Scopes to request

Scopes define the permissions your Snyk App has to perform actions in a user’s account. When a user authorizes your Snyk App to access their Snyk account, they see the list of scopes the App is requesting and then decide whether or not they approve the connection.

When deciding which scopes your Snyk App will request, consider the actions your App will be performing. It may seem better to request every available scope, but users may refuse to install an App that asks for more permissions than needed. Also, a user installing your App will not be able to complete the authorization process if they do not have all the permissions matching the scopes the App is requesting.

The following lists the available scopes.

org.read is a mandatory scope and should always be included.

Scope	Description
org.read	View Organization information and settings
org.edit	Edit Organization information and settings
org.report.read	View reports in your Organization
org.project.create	Add new Projects
org.project.read	View Project information and settings and view Organization targets
org.project.edit	Edit Project information
org.project.delete	Permanently remove Projects and permanently remove Organization targets
org.project.status	Activate and deactivate Projects
org.project.test	Test Projects
org.project.ignore.create	Create new Project ignores
org.project.ignore.read	View Project ignore information
org.project.ignore.edit	Configure Project ignores
org.project.ignore.delete	Permanently remove Project ignores
org.project.tag.edit	Create, apply and remove Project tags
org.project.pr.create	Create fix pull requests for Projects
org.project.pr.skip	Skip failed security tests on pull requests by marking checks as successful
org.project.jira.issue.read	View Jira issue information
org.project.jira.issue.create	Create new Jira issues
org.package.test	Test packages in ecosystems supported by Snyk

Scope

Description

org.read

View Organization information and settings

org.edit

Edit Organization information and settings

org.report.read

View reports in your Organization

org.project.create

Add new Projects

org.project.read

View Project information and settings and view Organization targets

org.project.edit

Edit Project information

org.project.delete

Permanently remove Projects and permanently remove Organization targets

org.project.status

Activate and deactivate Projects

org.project.test

Test Projects

org.project.ignore.create

Create new Project ignores

org.project.ignore.read

View Project ignore information

org.project.ignore.edit

Configure Project ignores

org.project.ignore.delete

Permanently remove Project ignores

org.project.tag.edit

Create, apply and remove Project tags

org.project.pr.create

Create fix pull requests for Projects

org.project.pr.skip

Skip failed security tests on pull requests by marking checks as successful

org.project.jira.issue.read

View Jira issue information

org.project.jira.issue.create

Create new Jira issues

org.package.test

Test packages in ecosystems supported by Snyk

You cannot update scopes for a Snyk App after it has been created. If you change your mind about which scopes you need during the App development process, create a new Snyk App with a new list of scopes, and replace the clientId and clientSecret in the configuration of your App. If users have already installed the Snyk App, the users must authorize the new App with their Snyk account.

PreviousPrerequisites for Snyk Apps NextCreate a Snyk App using the Snyk API

Last updated 1 month ago