Snyk for Government (US)
Snyk for Government (US) has differences from standard Snyk products that allow Snyk to be deployed to the US federal government. Adhering to FedRAMP and NIST control requirements means that some aspects of standard Snyk products are not supported in the FedRAMP environment.
This list identifies all the areas with differences in functionality in the Snyk for Government (US) product.
Core products limitations on availability
Snyk Code is available except:
Does not include Code Search
Does not include DeepCode AI Fix
Snyk Open Source is available except:
Does not include Unmanaged C++
Does not include the npm packages
@snyk/protect
and@snyk/fix.
Snyk AppRisk is not available.
API keys not available
API keys are not available.
In addition, the CLI must be used in OAuth mode, not with token-driven authentication.
Single Sign-On limitations on availability
The service provider is Okta rather than Auth0.
The ACS URL and Entity ID and certificate will be different per connection and thus will not match the Snyk Single Sign-On documentation.
To get the ACS Url, Entity ID, and cert, Snyk will need to part-provision the connection in Okta.
Integrations not available
Reporting and data not available
Platform features not available
Social logins: Google, GitHub, and so on as identity provider
Outbound webhooks
Session Concurrency is limited to three (3) sessions per user.
Session lockout: After sessions expire, the signed-in user loses access to all data present in existing session windows.
Last updated