GitHub Read-only Projects
When you want to add new integrations to your Snyk account you need to first decide the level type at which you want to install the integration.
Group level - Add integrations to your Snyk application that will be available for your Snyk AppRisk Essentials or Snyk AppRisk Pro. If you want to set up integrations for Snyk AppRisk, use the Integrations menu at the Group level.
Organization level - Add integrations for your Snyk application that will be available for all Snyk products, except Snyk AppRisk.
Snyk offers GitHub Read-only Projects, providing the ability to monitor a public GitHub repository that is not owned by your Organization.
Organization level - Snyk integrations
How GitHub Read-only Projects work
Adding a read-only Project lets you track the vulnerabilities in a Project you are considering using as a dependency, a Project you are already using as a stand-alone independent tool within your business, or any other public repository where you do not need to actively prevent or fix issues using Snyk.
The repository is tested daily using your Organization's GitHub credentials. These automated tests are not counted as part of the test limits of your Snyk plan.
Unlike Projects imported through the Snyk GitHub integration, Projects that are imported or monitored with the read-only status cannot do the following:
Use automatic retesting when a pull request is merged.
Commit tests on any PR raised to detect and optionally block new vulnerabilities from being introduced.
Use automated fix PRs to recommend minimal changes to fix vulnerabilities.
Use automated dependency upgrade PRs to keep dependencies up to date, avoid new vulnerabilities, and simplify fixing those that are found.
Use manual Fix PRs generated through Snyk to address specific issues chosen by the user.
How to monitor a public GitHub repository
Import a read-only Project using the Add project > Monitor public GitHub repos menu in the Dashboard and Projects tabs, or by going to Monitor public GitHub repositories.
Enter a public repository to monitor, following the format
owner/repository.
When you have entered a valid repository name, click + Add repo. The repository is quickly tested for a supported manifest file.
Enter the public repositories you want to monitor and select Import N repository/ies.
Group level - Snyk AppRisk integrations
Navigate to the GitHub setup guide for Snyk AppRisk for all details on how to set up the GitHub integration for Snyk AppRisk.
Last updated