highly recommended to define the default settings for the group and the first organization with most notifications disabled by default before you create additional organizations and import projects. Individual users can set up their own notification preferences to receive alerts for specific projects.
More information:
Set source code manager (SCM) configurations
Snyk includes a number of automations for Snyk Open Source when integrated with a source code manager. These automations are a great way to mature your developer security maturity. However, they can introduce frustration for developers if introduced too early in your journey. Make sure your settings align with your phase of adoption.
More information:
After the first organization is configured, you can copy the settings when creating new organizations.
Invite members and set ignore permissions
When it’s time to invite additional team members to Snyk, you will also determine how to handle ignoring issues in Snyk. It’s important to understand why you would ignore issues and who has permission to do so.
More information:
Learn to find, prioritize, and fix issues
Get familiar with the Snyk Web UI
The Snyk platform scans different types of projects (depending on which product you have purchased), displays and scores the scan results, and offers different types of fix advice or options (depending on several factors).
More information:
Get familiar with the Snyk CLI
The Snyk CLI uses the command line interface to work with Snyk in a local environment or via a CI/CD process.
More information:
Get familiar with Snyk in an IDE
IDE plugins for Snyk take advantage of the Snyk CLI to offer Snyk functionality in an individual development environment.
More information:
Last modified 22d ago
Export as PDF
Copy link
Edit on GitHub