Data Considerations for Snyk AppRisk

Repository Assets

Snyk AppRisk generates asset data from existing Snyk targets and projects. Repository assets can be generated from SCM and CLI targets from Snyk, depending on the Snyk product:

Snyk ProductGit integration (SCM)Snyk CLI

Open Source


Monitor - only if .git folder is detectable


dockerfiles only

Monitor - for dockerfiles and only if .git folder is detectable

Infrastructure as Code


Report - for IaC and only if .git folder is detectable.



Not supported

Packages (first party)

Snyk AppRisk generates first party packages from Snyk Open Source data, and represents them on asset inventory pages. Currently, Snyk AppRisk does not support dependencies (third party packages).

Data Freshness

Snyk handles data synchronization as follows:



Policies are generally executed within one hour of policy creation. You can use the Run button to manually run a policy.

Run policies in the policy editor.

SCM Integrations

Snyk endeavors to refresh data from SCM integrations at least once within a 24 hour period.

Integrations can be refreshed manually using the Integrations page.

Snyk Products

Data from the Snyk organizations in the associated Snyk Group for a Snyk AppRisk tenant are synced, generally at least once within a 24 hour period.


Last updated

More information

Snyk privacy policy

© 2023 Snyk Limited | All product and company names and logos are trademarks of their respective owners.