# Snyk Essentials Snyk Essentials helps AppSec teams better operationalize and scale the use of Snyk with broad application visibility and security coverage management. ## Overview Snyk Essentials enables: * Automated app asset discovery: Continually discover application assets and classify them by business context, ensuring security is in sync with development. * Tailored security controls: Define and manage appropriate security and compliance requirements, and verify that the correct controls are in place. * Risk-based prioritization: Assess risk for each app based on application context and best-in-class security analysis and fix guidance to focus developer remediation efforts on issues that matter most to the business. The following video shows the capabilities of Snyk Essentials. {% embed url="" %} Snyk Essentials core capabilities overview {% endembed %} ## Features Snyk Essentials includes the following features: * [Integrations](https://docs.snyk.io/developer-tools/scm-integrations/group-level-integrations) to support ingesting data from SCM tools for asset discovery, Snyk Application Security Testing products for security controls coverage, and ticketing or notification tools for policy actions. Use the Integration page to add and set up new integrations. * [Policies](https://docs.snyk.io/manage-risk/policies/assets-policies) to classify and tag assets with business context and configure actions using a Policy Builder UI. * [Inventory](https://docs.snyk.io/manage-assets/manage-assets) layouts for managing assets and viewing Snyk coverage. * A dashboard to view, add, and customize widgets. ## Prerequisites * You are a Snyk Enterprise customer. * You have the necessary permissions to onboard cloud-based SCM tools (Azure DevOps, GitHub, GitLab, and so on) to Snyk Essentials for repository asset discovery. {% hint style="info" %} When you integrate a Git code repository with Snyk Essentials, you should use a secondary token with a broad, complete view of the code repository, not only of what you imported into Snyk. Use a secondary token to countercheck everything onboarded using Snyk. Using the secondary token reduces the likelihood of introducing a blind spot from a limited token at the Organization level configuration. The first import synchronization can take up to 24 hours to complete. {% endhint %} ## Permissions Snyk Essentials is included in the Snyk Enterprise plan. For more information on default user roles and permissions, see [Default user roles](https://docs.snyk.io/snyk-platform-administration/user-roles/pre-defined-roles). ## Login and authentication Log in and authenticate to Snyk using existing mechanisms (SSO, Google SAML, and so on). ## Key concepts ### Asset A Snyk Essentials asset is an identifiable entity that is part of an application, and relevant for security and developers. Snyk is generally focused on the development stages of application software, secures repository assets containing software package assets, and builds artifacts like container image assets. ### Controls The security controls associated with the asset. Navigate to the [Coverage controls](https://docs.snyk.io/manage-risk/policies/assets-policies/use-cases-for-policies/coverage-control-policy) section to see all available statuses for security controls. ### Coverage An assessment of whether applicable assets are scanned and tested by security tools (for example, Snyk Open Source), as it relates to an application security program. It represents a type of policy that allows you to specify what controls should be applied and, optionally, how often it needs to be run. ### Tags A way to categorize assets. Helps you recognize or handle assets differently according to mutual properties. Assets can be filtered by their tags in the inventory or when creating policy rules. A tag can be automatically assigned to an asset, or the asset can be tagged by a policy you created. GitHub and GitLab topics are treated as asset tags, and you can use them to create policies. ### Class A way to assign business context to assets and categorize an asset based on the business criticality. Assets can be assigned Classes A, B, C, or D, where Class A (assets that are business critical, deal with sensitive data, subject to compliance, and so on) is the most important and Class D (test apps, sandbox environments, and so on) the least important. Assets are assigned Class C by default. A class can be used in policies as well as defined in a policy. ### Policy A way to automate actions in certain conditions, like classifying and tagging assets with business context. You can also use a policy to configure actions like sending a message or setting the coverage gap control using a Policy builder UI. ## Scanning methods You can initiate a scan from the Web UI, the CLI, the API, or with PR Checks. See [Start scanning](https://docs.snyk.io/scan-with-snyk/start-scanning) for more details. If you initiate your scans using the CLI, you can encounter one of the following situations: * If you have a `.git` folder available in the directory that the CLI is scanning, then the `git remoteurl` is picked up automatically for Snyk Open Source, Snyk Code, Snyk Container, and Snyk IaC. * If you do not have a `.git` folder available in the directory that the CLI is scanning, you can use different `test` or `monitor` commands to achieve the same result: * [`snyk monitor`](https://docs.snyk.io/developer-tools/snyk-cli/commands/monitor#remote-repo-url-less-than-url-greater-than) - for Snyk Open Source with the `--remote-repo-url` command * [`snyk iac test`](https://docs.snyk.io/developer-tools/snyk-cli/commands/iac-test#remote-repo-url-less-than-url-greater-than) - also requires the `--report` and `--remote-repo-url` command * `snyk container monitor` - no options available * [`snyk code test`](https://docs.snyk.io/developer-tools/snyk-cli/commands/code-test#remote-repo-url-less-than-url-greater-than) - requires the `--report` and `--remote-repo-url` command --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.snyk.io/scan-with-snyk/snyk-essentials.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.