View your first Snyk Projects
Recap You have signed up with a Snyk account, and you have imported files into Snyk as Snyk Projects for scanning. If not, then please see the Getting Started page for details

We can now see your scan results.
Reminder: where am I? ****In the Snyk Web UI, you see information specific for your Organization (such as your team), which is under a Group (such as your company). This allows your company to organize and collect data for the work your teams are doing. See Groups, Organizations and Users.
Open the Snyk Web UI, navigate to your Projects page, and see your imported repositories (or targets if importing non-code information). For example:
For each entry, the left icon shows the number of Snyk Projects in each entry, plus the Git-based repository the projects are imported from. For example
.

When setting up your GitHub integration, you can choose whether Snyk can access public and private repositories, or public repositories only:
When you then import a Project, private repositories are identified with a “lock” symbol (
) in the imported scan details:
For customers on free plans, private repository scans count towards your test count limit.
Typically, team leads do the original integration setup and Project import, rather than individual developers. See Introduction to Snyk Projects.

When you open an entry, you see the different Snyk Projects scanned in that entry.
Reminder: what is a Project? ****A Snyk Project is an item scanned by Snyk; for example, a manifest file listing all your open source libraries as dependencies. See Introduction to Snyk Projects.
For example:

When we import Snyk Projects for the first time, there’s a lot of information - don’t worry!
When you write your application, you may write your own code, import Open Source libraries with dependencies, and build all of that all into a container for deployment.
Snyk scans different parts of this lifecycle, with different icons and entries showing the results for each of these parts of your work, including:
Example
Description
Your own code analysis results, scanned by Snyk Code.
Your open source libraries, scanned by Snyk Open Source, displaying each detected manifest, such as pom.xml, package.json, and other manifests for these libraries.
Container results, scanned by Snyk Container, for items built into a container, such as a Docker file.
Kubernetes deployment files, terraform and other IaC files, scanned by Snyk Infrastructure as Code (IaC).
Other files and types can be displayed; see View project information for more details.

Snyk treats each item in this list as a separate Project.
This allows you to control settings for that Project, by clicking on the cog icon (
) to define how that Project is scanned:
For example, you can use Project settings to change scan frequency, setting how often scans are run by default. See View Project Settings for more information.

Let’s go back to the results for your scan:
The scan shows you all vulnerabilities in all aspects of an application. Of course, it's unlikely that you are responsible for every entry in this list, but it's important to be aware of the full picture.
So if your Snyk Open Source scan shows no vulnerabilities in your open source libraries - great
🎉
! But there may still be a lot of issues identified by, say, Snyk Container about your container. And even if the developers did not create or manage these issues, you should still know about them.

Training:

Now you understand what results you're seeing, you need to understand the vulnerabilities themselves.
Export as PDF
Copy link
Edit on GitHub
On this page
See what Snyk scanned
View lists of projects
Understand Project information
Viewing Project settings
Scan results
What's next?