Links

View your first Snyk Projects

Introduction: see what Snyk scanned

We can now see your scan results.
Reminder: where am I? In the Snyk Web UI, you see information specific for your Organization (such as your team), which is under a Group (such as your company). This allows your company to organize and collect data for the work your teams are doing. See Managing users & permissions.

View imports

In the Snyk Web UI, navigate to your Projects page, and see your imported repositories (or targets if importing non-code information). For example:
List of imported targets
For each entry, the left icon shows the number of Snyk Projects in each entry, plus the Git-based repository the projects are imported from. For example
.

Private / public repositories: the lock symbol

When setting up your GitHub integration, you can choose whether Snyk can access public and private repositories, or public repositories only:
Set whether Snyk can access private repos
Set whether Snyk can access private repos
When you then import a Project, private repositories are identified with a “lock” symbol (
) in the imported scan details:
Private repos with lock symbol
Private repos with lock symbol
For customers on free plans, private repository scans count towards your test count limit.
Typically, team leads do the original integration setup and Project import, rather than individual developers.

View lists of Projects

When you open an entry, you see the different Snyk Projects scanned in that entry.
Reminder: what is a Project? A Snyk Project is an item scanned by Snyk; for example, a manifest file listing all your open-source libraries as dependencies. See Snyk Projects.
For example:
List of scanned Projects
List of scanned Projects

Understand Project information

Why are there several items here? What do they mean? Which should I use?

When we import Snyk Projects for the first time, there’s a lot of information - don’t worry!
When you write your application, you may write your own code, import Open Source libraries with dependencies, and build all of that all into a container for deployment.
Snyk scans different parts of this lifecycle, with different icons and entries showing the results for each of these parts of your work, including:
Example
Description
Your own code analysis results, scanned by Snyk Code.
Your open source libraries, scanned by Snyk Open Source, displaying each detected manifest, such as pom.xml, package.json, and other manifests for these libraries.
Container results, scanned by Snyk Container, for items built into a container, such as a Docker file.
Kubernetes deployment files, terraform and other IaC files, scanned by Snyk Infrastructure as Code (IaC).
Other files and types can be displayed; see View project information for more details.

Viewing Project settings

Snyk treats each item in this list as a separate Project.
This allows you to control settings for that Project, by clicking on the cog icon (
) to define how that Project is scanned:
Click cog icon to edit settings
Click cog icon to edit Project settings
For example, you can change scan frequency, setting how often scans are run by default. See View Project Settings for more information.

Scan results

Let’s go back to the results for your scan:
Project scan results
Project scan results
The scan shows you all vulnerabilities in all aspects of an application. Of course, it's unlikely that you are responsible for every entry in this list, but it's important to be aware of the full picture.
So if your Snyk Open Source scan shows no vulnerabilities in your open source libraries - great
🎉
! But there may still be a lot of issues identified by other scans, such your container. And even if the developers in your team did not create or manage these issues, you should still know about them.

More information

Refer to the Snyk Training course, Introduction to the Snyk UI, to learn more about reviewing results from open source, code, container, and infrastructure file scans.

What's next?

Now you understand what results you're seeing, you need to understand the vulnerabilities themselves.