Annotated import is deprecated and no longer maintained.
After a Snyk administrator has installed the Snyk Controller on your Kubernetes cluster, you can add workloads for scanning. Kubernetes collaborators can mark workloads from the cluster to be automatically added to Snyk.
Automatically add, update, and remove workloads
After you have configured the integration between Snyk and your cluster, you can annotate your workloads in order to have them automatically added to Snyk as Projects to scan.
The annotated import occurs when the image itself changes (the workload is rescanned due to image change) or when the workload details change (which creates a new revision of the workload). Changing the annotation for the workload does not cause a workload change.
If the workload is only annotated after it has been scanned with
snyk monitor, the annotation is not recognized until a significant change takes place that causes a full rescan. One way to force a rescan is to terminate the
snyk monitor pod.
You can annotate any of the following workload types:
To do this:
In Snyk, navigate to the relevant Group and Organization that you want to manage.
Navigate to Settings > General.
Copy the Organization ID.
Add an annotation to the workload with the key
orgs.k8s.snyk.io/v1, and add the Organization ID as the value in a comma-separated list.
You can also annotate a single workload to be added to multiple Organizations. To do this:
The Snyk Controller automatically picks up on the changes to your workload and ensures that the workload is automatically imported to Snyk as a Snyk Project.
Deployment YAML file annotated to be automatically imported into an Organization:
To annotate for multiple Organizations, use a comma-separated list.
After it was imported, the Project remains in your Snyk Organization even if you remove the annotation. To remove the Project from Snyk, you must delete the annotation and delete the Project from the Snyk UI or with the API.