From 843629ff3d414c5f3b613f8e09c588f5c596b6b8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9CNatasha?= <“natasha.baker@snyk.io”> Date: Thu, 18 Jun 2026 11:12:14 +0100 Subject: [PATCH 01/12] docs: apply Snyk writing-style skill to Discover Snyk pages Apply the Snyk documentation writing-style rules across the discover-snyk section (95 files updated). Consistent changes: - Passive to active voice, naming the actor; present tense over future "will" - Capability phrasing ("allows/enables you to" -> "lets you"/"you can") - Word choice: via -> through/using; in order to -> to; prior to -> before; once -> after; e.g./i.e./etc. -> for example/that is/and so on; & -> and - Remove brand possessives, AI buzzwords, and filler (just, simply, easily) - Sentence-case headings; bold UI labels; Projects/Organizations/Groups casing - Fix copy-paste provider errors and obvious prose typos Frontmatter, GitBook components, HTML tables, links, and technical literals unchanged. Co-Authored-By: Claude Opus 4.8 (1M context) --- discover-snyk/getting-started/README.md | 14 +++---- discover-snyk/getting-started/glossary.md | 20 +++++----- .../configure-cloud-based-scm/README.md | 2 +- .../configure-cloud-based-scm/azure-devops.md | 4 +- .../configure-cloud-based-scm/bitbucket.md | 4 +- .../configure-cloud-based-scm/github.md | 4 +- .../configure-cloud-based-scm/gitlab.md | 8 ++-- .../import-repositories.md | 2 +- .../invite-team-members.md | 4 +- .../provision-your-account.md | 2 +- .../set-up-snyk-essentials.md | 2 +- .../assign-a-lesson-in-snyk-learn.md | 6 +-- .../during-the-pilot/fix-a-vulnerability.md | 8 ++-- .../local-scanning-with-the-ide.md | 12 +++--- .../during-the-pilot/review-reporting.md | 12 +++--- .../during-the-pilot/review-scan-coverage.md | 8 ++-- .../during-the-pilot/test-pr-checks.md | 6 +-- .../snyk-2.0-platform-improvements.md | 4 +- .../getting-started/snyk-release-process.md | 6 +-- .../enterprise-implementation-guide/README.md | 8 ++-- .../automate-prevention-measures.md | 8 ++-- .../README.md | 8 ++-- .../authentication-and-access.md | 6 +-- .../define-policies.md | 12 +++--- .../create-a-template-organization/README.md | 10 ++--- .../authentication-and-access.md | 2 +- .../connect-your-development-tools.md | 24 +++++------ .../structure-your-account.md | 2 +- .../create-your-snyk-structure.md | 2 +- .../initial-team-rollout.md | 4 +- .../manage-and-remediate-issues.md | 6 +-- .../phase-3-gain-visibility/README.md | 6 +-- .../trial-limitations.md | 6 +-- .../auto-provisioning-guide.md | 40 +++++++++---------- .../implement-snyk.md | 4 +- .../team-implementation-guide/README.md | 8 ++-- .../team-implementation-guide/invite-users.md | 4 +- .../choose-rollout-integrations.md | 14 +++---- .../create-rollout-plan.md | 10 ++--- .../determine-member-roles.md | 4 +- .../discovery.md | 8 ++-- .../name-your-organization.md | 2 +- .../plan-for-success.md | 6 +-- .../validate-your-snyk-plan.md | 4 +- .../README.md | 6 +-- .../configure-integrations.md | 4 +- .../add-project-attributes.md | 4 +- .../import-projects.md | 14 +++---- .../phase-4-create-a-fix-strategy.md | 18 ++++----- .../README.md | 8 ++-- ...d-configure-snyk-to-your-ci-cd-pipeline.md | 6 +-- .../enable-and-configure-snyk-on-prs.md | 16 ++++---- .../phase-6-triages-ignores-and-fixes.md | 4 +- .../prerequisites-project-plan-templates.md | 2 +- .../getting-started-with-the-rest-api.md | 2 +- discover-snyk/snyk-learn/README.md | 8 ++-- discover-snyk/snyk-learn/snyk-assist.md | 12 +++--- .../snyk-learn/snyk-learn-access-controls.md | 4 +- discover-snyk/snyk-learn/snyk-learn-api.md | 2 +- .../snyk-learn/snyk-learn-assignments.md | 8 ++-- .../snyk-learn-learning-programs.md | 10 ++--- .../snyk-learn/snyk-learn-reports/README.md | 4 +- .../snyk-learn-reports/assignment-reports.md | 8 ++-- .../organization-reports.md | 2 +- .../snyk-learn-reports/program-reporting.md | 6 +-- .../snyk-learn/your-learning/README.md | 4 +- .../claiming-cpe-credits-with-snyk-learn.md | 4 +- ...ccount-for-high-application-performance.md | 4 +- .../apex.md | 2 +- .../java-and-kotlin/README.md | 6 +-- .../git-repositories-with-maven-and-gradle.md | 10 ++--- .../supported-languages-list/.net/README.md | 6 +-- .../.net/snyk-cli-for-.net.md | 5 +-- .../.net/troubleshooting-snyk-for-.net.md | 8 ++-- .../supported-languages-list/bazel.md | 2 +- .../supported-languages-list/c-c++.md | 16 ++++---- .../dart-and-flutter.md | 10 ++--- .../supported-languages-list/elixir.md | 2 +- .../supported-languages-list/go.md | 8 ++-- .../snyk-cli-for-java-and-kotlin.md | 30 +++++++------- .../javascript/README.md | 24 +++++------ .../scm-integrations-for-javascript.md | 10 ++--- .../javascript/snyk-cli-for-javascript.md | 8 ++-- .../supported-languages-list/php.md | 6 +-- .../supported-languages-list/python/README.md | 6 +-- .../python/cli-support-for-uv.md | 2 +- .../python/scm-integrations-and-python.md | 12 +++--- .../python/snyk-cli-for-python.md | 4 +- .../supported-languages-list/ruby.md | 2 +- .../supported-languages-list/scala.md | 2 +- .../swift-and-objective-c.md | 8 ++-- .../supported-languages-list/typescript.md | 2 +- .../technical-specifications-and-guidance.md | 2 +- discover-snyk/whats-new.md | 2 +- discover-snyk/whats-snyk.md | 10 ++--- 95 files changed, 349 insertions(+), 352 deletions(-) diff --git a/discover-snyk/getting-started/README.md b/discover-snyk/getting-started/README.md index 215dec795d14..363cc69ef80e 100644 --- a/discover-snyk/getting-started/README.md +++ b/discover-snyk/getting-started/README.md @@ -25,17 +25,17 @@ To create a free account or sign up for a pricing plan, navigate to [snyk.io](ht If your company has an existing Snyk account and uses single sign-on (SSO), use the SSO link provided by your administrators. -If your company requires an invitation to use Snyk, when you log in for the first time, you may see a list of Organizations, which in Snyk control access to Projects. To request access to an Organization, select the name of an Organization Admin in order to request access. +If your company requires an invitation to use Snyk, when you log in for the first time, you see a list of Organizations, which in Snyk control access to Projects. To request access to an Organization, select the name of an Organization Admin. {% hint style="info" %} -If you log in with a different authentication provider from the one your company uses for the Snyk account, you create a new account. You will not be logged in to the correct Organization for your company. +If you log in with a different authentication provider from the one your company uses for the Snyk account, you create a new account. You are not logged in to the correct Organization for your company. {% endhint %} When you log in to the Snyk Web UI, Snyk shows your preferred (default) Organization. Snyk also uses the settings for your preferred Organization when you test a Project locally using the CLI. ## Set up a Snyk integration -For Snyk to know where to scan, you must provide it with access to your environment. The type of integration you need depends on what systems you use, what you want to scan, and where you want to add the integrations - [Organization](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/integrations/integrate-with-snyk) or [Group](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/integrations/integrate-with-snyk). For information about available integrators, see [Snyk SCM integrations](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/integrations/scm-integrations/organization-level-integrations) and [Integrate with Snyk](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/integrations/integrate-with-snyk). +For Snyk to know where to scan, you must provide it with access to your environment. The type of integration you need depends on what systems you use, what you want to scan, and where you want to add the integrations — [Organization](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/integrations/integrate-with-snyk) or [Group](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/integrations/integrate-with-snyk). For information about available integrators, see [Snyk SCM integrations](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/integrations/scm-integrations/organization-level-integrations) and [Integrate with Snyk](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/integrations/integrate-with-snyk). To scan your code, you must first integrate Snyk with the repository holding that code. @@ -43,7 +43,7 @@ To scan your code, you must first integrate Snyk with the repository holding tha After creating a Snyk account, you can follow the optional getting-started walkthrough prompts to provide information and help Snyk guide your experience. This includes choosing an integration method, setting access permissions, configuring automation settings, and authenticating that integration. -Alternatively, if you want to scan your code without authenticating to your source code repository, you can select the CLI integration. This allows you to run scans from your local machine and upload results to your Organization in Snyk. +Alternatively, if you want to scan your code without authenticating to your source code repository, you can select the CLI integration. This lets you run scans from your local machine and upload results to your Organization in Snyk. ### Manual process @@ -61,7 +61,7 @@ Before authenticating, be sure you have set your region properly. For details, s Your Snyk API token is a personal token available under your user profile. The Snyk API token is associated with your Snyk Account and not with a specific Organization. -Free and Team plan and trial users have access only to tokens under the user profile. Your personal tokens can be used to authenticate with the Snyk CLI running on a local or a build machine and an IDE when you are setting a token manually. Use a personal token with caution if you are authenticating for CI/CD or with the API, which is available for Enterprise plan users only. +Free and Team plan and trial users have access only to tokens under the user profile. You can use your personal tokens to authenticate with the Snyk CLI running on a local or a build machine and an IDE when you are setting a token manually. Use a personal token with caution if you are authenticating for CI/CD or with the API, which is available for Enterprise plan users only. #### Personal Access Tokens (recommended) @@ -84,7 +84,7 @@ To obtain your personal Snyk API token: 2. In your **General** settings, under API Token, select **click to show**. 3. Highlight and copy your API key. -If you want a new API token, select **Revoke & Regenerate**, but this will make the previous API token invalid. +If you want a new API token, select **Revoke & Regenerate**, but this makes the previous API token invalid. {% hint style="info" %} For information on when to use an API token and when to use a service account token, available to Enterprise plan users only, visit [Authentication for API](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/snyk-api/authentication-for-api). @@ -107,7 +107,7 @@ Importing a Project also does the following: Snyk Essentials is available only with Enterprise plans. For more information, see [plans and pricing](https://snyk.io/plans/). {% endhint %} -Snyk Essentials enables Application Security teams to implement, manage, and scale a modern, high-performing, developer security program. It covers use cases under Application Security Posture Management (ASPM). +Snyk Essentials lets Application Security teams implement, manage, and scale a modern, high-performing, developer security program. It covers use cases under Application Security Posture Management (ASPM). For more information, see [Snyk Essentials](https://app.gitbook.com/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-essentials). diff --git a/discover-snyk/getting-started/glossary.md b/discover-snyk/getting-started/glossary.md index 81cc25c9a2e6..fd28be089e35 100644 --- a/discover-snyk/getting-started/glossary.md +++ b/discover-snyk/getting-started/glossary.md @@ -4,7 +4,7 @@ ### ADE -An Agentic Development Environment (ADE), also known as an Agentic IDE, is a engineering workspace where AI agents execute defined tasks. +An Agentic Development Environment (ADE), also known as an Agentic IDE, is an engineering workspace where AI agents execute defined tasks. ### Advisor @@ -104,7 +104,7 @@ A Command directive is a type of [Directive](glossary.md#directive) that is manu ### Container -Containers allow you to package applications and their dependencies together to be deployed as a single runnable unit. A container is an abstraction provided by the operating system kernel that allows a process to be isolated from other processes running on the system. See also [Snyk Container.](glossary.md#snyk-container) +Containers let you package applications and their dependencies together to be deployed as a single runnable unit. A container is an abstraction provided by the operating system kernel that allows a process to be isolated from other processes running on the system. See also [Snyk Container.](glossary.md#snyk-container) ### Container engine @@ -128,7 +128,7 @@ The security controls associated with the asset. Navigate to the Snyk Essentials ### Coverage (Snyk Essentials) -An assessment of whether applicable assets are scanned and tested by security tools (like Snyk Open Source, for instance), as it relates to an application security program. A type of policy that allows you to specify what controls should be applied and, optionally, how often it needs to be run. +An assessment of whether applicable assets are scanned and tested by security tools (like Snyk Open Source, for instance), as it relates to an application security program. A type of policy that lets you specify what controls to apply and, optionally, how often it needs to be run. ### Coverage gap (Snyk **Essentials**) @@ -136,7 +136,7 @@ An assessment of all assets that fall "out of policy" and do not satisfy the cov ### CVE -Common Vulnerabilities and Exposures. A widely-used identifier for a well-known vulnerability. +Common Vulnerabilities and Exposures. A widely used identifier for a well-known vulnerability. ### CVSS @@ -177,7 +177,7 @@ A set of cultural philosophies, practices, and tools that combine software devel ### DevSecOps -Integrate security seamlessly and transparently into emerging agile IT and DevOps development. +Integrate security transparently into emerging agile IT and DevOps development. ### Docker @@ -209,7 +209,7 @@ A measure of how practical an exploit for a vulnerability is, based on whether t ### Fixable / Partially fixable -A measure of whether a vulnerability can be fixed by Sny by applying a patch, upgrade, or pin. See [Vulnerability fix types](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-open-source/manage-vulnerabilities/vulnerability-fix-types). +A measure of whether Snyk can fix a vulnerability by applying a patch, upgrade, or pin. See [Vulnerability fix types](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-open-source/manage-vulnerabilities/vulnerability-fix-types). ### Fix PR @@ -327,7 +327,7 @@ Natural Language Processing.The technology that enables computers to understand, ### NPX -`npx` (Node Package Execute) is a command-line tool bundled with `npm` that allows you to run `Node.js` packages without requiring installation. +`npx` (Node Package Execute) is a command-line tool bundled with `npm` that lets you run `Node.js` packages without requiring installation. ## O @@ -503,7 +503,7 @@ A platform providing Cloud Native Application Security (CNAS) solutions, allowin ### Snyk Advisor -A free web application that allows you to compare software packages across open-source ecosystems. It provides insights into the overall health of a particular package by combining community and security data into a single unified view. See [Snyk Advisor](https://snyk.io/advisor/). +A free web application that lets you compare software packages across open-source ecosystems. It provides insights into the overall health of a particular package by combining community and security data into a single unified view. See [Snyk Advisor](https://snyk.io/advisor/). ### Snyk API @@ -551,14 +551,14 @@ A library used by the Snyk CLI to scan a certain language or build system. ### Snyk Studio -Snyk Studio embeds Snyk's AI security platform capabilities into any AI-native workflow. Snyk Studio is built on two core use cases: '[Secure at Inception](glossary.md#secure-at-inception),' which proactively prevents new, AI-generated vulnerabilities using configurable directives, and 'Intelligent Remediation,' which clears existing security backlogs at scale. +Snyk Studio embeds the AI security platform capabilities of Snyk into any AI-native workflow. Snyk Studio is built on two core use cases: '[Secure at Inception](glossary.md#secure-at-inception),' which proactively prevents new, AI-generated vulnerabilities using configurable directives, and 'Intelligent Remediation,' which clears existing security backlogs at scale. ### Snyk Security Intelligence A component powering the Snyk cloud-native application security platform.\ Incorporates the Snyk Intel Vulnerability DB: the Snyk database of vulnerabilities, providing detailed information and fix advice for known vulnerabilities. See [Vulnerability DB](https://snyk.io/vuln). -### Snyk web UI +### Snyk Web UI The browser-based environment that provides users access to Snyk functions. diff --git a/discover-snyk/getting-started/pilot-guide/access-and-deployment/configure-cloud-based-scm/README.md b/discover-snyk/getting-started/pilot-guide/access-and-deployment/configure-cloud-based-scm/README.md index 5f271ff87c5c..efd2f56d3f52 100644 --- a/discover-snyk/getting-started/pilot-guide/access-and-deployment/configure-cloud-based-scm/README.md +++ b/discover-snyk/getting-started/pilot-guide/access-and-deployment/configure-cloud-based-scm/README.md @@ -2,7 +2,7 @@ {% include "../../../../.gitbook/includes/pilot-guide-navigation.md" %} -### Set up SCM integrations and Snyk Essentials by following the steps for all relevant SCMs: +### Set up SCM integrations and Snyk Essentials by following the steps for all relevant SCMs * [GitHub](github.md) * [GitLab](gitlab.md) diff --git a/discover-snyk/getting-started/pilot-guide/access-and-deployment/configure-cloud-based-scm/azure-devops.md b/discover-snyk/getting-started/pilot-guide/access-and-deployment/configure-cloud-based-scm/azure-devops.md index 51afc49b1552..28e167443490 100644 --- a/discover-snyk/getting-started/pilot-guide/access-and-deployment/configure-cloud-based-scm/azure-devops.md +++ b/discover-snyk/getting-started/pilot-guide/access-and-deployment/configure-cloud-based-scm/azure-devops.md @@ -2,7 +2,7 @@ {% include "../../../../.gitbook/includes/pilot-guide-navigation.md" %} -Review the steps below to configure the Azure DevOps integration with Snyk. For more details about setting up the GitHub integration, contact your Snyk account team. +Review the following steps to configure the Azure DevOps integration with Snyk. For more details about setting up the integration, contact your Snyk account team. ## Generate an Azure DevOps PAT @@ -34,7 +34,7 @@ Configure the Group-level integration by following these steps: * If relevant, you can also include the Backstage catalog. See the [Backstage file for SCM integrations](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/integrations/scm-integrations/application-context-for-scm-integrations#backstage-file-for-scm-integrations) page for more details. {% hint style="info" %} -After the integration is configured, the Group-level integration shifts to a **Partially connected** status. During the next synchronization, it will transition to the connected state, and the Inventory view will be filled with data from the GitHub source. +After the integration is configured, the Group-level integration shifts to a **Partially connected** status. During the next synchronization, it transitions to the connected state, and the Inventory view fills with data from the Azure DevOps source. {% endhint %} ## Configure the Organization-level integration diff --git a/discover-snyk/getting-started/pilot-guide/access-and-deployment/configure-cloud-based-scm/bitbucket.md b/discover-snyk/getting-started/pilot-guide/access-and-deployment/configure-cloud-based-scm/bitbucket.md index dfa7dbdc3386..556cf21eadac 100644 --- a/discover-snyk/getting-started/pilot-guide/access-and-deployment/configure-cloud-based-scm/bitbucket.md +++ b/discover-snyk/getting-started/pilot-guide/access-and-deployment/configure-cloud-based-scm/bitbucket.md @@ -2,7 +2,7 @@ {% include "../../../../.gitbook/includes/pilot-guide-navigation.md" %} -‌Review the steps below to configure the Bitbucket integration with Snyk. For more details about setting up the GitHub integration, contact your Snyk account team.\\ +‌Review the following steps to configure the Bitbucket integration with Snyk. For more details about setting up the integration, contact your Snyk account team.\\ ## Generate a BitBucket PAT @@ -35,7 +35,7 @@ Configure the Group-level integration by following these steps: * If relevant, you can also include the Backstage catalog. See the [Backstage file for SCM integrations](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/integrations/scm-integrations/application-context-for-scm-integrations#backstage-file-for-scm-integrations) page for more details. {% hint style="info" %} -After the integration is configured, the Group-level integration shifts to a **Partially connected** status. During the next synchronization, it will transition to the connected state, and the Inventory view will be filled with data from the GitHub source. +After the integration is configured, the Group-level integration shifts to a **Partially connected** status. During the next synchronization, it transitions to the connected state, and the Inventory view fills with data from the Bitbucket source. {% endhint %} ## Configure the Organization-level integration diff --git a/discover-snyk/getting-started/pilot-guide/access-and-deployment/configure-cloud-based-scm/github.md b/discover-snyk/getting-started/pilot-guide/access-and-deployment/configure-cloud-based-scm/github.md index b605cfa3444c..99a53c9d1ab2 100644 --- a/discover-snyk/getting-started/pilot-guide/access-and-deployment/configure-cloud-based-scm/github.md +++ b/discover-snyk/getting-started/pilot-guide/access-and-deployment/configure-cloud-based-scm/github.md @@ -2,7 +2,7 @@ {% include "../../../../.gitbook/includes/pilot-guide-navigation.md" %} -‌Review the steps below to configure the GitHub integration with Snyk. For more details about setting up the GitHub integration, contact your Snyk account team. +‌Review the following steps to configure the GitHub integration with Snyk. For more details about setting up the integration, contact your Snyk account team. ## Generate a GitHub PAT @@ -32,7 +32,7 @@ Configure the Group-level integration by following these steps: * Configure the integration and populate all mandatory fields, including the PAT details. For more details, see the [Integrate GitHub using Snyk Essentials](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/integrations/scm-integrations/group-level-integrations/github-for-snyk-essentials#github-integrate-using-snyk-apprisk) page. {% hint style="info" %} -After the integration is configured, the Group-level integration shifts to a **Partially connected** status. During the next synchronization, it will transition to the connected state, and the Inventory view will be filled with data from the GitHub source. +After the integration is configured, the Group-level integration shifts to a **Partially connected** status. During the next synchronization, it transitions to the connected state, and the Inventory view fills with data from the GitHub source. {% endhint %} ## Configure the Organization-level integration diff --git a/discover-snyk/getting-started/pilot-guide/access-and-deployment/configure-cloud-based-scm/gitlab.md b/discover-snyk/getting-started/pilot-guide/access-and-deployment/configure-cloud-based-scm/gitlab.md index e60dfd6078b5..40cf976e5515 100644 --- a/discover-snyk/getting-started/pilot-guide/access-and-deployment/configure-cloud-based-scm/gitlab.md +++ b/discover-snyk/getting-started/pilot-guide/access-and-deployment/configure-cloud-based-scm/gitlab.md @@ -2,11 +2,11 @@ {% include "../../../../.gitbook/includes/pilot-guide-navigation.md" %} -Review the steps below to configure the GitLab integration with Snyk. For more details about setting up the GitHub integration, contact your Snyk account team. +Review the following steps to configure the GitLab integration with Snyk. For more details about setting up the integration, contact your Snyk account team. ## Generate a GitLab PAT -Generate a GitHub PAT with the following permissions enabled:\\ +Generate a GitLab PAT with the following permissions enabled:\\ * `api` * `read_api` @@ -26,12 +26,12 @@ Configure the Group-level integration by following these steps:
-* Search and select the GitHub integration +* Search and select the GitLab integration * Configure the integration and populate all mandatory fields, including the PAT details. For more details, see the [Integrate GitLab using Snyk Essentials](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/integrations/scm-integrations/group-level-integrations/gitlab-for-snyk-essentials#gitlab-integrate-using-snyk-apprisk) page. * If relevant, you can also include the Backstage catalog. See the [Backstage file for SCM integrations](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/integrations/scm-integrations/application-context-for-scm-integrations#backstage-file-for-scm-integrations) page for more details. {% hint style="info" %} -After the integration is configured, the Group-level integration shifts to a **Partially connected** status. During the next synchronization, it will transition to the connected state, and the Inventory view will be filled with data from the GitHub source. +After the integration is configured, the Group-level integration shifts to a **Partially connected** status. During the next synchronization, it transitions to the connected state, and the Inventory view fills with data from the GitLab source. {% endhint %} ## Configure the Organization-level integration diff --git a/discover-snyk/getting-started/pilot-guide/access-and-deployment/import-repositories.md b/discover-snyk/getting-started/pilot-guide/access-and-deployment/import-repositories.md index fb08aff4e9fa..0495358e743d 100644 --- a/discover-snyk/getting-started/pilot-guide/access-and-deployment/import-repositories.md +++ b/discover-snyk/getting-started/pilot-guide/access-and-deployment/import-repositories.md @@ -2,7 +2,7 @@ {% include "../../../.gitbook/includes/pilot-guide-navigation.md" %} -After setting up your SCM integration, you are ready to import repositories to Snyk. If you have not imported any repos yet, click on the **Import projects** button to start. +After setting up your SCM integration, you are ready to import repositories to Snyk. If you have not imported any repos yet, click **Import projects** to start. * Open the Snyk Web UI * Navigate to the Organization-level diff --git a/discover-snyk/getting-started/pilot-guide/access-and-deployment/invite-team-members.md b/discover-snyk/getting-started/pilot-guide/access-and-deployment/invite-team-members.md index 3bd005f71615..8c687f73741d 100644 --- a/discover-snyk/getting-started/pilot-guide/access-and-deployment/invite-team-members.md +++ b/discover-snyk/getting-started/pilot-guide/access-and-deployment/invite-team-members.md @@ -14,8 +14,8 @@ Invite members to the Organization you configured. Follow these steps to invite * Add the emails of all team members in the text box * Select their role from the dropdown menu. * Select **Send invite** -* New members will receive a welcome email from Snyk with a link to sign up and join your organization. +* New members receive a welcome email from Snyk with a link to sign up and join your Organization. ![](https://lh7-rt.googleusercontent.com/docsz/AD_4nXfZakhAyTXXqEigvhHYY0bH3jZ__Zx9kIbt8Dwa9erputbh1_4ZennUPqXzXFfvZBdHzlO6OOLJjUFzo35uDHUSvo5C1HV7HXK4EZ3wAT5zM6PhQWuutwH-DsDmyWVH4JlkGSj1?key=i_CNrr-DvB8PGUAzq09BT3pc) -Alternatively, SSO can be configured as self-serve in the Group settings. More details on that can be found on the [Configure Self-Serve Single Sign-On (SSO)](https://app.gitbook.com/s/IgtgtomLQ2TUgSKOMSAm/user-management/single-sign-on-sso-for-authentication-to-snyk) page. +Alternatively, you can configure SSO as self-serve in the Group settings. For more details, see [Configure Self-Serve Single Sign-On (SSO)](https://app.gitbook.com/s/IgtgtomLQ2TUgSKOMSAm/user-management/single-sign-on-sso-for-authentication-to-snyk). diff --git a/discover-snyk/getting-started/pilot-guide/access-and-deployment/provision-your-account.md b/discover-snyk/getting-started/pilot-guide/access-and-deployment/provision-your-account.md index 6fa522ce9a32..9b949d7c6ddd 100644 --- a/discover-snyk/getting-started/pilot-guide/access-and-deployment/provision-your-account.md +++ b/discover-snyk/getting-started/pilot-guide/access-and-deployment/provision-your-account.md @@ -4,4 +4,4 @@ Provide your Snyk account team with the email of the desired Snyk tenant admin. -Your account team will provision your Snyk tenant, which you will be able to access after receiving a welcome email from Snyk. More details on this process can be found in the [Auto-provisioning guide](../../../implementation-and-setup/enterprise-setup/auto-provisioning-guide.md). +Your account team provisions your Snyk tenant, which you can access after you receive a welcome email from Snyk. For more details on this process, see the [Auto-provisioning guide](../../../implementation-and-setup/enterprise-setup/auto-provisioning-guide.md). diff --git a/discover-snyk/getting-started/pilot-guide/access-and-deployment/set-up-snyk-essentials.md b/discover-snyk/getting-started/pilot-guide/access-and-deployment/set-up-snyk-essentials.md index ef85ea66b1d5..010e61e84f7d 100644 --- a/discover-snyk/getting-started/pilot-guide/access-and-deployment/set-up-snyk-essentials.md +++ b/discover-snyk/getting-started/pilot-guide/access-and-deployment/set-up-snyk-essentials.md @@ -9,6 +9,6 @@ ## Configuration steps -Verify that Snyk Essentials is configured by navigating to the Group level > Integrations. If not set up yet, follow the in-product instructions for your SCM(s). +Verify that Snyk Essentials is configured. Navigate to the Group level and select **Integrations**. If you have not set up Snyk Essentials yet, follow the in-product instructions for your SCMs.
diff --git a/discover-snyk/getting-started/pilot-guide/during-the-pilot/assign-a-lesson-in-snyk-learn.md b/discover-snyk/getting-started/pilot-guide/during-the-pilot/assign-a-lesson-in-snyk-learn.md index 1c09f8925d5a..a37372a80b26 100644 --- a/discover-snyk/getting-started/pilot-guide/during-the-pilot/assign-a-lesson-in-snyk-learn.md +++ b/discover-snyk/getting-started/pilot-guide/during-the-pilot/assign-a-lesson-in-snyk-learn.md @@ -4,15 +4,15 @@ The Snyk platform includes access to Snyk Learn, the Snyk security education platform. With resources on Snyk Learn, developers can learn how to stay secure through interactive lessons that explore vulnerabilities across various languages and ecosystems. -Throughout the platform, such as in the IDE extensions, PR checks, and Web UI, Snyk links out to relevant lessons in Snyk Learn that help the developer fix that vulnerability. These lessons can also be accessed directly at [learn.snyk.io](http://learn.snyk.io). +Throughout the platform, such as in the IDE extensions, PR checks, and Web UI, Snyk links out to relevant lessons in Snyk Learn that help the developer fix that vulnerability. You can also access these lessons directly at [learn.snyk.io](http://learn.snyk.io). Start by navigating to [Snyk Learn](http://learn.snyk.io) and browsing the set of available lessons. You can then filter by category to see lessons related to your programming language or topic of interest. -Choose a lesson that interests you and complete it. You will see progress of the lesson on the right of the page and confirmation after the lesson has been completed. +Choose a lesson that interests you and complete it. Snyk shows the progress of the lesson and confirms when you complete the lesson. -Next, review all of your completed and in-progress lessons by clicking on “Learning progress”. +Next, review all of your completed and in-progress lessons by selecting **Learning progress**. Admins in Snyk can also review progress for the entire Organization by accessing the Reports. diff --git a/discover-snyk/getting-started/pilot-guide/during-the-pilot/fix-a-vulnerability.md b/discover-snyk/getting-started/pilot-guide/during-the-pilot/fix-a-vulnerability.md index efdcccb82dc1..2ac6d2f54c1d 100644 --- a/discover-snyk/getting-started/pilot-guide/during-the-pilot/fix-a-vulnerability.md +++ b/discover-snyk/getting-started/pilot-guide/during-the-pilot/fix-a-vulnerability.md @@ -2,7 +2,7 @@ {% include "../../../.gitbook/includes/pilot-guide-navigation.md" %} -Vulnerabilities can be fixed from multiple integration points in Snyk. This guide reviews how to fix vulnerabilities in the IDE and the Web UI. +You can fix vulnerabilities from multiple integration points in Snyk. This guide reviews how to fix vulnerabilities in the IDE and the Web UI. ## Fix issues using the IDE @@ -20,11 +20,11 @@ For Snyk Code issues, you can view fix examples. If available, you can automatic With Snyk Agent Fix, click **Generate AI fix** to generate up to five example fixes you can review and apply. After you apply the fix and rescan, Snyk resolves the vulnerability. -From the Web UI, any vulnerability that can be fixed with a Snyk-generated PR has a “Fix this vulnerability” button, which can be used to initiate a fix. +From the Web UI, any vulnerability that Snyk can fix with a generated PR has a **Fix this vulnerability** button to initiate a fix. -After confirming the fix-PR, Snyk opens a PR, which can be reviewed, approved, and merged to resolve the vulnerability. +After you confirm the fix-PR, Snyk opens a PR that you can review, approve, and merge to resolve the vulnerability. -Not all languages support fix-PRs, but fix data is still available. For language-specific details and support, please review the [Supported languages, package managers, and frameworks](../../../supported-languages/supported-languages-package-managers-and-frameworks.md) page. +Not all languages support fix-PRs, but fix data is still available. For language-specific details and support, review the [Supported languages, package managers, and frameworks](../../../supported-languages/supported-languages-package-managers-and-frameworks.md) page. {% hint style="info" %} Additional Resources diff --git a/discover-snyk/getting-started/pilot-guide/during-the-pilot/local-scanning-with-the-ide.md b/discover-snyk/getting-started/pilot-guide/during-the-pilot/local-scanning-with-the-ide.md index 17e8559a834f..d4c924648e0d 100644 --- a/discover-snyk/getting-started/pilot-guide/during-the-pilot/local-scanning-with-the-ide.md +++ b/discover-snyk/getting-started/pilot-guide/during-the-pilot/local-scanning-with-the-ide.md @@ -4,7 +4,7 @@ ## Configure the Snyk IDE -To start scanning code in the IDE, navigate to your IDE plugin or extension marketplace and search for Snyk. This guide focuses on VS Code, but the [other supported IDEs](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/integrations/snyk-ide-plugins-and-extensions) follow a very similar setup flow. +To start scanning code in the IDE, navigate to your IDE plugin or extension marketplace and search for Snyk. This guide focuses on VS Code, but the [other supported IDEs](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/integrations/snyk-ide-plugins-and-extensions) follow a similar setup flow. * Open VS Code, Extensions and search for Snyk. * Install the Snyk extension. @@ -15,7 +15,7 @@ To start scanning code in the IDE, navigate to your IDE plugin or extension mark
-* After being redirected to Snyk, you can click **Grant app access**. This authenticates your Snyk IDE extension. +* After Snyk redirects you, click **Grant app access**. This authenticates your Snyk IDE extension.
@@ -31,13 +31,13 @@ You can see the results are broken out by scan type. All the Open Source issues ### Filter issues -Issues can be filtered in a number of ways to tune what gets presented to you while coding. Two of the most common settings to adjust are ‌**Severity** and **Total vs. new**. +You can filter issues in a number of ways to tune what Snyk presents to you while coding. Two of the most common settings to adjust are ‌**Severity** and **Total vs. new**. To adjust which severity is shown, navigate to the **Severity** section in the extension settings.
-You can also change from looking at the total set of issues in the codebase to just new issues. This method scans the main branch and the version that the developer is working on, then reports only the new vulnerabilities. This mode can be easily toggled at the top of the extension menu. +You can also change from looking at the total set of issues in the codebase to new issues only. This method scans the main branch and the version that the developer is working on, then reports only the new vulnerabilities. You can toggle this mode at the top of the extension menu.
@@ -45,11 +45,11 @@ This option helps developers avoid introducing new vulnerabilities without getti ### Check the vulnerabilities -The results for each scan type and vulnerability type vary, but expect to see inline feedback as well as a more detailed window that can be accessed by clicking on the vulnerability. +The results for each scan type and vulnerability type vary, but expect to see inline feedback as well as a more detailed window that you can open by clicking the vulnerability.
-For Snyk Code issues, you can see the Fix Analysis, Data Flow, and an Issue Overview. You can also click “Learn about this issue type” which brings you to a more detailed lesson in Snyk’s developer education platform, [Snyk Learn](https://learn.snyk.io/). +For Snyk Code issues, you can see the Fix Analysis, Data Flow, and an Issue Overview. You can also click **Learn about this issue type**, which brings you to a more detailed lesson in the Snyk developer education platform, [Snyk Learn](https://learn.snyk.io/).
diff --git a/discover-snyk/getting-started/pilot-guide/during-the-pilot/review-reporting.md b/discover-snyk/getting-started/pilot-guide/during-the-pilot/review-reporting.md index 3b80c3098aac..6bd1580ec482 100644 --- a/discover-snyk/getting-started/pilot-guide/during-the-pilot/review-reporting.md +++ b/discover-snyk/getting-started/pilot-guide/during-the-pilot/review-reporting.md @@ -8,25 +8,25 @@ The Snyk platform has a variety of [available reports](https://app.gitbook.com/s ## Issues Detail -The Issues Detail report displays all known issues in all of your Projects that Snyk is monitoring. It is a great place to review and prioritize issues across all of your repositories. +The Issues Detail report displays all known issues in all of your Projects that Snyk is monitoring. Use it to review and prioritize issues across all of your repositories. -Applying filters such as fixability, exploit maturity, asset class, and severity are a great way to focus on the most important issues that affect your Organization. +Apply filters such as fixability, exploit maturity, asset class, and severity to focus on the most important issues that affect your Organization. ## SLA Management -The SLA Management report allows you to stay on top of any SLAs your company is required to adhere to. The SLA time can be adjusted for each severity and then saved as a new view to monitor in the future. +The SLA Management report lets you stay on top of any SLAs your company must adhere to. You can adjust the SLA time for each severity and then save it as a new view to monitor in the future. ## Analytics [Analytics](https://app.gitbook.com/s/BJO0IZx7zB6bOkotxQP2/prevent/analytics) can be accessed at the Group or Organization level. This view breaks down the total issue count into baseline, preventable, and non-preventable issues. The most important thing to know is that: * Baseline issues are the issues identified during the first import of the repository. -* Preventable issues are known issues that could have been identified earlier on in the SDLC. In other words, the issue could have been caught by a Snyk PR check. -* Non-preventable issues are the result of an external factor, such as a new vulnerability being published or a new security rule being created, in contrast to developers not shifting left. for example, a new zero-day vulnerability is identified. +* Preventable issues are known issues that Snyk could have identified earlier in the SDLC. That is, a Snyk PR check could have caught the issue. +* Non-preventable issues are the result of an external factor, such as a new vulnerability being published or a new security rule being created, in contrast to developers not shifting left. For example, Snyk identifies a new zero-day vulnerability.
-This is a small taste of what reporting has to offer. Check out more of the Snyk reports, available at both the Organization and Group levels by clicking “Change Report”:\ +This is a small taste of what reporting has to offer. To see more of the Snyk reports, available at both the Organization and Group levels, click **Change Report**:\ ![](https://lh7-rt.googleusercontent.com/docsz/AD_4nXfS5UzFsGMM5_N5fK6iFLN16rFFfSmj3W9BXkmDnZOvvOBoUjCIQD6j1afOaN9PySsB-MI4TNLtKdgFbVk1OMe5u1uCYDSKv1pjhkaUSqhGspmGqOggsPx5XCK7IZGVv7QQmN5NqQ?key=i_CNrr-DvB8PGUAzq09BT3pc) {% hint style="info" %} diff --git a/discover-snyk/getting-started/pilot-guide/during-the-pilot/review-scan-coverage.md b/discover-snyk/getting-started/pilot-guide/during-the-pilot/review-scan-coverage.md index 993ed233a5c9..8bb2688a53f5 100644 --- a/discover-snyk/getting-started/pilot-guide/during-the-pilot/review-scan-coverage.md +++ b/discover-snyk/getting-started/pilot-guide/during-the-pilot/review-scan-coverage.md @@ -18,13 +18,13 @@ The **All Assets** page shows a complete list of all repositories, including the
-Click on the 'Not tested' section of the first pie chart on the overview page, or use coverage filters on the 'All Assets' page to view all repositories that the selected Snyk product has not tested. +Click the 'Not tested' section of the first pie chart on the overview page, or use coverage filters on the 'All Assets' page to view all repositories that the selected Snyk product has not tested.
-## Classifying Assets +## Classifying assets -The Class column is available for each repository. This class is meant to reflect the business criticality of the asset from A (most critical) to D (least critical). Try setting a few of your most important repos manually to Class A. This attribute can be used in reporting to help focus on issues from your company’s most important repositories. +The Class column is available for each repository. This class reflects the business criticality of the asset from A (most critical) to D (least critical). Try setting a few of your most important repos manually to Class A. You can use this attribute in reporting to help focus on issues from your company’s most important repositories. \\ @@ -34,7 +34,7 @@ In the following example, the policy filters on all repositories where there is
-The asset class is a great way to filter on the most critical repositories in your organization, and help take a risk-based approach to prioritization by accounting for business impact. The asset class can be used when reviewing scan coverage and in all available Snyk reports. +The asset class lets you filter on the most critical repositories in your organization and helps you take a risk-based approach to prioritization by accounting for business impact. You can use the asset class when reviewing scan coverage and in all available Snyk reports. {% hint style="info" %} Additional Resources diff --git a/discover-snyk/getting-started/pilot-guide/during-the-pilot/test-pr-checks.md b/discover-snyk/getting-started/pilot-guide/during-the-pilot/test-pr-checks.md index bf3405fe880d..b7e8d1aba726 100644 --- a/discover-snyk/getting-started/pilot-guide/during-the-pilot/test-pr-checks.md +++ b/discover-snyk/getting-started/pilot-guide/during-the-pilot/test-pr-checks.md @@ -25,7 +25,7 @@ Follow these steps to enable the PR Checks feature: ## Use PR Checks -After PR Checks are enabled, you will begin to see new PRs decorated with three additional Snyk checks: +After you enable PR Checks, you see new PRs decorated with three additional Snyk checks: * code/snyk: Snyk Code vulnerabilities * license/snyk: Open Source license issues @@ -33,13 +33,13 @@ After PR Checks are enabled, you will begin to see new PRs decorated with three
-Try introducing a vulnerability in the PR so that you can walk through a scenario where a check fails. From the PR, clicking on the details of any failed check presents the list of issues that have been introduced in the PR. +Try introducing a vulnerability in the PR so that you can walk through a scenario where a check fails. From the PR, click the details of any failed check to see the list of issues introduced in the PR. Click into the full details of the issue to better understand the vulnerability and get remediation advice. In the situation where you need to force the check to pass, either to get a hotfix out or if you accept the risk, you can click **Mark as successful in SCM**. This button is only available to Org Admins. For Org Collaborators, this option is grayed out. See the [User role management](https://app.gitbook.com/s/IgtgtomLQ2TUgSKOMSAm/user-management/user-role-management) page for more details.
-With ‌inline comments enabled, you will see comments added for each Snyk Code vulnerability identified. +With ‌inline comments enabled, you see comments added for each Snyk Code vulnerability identified.
diff --git a/discover-snyk/getting-started/snyk-2.0-platform-improvements.md b/discover-snyk/getting-started/snyk-2.0-platform-improvements.md index 98445f1bc3e2..25758c622374 100644 --- a/discover-snyk/getting-started/snyk-2.0-platform-improvements.md +++ b/discover-snyk/getting-started/snyk-2.0-platform-improvements.md @@ -2,7 +2,7 @@ ## What is Snyk 2.0? -Snyk 2.0 is a series of platform improvements rolling out gradually from April 2026 throughout the year to address navigation complexity, asset visibility, and triage inefficiency. As Snyk completes each component, users will gradually see Snyk platform interface updates. During the transition period, users can toggle between the new and classic interfaces. +Snyk 2.0 is a series of platform improvements rolling out gradually from April 2026 throughout the year to address navigation complexity, asset visibility, and triage inefficiency. As Snyk completes each component, you gradually see Snyk platform interface updates. During the transition period, you can toggle between the new and classic interfaces. | Improvement | Description | Availability | | ---------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------- | @@ -10,7 +10,7 @@ Snyk 2.0 is a series of platform improvements rolling out gradually from April 2 | Dark mode | Full dark mode across the platform. | In development | | Asset management | View all repositories, containers, configurations, and AI models in a single inventory. | In development | | Issue triage |

Snyk prioritizes issues based on exploitability, reachability, and business impact.

Use bulk actions to fix similar issues across Snyk Projects.

| In development | -| Day2Operations | Snyk 2.0 rduces operational friction between finding a vulnerability and acting on it, through grouped navigation, issue deduplication, and bulk triage actions. | In development | +| Day2Operations | Snyk 2.0 reduces operational friction between finding a vulnerability and acting on it, through grouped navigation, issue deduplication, and bulk triage actions. | In development | ## What is Snyk 2.0 trying to solve? diff --git a/discover-snyk/getting-started/snyk-release-process.md b/discover-snyk/getting-started/snyk-release-process.md index 1dc2c29f9b61..45d5f352a190 100644 --- a/discover-snyk/getting-started/snyk-release-process.md +++ b/discover-snyk/getting-started/snyk-release-process.md @@ -40,7 +40,7 @@ Brownouts occur when Snyk temporarily suspends an API endpoint or a feature, mak ### Deprecated features -Deprecated features are outdated and will be removed in the future. The documentation page will announce the transition of a feature to Deprecated six months before its start date. +Deprecated features are outdated and Snyk removes them in the future. The documentation page announces the transition of a feature to Deprecated six months before its start date. * Snyk Code Quality is deprecated. * Snyk Code Local Engine is deprecated. @@ -73,9 +73,9 @@ Deprecated features are outdated and will be removed in the future. The document ### End of support features -When a feature transitions to end-of-support, both development and support work are terminated. +When a feature transitions to end-of-support, Snyk terminates both development and support work. -The documentation page will announce the transition of a feature to End of Support six months before its start date. +The documentation page announces the transition of a feature to End of Support six months before its start date. ### End of Life features diff --git a/discover-snyk/implementation-and-setup/enterprise-implementation-guide/README.md b/discover-snyk/implementation-and-setup/enterprise-implementation-guide/README.md index 9111edba7b52..20acfa3cceaf 100644 --- a/discover-snyk/implementation-and-setup/enterprise-implementation-guide/README.md +++ b/discover-snyk/implementation-and-setup/enterprise-implementation-guide/README.md @@ -1,6 +1,6 @@ # Enterprise implementation guide -Rolling out a developer security platform across a large organization requires a consistent, repeatable approach to account configuration. In this guide, you will learn how to streamline your enterprise rollout in Snyk by creating a dedicated template Organization and altering settings for each individual Organization created from that original template. +Rolling out a developer security platform across a large organization requires a consistent, repeatable approach to account configuration. This guide shows you how to streamline your enterprise rollout in Snyk by creating a dedicated template Organization and altering settings for each individual Organization created from that original template. To have a successful Snyk rollout, you need to: @@ -18,7 +18,7 @@ To have a successful Snyk rollout, you need to: 6. [Initial team rollout](initial-team-rollout.md). 7. [Automate prevention measures](automate-prevention-measures.md). -By the end of this guide, you will have successfully configured a baseline template Org, used it to easily copy your global settings and integrations to provision new Organizations, and learned how to customize individual settings in those new environments to support specific team workflows. +By the end of this guide, you will have configured a baseline template Org, used it to copy your global settings and integrations to provision new Organizations, and learned how to customize individual settings in those new environments to support specific team workflows. {% hint style="info" %} To understand how AI is used at Snyk and how this may affect your implementation decisions, visit [AI Data and Governance](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/ELvljsaLKPkSpffOkmsQ/how-snyk-incorporates-generative-ai-into-the-platform). @@ -102,13 +102,13 @@ Depending on your tech stack and workflows, you can choose from three primary im * Snyk CLI for granular control within your CI/CD pipelines * Snyk API for large-scale programmatic automation -Once you import your Projects, you can apply specific tags and attributes to easily categorize, filter, and generate targeted reports across your entire portfolio. +After you import your Projects, you can apply specific tags and attributes to categorize, filter, and generate targeted reports across your entire portfolio. To learn more, visit [Gain visibility by importing repositories](phase-3-gain-visibility/). ## Initial team rollout -Successfully rolling out Snyk to your development team requires clear communication, targeted education, and seamless workflow integration. +Successfully rolling out Snyk to your development team requires clear communication, targeted education, and smooth workflow integration. Start by using customizable templates to announce the launch, tailoring your messaging and feature rollout to match your team's comfort level with security automation. diff --git a/discover-snyk/implementation-and-setup/enterprise-implementation-guide/automate-prevention-measures.md b/discover-snyk/implementation-and-setup/enterprise-implementation-guide/automate-prevention-measures.md index dee1ebe56ff8..6da7447833db 100644 --- a/discover-snyk/implementation-and-setup/enterprise-implementation-guide/automate-prevention-measures.md +++ b/discover-snyk/implementation-and-setup/enterprise-implementation-guide/automate-prevention-measures.md @@ -1,6 +1,6 @@ # Automate prevention measures -Once you have visibility into your existing security posture, implement prevention and gating systems to stop new vulnerabilities from entering your applications. By automating these checks, you empower developers to take responsibility for the security of their specific changes without manually triaging every issue. +After you have visibility into your existing security posture, implement prevention and gating systems to stop new vulnerabilities from entering your applications. By automating these checks, you empower developers to take responsibility for the security of their specific changes without manually triaging every issue. Implementing prevention measures involves the following key stages: @@ -19,13 +19,13 @@ Implementing prevention measures involves the following key stages: You can prevent new issues using two main functions: -* **PR/MR checks**: Available for Snyk Open Source and Snyk Code. These test code changes are immediately upon submission. +* **PR/MR checks**: Available for Snyk Open Source and Snyk Code. These test code changes immediately upon submission. * **CI/CD pipelines**: Integrate Snyk into your build pipeline to gate Open Source, Code, IaC, and Container vulnerabilities. ## Establish exception processes {% hint style="success" %} -**Key decision**: Define who can override security gates. Clear authority prevents development bottlenecks during urgent releases.: +**Key decision**: Define who can override security gates. Clear authority prevents development bottlenecks during urgent releases. {% endhint %} Ensure teams understand how to address blocked PRs or failed builds: @@ -52,7 +52,7 @@ PR checks prevent issues from entering the codebase. Adding Snyk to your pipeline acts as a gatekeeper: -* **No import is required**: Unlike PR checks, pipeline tests do not require repositories to be imported via SCM integration. +* **No import is required**: Unlike PR checks, pipeline tests do not require repositories to be imported through SCM integration. * **Use CLI tools**: Use `snyk-delta` to identify only the new vulnerabilities introduced in a specific build. ## Secure custom images and IaC diff --git a/discover-snyk/implementation-and-setup/enterprise-implementation-guide/configure-group-settings-and-policies/README.md b/discover-snyk/implementation-and-setup/enterprise-implementation-guide/configure-group-settings-and-policies/README.md index 110bf08c25ee..35dbee06ee25 100644 --- a/discover-snyk/implementation-and-setup/enterprise-implementation-guide/configure-group-settings-and-policies/README.md +++ b/discover-snyk/implementation-and-setup/enterprise-implementation-guide/configure-group-settings-and-policies/README.md @@ -1,6 +1,6 @@ # Configure Group settings and policies -This page is designed to help you plan your Snyk account structure and policies at Group-level to ensure efficient asset management, precise access control, and accurate reporting. +This page helps you plan your Snyk account structure and policies at Group level to ensure efficient asset management, precise access control, and accurate reporting. ## Confirm points of contact @@ -37,7 +37,7 @@ To identify priority applications, categorize them based on: * Define who can provision users and grant Snyk access to external platforms, such as Git repositories. {% endhint %} -Snyk uses a hierarchical structure to manage all assets and security policies. This section will help you map your business to the Snyk architecture. +Snyk uses a hierarchical structure to manage all assets and security policies. This section helps you map your business to the Snyk architecture. * **Understanding the hierarchy:** Learn the purpose of the Tenant, Group, Organization, and Project levels. * **Group structure:** Decide how many top-level Group accounts your company requires. @@ -46,7 +46,7 @@ To learn more, visit [Structure your account](structure-your-account.md). ## Authentication and access: set up SSO -Implement Single Sign-On (SSO) at the Group level before rolling Snyk out to your organization. While pilot teams often start with personal authentication, transitioning to SSO is required for broad adoption, consistent login access, and centralized control. +Implement Single Sign-On (SSO) at the Group level before rolling Snyk out to your organization. While pilot teams often start with personal authentication, you must transition to SSO for broad adoption, consistent login access, and centralized control. Choose a provisioning strategy that defines the user experience and access level for new users. @@ -88,7 +88,7 @@ To learn more, visit [Authentication and access.](authentication-and-access.md) * Decide how to automate the governance, tracking, and remediation workflows for your assets to ensure continuous security visibility and compliance {% endhint %} -Policies allow you to automate business context, compliance checks, and notification workflows. +Policies let you automate business context, compliance checks, and notification workflows. * **License policies:** Decide which specific license types to explicitly allow or disallow to match your specific legal and compliance requirements. * **License severity:** Understand and configure how Snyk assigns High or Medium severity to problematic commercial licenses. diff --git a/discover-snyk/implementation-and-setup/enterprise-implementation-guide/configure-group-settings-and-policies/authentication-and-access.md b/discover-snyk/implementation-and-setup/enterprise-implementation-guide/configure-group-settings-and-policies/authentication-and-access.md index 133e51cc1ee0..98cc1c668626 100644 --- a/discover-snyk/implementation-and-setup/enterprise-implementation-guide/configure-group-settings-and-policies/authentication-and-access.md +++ b/discover-snyk/implementation-and-setup/enterprise-implementation-guide/configure-group-settings-and-policies/authentication-and-access.md @@ -46,7 +46,7 @@ Custom mapping requires Snyk professional services. Contact your account team fo **Key decision**: Determine if you need to pre-allocate users to specific Organizations and roles before their first login to prevent broad default access. {% endhint %} -If you need to define specific permissions before users first log in, use the Snyk API. This allows you to: +If you need to define specific permissions before users first log in, use the Snyk API. This lets you: * Assign a specific role to each user. * Grant access to specific Organizations automatically. @@ -70,7 +70,7 @@ The Tenant is the highest level of the Snyk hierarchy, and it encompasses all Gr * **Tenant Admin:** Can manage users across the entire Tenant, assign roles, and remove members. * **Tenant Viewer:** Provides read-only access to Tenant-level features like Snyk Analytics. -* **Tenant Member**: Allows access to the Tenant level but requires specific Group or Organization permissions to take action. +* **Tenant Member**: Provides access to the Tenant level but requires specific Group or Organization permissions to take action. {% hint style="info" %} Features like Snyk Analytics are available only on Enterprise plans. You can switch between Tenants by selecting the Tenant name in the navigation menu. @@ -89,7 +89,7 @@ Pre-defined roles at these levels have fixed permissions that cannot be modified **Group-level roles** * **Group Admin**: Provides full permissions at the Group and Organization levels. Assign this role to Snyk administrators. -* **Group Member**: Allows access to the Group but requires specific Organization-level permissions to interact with Projects. +* **Group Member**: Provides access to the Group but requires specific Organization-level permissions to interact with Projects. * **Group Viewer**: Provides read-only access to the Group level. Use this to audit Group settings without making changes. {% endstep %} {% endstepper %} diff --git a/discover-snyk/implementation-and-setup/enterprise-implementation-guide/configure-group-settings-and-policies/define-policies.md b/discover-snyk/implementation-and-setup/enterprise-implementation-guide/configure-group-settings-and-policies/define-policies.md index 0bfd5e4a5ec4..4ebbc416d54a 100644 --- a/discover-snyk/implementation-and-setup/enterprise-implementation-guide/configure-group-settings-and-policies/define-policies.md +++ b/discover-snyk/implementation-and-setup/enterprise-implementation-guide/configure-group-settings-and-policies/define-policies.md @@ -1,6 +1,6 @@ # Define policies -Policies define how Snyk behaves when identifying issues. Policies give you a quick and automated way to identify, prioritize, and triage issues. This saves valuable development time and allows developers to take more responsibility and ownership for security, reducing the “noise” level. +Policies define how Snyk behaves when identifying issues. Policies give you an automated way to identify, prioritize, and triage issues. This saves development time and lets developers take more responsibility and ownership for security, reducing the “noise” level. ## Security policies @@ -8,10 +8,10 @@ Policies define how Snyk behaves when identifying issues. Policies give you a qu **Key decision:** Decide which conditions automatically increase or decrease the priority or severity of an issue to match your risk appetite, and which specific issues or types of issues are automatically ignored to reduce "noise" and save development time. {% endhint %} -Group administrators can define security policies, thus providing an automated way to identify certain issues or types of issues, and apply actions like changing the severity or ignoring the issue based on your conditions. +Group administrators can define security policies, providing an automated way to identify certain issues or types of issues, and apply actions like changing the severity or ignoring the issue based on your conditions. * Configure policies to increase priority or decrease it as needed. -* Create ignores where needed +* Create ignores where needed. ## License policies @@ -24,14 +24,14 @@ Group administrators can set license policies to define Snyk behavior for treati By default, Snyk determines the severity of licenses as follows: * **High severity**: licenses that definitely present issues for commercial software. -* **Medium severity**: licenses that have clauses that may be of concern and should be reviewed. +* **Medium severity**: licenses that have clauses that may be of concern and that you should review. Configure policies to match your requirements. ## Asset policies {% hint style="success" %} -**Key decision:** Decide how to automate the governance, tracking, and remediation workflows for your assets to ensure continuous security visibility and compliance +**Key decision:** Decide how to automate the governance, tracking, and remediation workflows for your assets to ensure continuous security visibility and compliance. {% endhint %} Asset policies in Snyk Essentials automate business context and notification workflows. Use policies to identify coverage gaps and manage assets at scale. @@ -42,7 +42,7 @@ Asset policies in Snyk Essentials automate business context and notification wor A policy consists of the following elements: -* Filters: Define criteria (for example tags or asset names) to group specific assets. +* Filters: Define criteria (for example, tags or asset names) to group specific assets. * Actions: Define what happens to filtered assets, for example, assigning a classification or sending a Slack notification. ### Key filter types diff --git a/discover-snyk/implementation-and-setup/enterprise-implementation-guide/create-a-template-organization/README.md b/discover-snyk/implementation-and-setup/enterprise-implementation-guide/create-a-template-organization/README.md index 08cda11c3cb8..34f1f8a16af3 100644 --- a/discover-snyk/implementation-and-setup/enterprise-implementation-guide/create-a-template-organization/README.md +++ b/discover-snyk/implementation-and-setup/enterprise-implementation-guide/create-a-template-organization/README.md @@ -1,6 +1,6 @@ # Create a template Organization -This guide section is designed to help you plan your Snyk account structure at the Organization-level to ensure efficient asset management, precise access control, and accurate reporting. This Organization will be the template you copy to create additional Organizations from which have standards settings for all your Orgs. +This guide section helps you plan your Snyk account structure at the Organization level to ensure efficient asset management, precise access control, and accurate reporting. This Organization is the template you copy to create additional Organizations that have standard settings for all your Orgs. {% embed url="https://res.cloudinary.com/snyk/video/upload/v1775661970/4._Creating_your_Template_Organization_vf1x0b.mp4" %} Create a template Organization video guide @@ -17,7 +17,7 @@ Below is an outline of the key topics and decisions covered in this guide. * Define who can provision users and grant Snyk access to external platforms, such as Git repositories. {% endhint %} -Snyk uses a hierarchical structure to manage all assets and security policies. This section will help you map your business to the Snyk architecture. +Snyk uses a hierarchical structure to manage all assets and security policies. This section helps you map your business to the Snyk architecture. * **Organization structure:** Determine if your Organization structure should be team-based, product-based, or SCM organization-based to best support your policy and access needs. @@ -47,9 +47,9 @@ To learn more, visit [Authentication and access](authentication-and-access.md). * **Architecture and connectivity:** Select your primary SCM platform and identify where your production container registries (for example, Docker Hub, Amazon ECR) reside. Determine if you need to deploy Snyk Broker (using Docker or Kubernetes) to securely bypass firewalls, segment network traffic, or if you require custom proxy/CA configurations. * **Authentication and access management:** Commit to using dedicated, least-privilege service accounts rather than personal tokens (OAuth/PAT) to guarantee stable connections. Decide whether to use broad, centralized Group-level credentials for global asset discovery or require unique tokens at the Organization level. Verify you have the correct administrative roles to manage this inventory. -* **Developer workflow & remediation:** Define your PR check behaviors and automated fix strategies to match specific team workflows. Establish a monitoring frequency that provides adequate security visibility without overwhelming your developers' capacity to remediate. -* **Snyk Code enablement:** Decide whether to roll out Snyk Code globally or phase it in for high-priority teams. It's crucial to enable Snyk Code before importing your first Projects. If managing at a massive scale, plan to use the Snyk API rather than the UI for this step. +* **Developer workflow and remediation:** Define your PR check behaviors and automated fix strategies to match specific team workflows. Establish a monitoring frequency that provides adequate security visibility without overwhelming your developers' capacity to remediate. +* **Snyk Code enablement:** Decide whether to roll out Snyk Code globally or phase it in for high-priority teams. Enable Snyk Code before importing your first Projects. If managing at a massive scale, plan to use the Snyk API rather than the UI for this step. * **Project import strategy:** Choose the import method that provides the best dependency resolution for your specific programming languages to ensure accurate scanning. {% endhint %} -By configuring your core tools, source control integrations, and default security behaviors now, you establish a standardized baseline that can be easily cloned: either manually or using the API, across your entire business. +By configuring your core tools, source control integrations, and default security behaviors now, you establish a standardized baseline that you can clone, either manually or using the API, across your entire business. diff --git a/discover-snyk/implementation-and-setup/enterprise-implementation-guide/create-a-template-organization/authentication-and-access.md b/discover-snyk/implementation-and-setup/enterprise-implementation-guide/create-a-template-organization/authentication-and-access.md index af066be92002..b63f98466dba 100644 --- a/discover-snyk/implementation-and-setup/enterprise-implementation-guide/create-a-template-organization/authentication-and-access.md +++ b/discover-snyk/implementation-and-setup/enterprise-implementation-guide/create-a-template-organization/authentication-and-access.md @@ -12,7 +12,7 @@ Determine if Snyk pre-defined roles meet your requirements or if you must create Pre-defined roles at these levels have fixed permissions that cannot be modified. -* **Organization Admin**: Allows users to add or delete Projects, override Snyk checks, and provision users. Assign this role to Team Leads. +* **Organization Admin**: Lets users add or delete Projects, override Snyk checks, and provision users. Assign this role to Team Leads. * **Organization Collaborator**: Grants standard developer access. Use this for small teams or a developer-first rollout. ## Align roles with your Organization structure diff --git a/discover-snyk/implementation-and-setup/enterprise-implementation-guide/create-a-template-organization/connect-your-development-tools.md b/discover-snyk/implementation-and-setup/enterprise-implementation-guide/create-a-template-organization/connect-your-development-tools.md index 9f76ee15e69d..24c254fff670 100644 --- a/discover-snyk/implementation-and-setup/enterprise-implementation-guide/create-a-template-organization/connect-your-development-tools.md +++ b/discover-snyk/implementation-and-setup/enterprise-implementation-guide/create-a-template-organization/connect-your-development-tools.md @@ -1,8 +1,8 @@ # Connect your development tools -To roll out Snyk efficiently at scale, your first major milestone is configuring a Template Organization. Rather than setting up every new team from scratch, this template acts as your master blueprint. By configuring your core tools, source control integrations, and default security behaviors here first, you establish a standardized baseline that can be easily cloned, either manually or using the API, across your entire business. +To roll out Snyk efficiently at scale, your first major milestone is configuring a Template Organization. Rather than setting up every new team from scratch, this template acts as your master blueprint. By configuring your core tools, source control integrations, and default security behaviors here first, you establish a standardized baseline that you can clone, either manually or using the API, across your entire business. -As you work through this page, you will: +As you work through this page, you complete these tasks: 1. [Configure SCM integrations for Groups.](connect-your-development-tools.md#configure-scm-integrations-for-groups) 2. [Configure SCM integrations for Organizations.](connect-your-development-tools.md#configure-scm-integrations-for-organizations) @@ -26,7 +26,7 @@ The following table outlines the difference between these two implementation lev ### Configure SCM integrations for Groups -Configure your Source Control Manager (SCM) at the Group level to centralize authentication. This allows Snyk to access your repositories across multiple Organizations without requiring individual configuration for each one. +Configure your Source Control Manager (SCM) at the Group level to centralize authentication. This lets Snyk access your repositories across multiple Organizations without requiring individual configuration for each one. {% embed url="https://res.cloudinary.com/snyk/video/upload/v1775661962/3._Group-Level_Repository_Discovery_jvicn7.mp4" %} Group level repository discovery video guide @@ -69,7 +69,7 @@ Your integration approach should match the structure you selected during the pla * **SCM organization-based structure**: If you have 10+ SCM organizations and are using the `snyk-api-import` tool, ensure your Group-level integration has the scope to access all relevant repositories. * **Team-based structure**: Use Group-level authentication to ensure consistency across different developer teams while maintaining isolated Organizations. -* **Product-based structure**: Centralizing at the Group level allows developers to seamlessly access Projects across multiple product Organizations. +* **Product-based structure**: Centralizing at the Group level lets developers access Projects across multiple product Organizations. | Structure type | Integration strategy | | ----------------- | --------------------------------------------------------------------------- | @@ -95,7 +95,7 @@ If you are using multiple SCMs, Snyk recommends using separate Organizations for **Key decision:** Determine if this specific Organization requires a unique access token or a different service account than the one used at the Group level. {% endhint %} -Unlike Group-level setup, Organization-level integrations allow you to: +Unlike Group-level setup, Organization-level integrations let you: * **Isolate access:** Use a unique Personal Access Token (PAT) or OAuth connection that only has access to a specific team's repositories. * **Override Group defaults:** If a specific business unit uses a different SCM instance (for example, a separate GitHub Org or GitLab Group), you can configure it here without affecting the rest of the company. @@ -113,7 +113,7 @@ Set up your Org-level integrations by navigating to your Organization **Integrat When configuring at the Organization level, consider: * **Token segmentation:** You can assign a unique Broker token to an Organization. This is useful if different teams operate in different VPCs or data centers. -* **Granular troubleshooting:** Dedicated tokens allow you to monitor and troubleshoot connectivity issues for a specific team without impacting the entire Group. +* **Granular troubleshooting:** Dedicated tokens let you monitor and troubleshoot connectivity issues for a specific team without impacting the entire Group. {% hint style="info" %} If you are using Azure Repos, Snyk recommends using Universal Broker to avoid Azure limitations on organization mapping. @@ -136,7 +136,7 @@ While the Group integration provides the connection, the Organization level is w | ------------------- | ---------------------------------------------------------------------- | | Access control | Limits repository visibility to only the members of that Organization. | | Snyk Broker mapping | Maps specific SCM instances to specific internal network segments. | -| Customized rollout | Allows for different "prevention" settings (PR checks) per team. | +| Customized rollout | Allows different "prevention" settings (PR checks) per team. | {% endstep %} {% endstepper %} @@ -180,7 +180,7 @@ For Amazon ECR, Snyk recommends using Cross-Account Role authentication for enha **Key decision:** Decide on a monitoring frequency that balances security visibility with your team's remediation capacity. {% endhint %} -Once integrated, Snyk allows you to manage how often images are re-tested: +After integration, Snyk lets you manage how often images are re-tested: * **Continuous monitoring**: Snyk automatically rescans imported images daily to detect new vulnerabilities. * **Avoid duplication**: If you already scan images in your CI/CD pipeline using the Snyk CLI, decide if you also need registry-level monitoring. Registry integration provides a last line of defense for images currently in storage. @@ -199,9 +199,9 @@ As with SCM integrations, ensure email notifications are disabled at the Organiz Snyk strongly recommends integrating your container registry if your organization fits any of the following profiles: -* **Empowering AppSec autonomy**: This solution enables Application Security (AppSec) teams to manage and scan container images independently. It allows security teams to maintain oversight without bottlenecking developers or requiring them to change existing workflows. +* **Empowering AppSec autonomy**: This solution lets Application Security (AppSec) teams manage and scan container images independently. It lets security teams maintain oversight without bottlenecking developers or requiring them to change existing workflows. * **Scanning legacy and offline images:** If you have a large number of older images or multiple legacy tags that no longer have an active build pipeline, registry integration is the most efficient way to ensure they are still scanned for vulnerabilities. -* **Small-scale repositories:** Direct integration and UI management work best for smaller volumes of images (under 1,000). A smaller inventory makes the import process seamless and keeps the user interface fast and responsive. +* **Small-scale repositories:** Direct integration and UI management work best for smaller volumes of images (under 1,000). A smaller inventory simplifies the import process and keeps the user interface responsive. * **Limited developer bandwidth:** If your development team lacks the availability to update build pipelines or integrate new security tools into their current processes, direct registry scanning provides a frictionless alternative. ### Use cases for CI/CD or CLI @@ -251,7 +251,7 @@ This configuration is specific to asset management and is separate from the Orga **Key decision**: Choose which metadata (tags) and application structures are most critical for your risk assessment and reporting. {% endhint %} -Once assets are imported, use the following features to organize your inventory: +After you import assets, use the following features to organize your inventory: * **Automatic tags**: Snyk automatically adds tags for detected technologies (for example, Python, Terraform). @@ -303,7 +303,7 @@ Before installation, verify your environment: 1. Install the setup CLI tool: `npm install -g snyk-broker-config` 2. Start the interactive creation workflow: `snyk-broker-config workflows connections create` 3. Follow the on-screen prompts to input your Snyk Token, Tenant or Org ID, and select the specific integration type you want to connect (for example, GitHub Enterprise, GitLab, or Artifactory). -4. The CLI will generate your `DEPLOYMENT_ID`, `CLIENT_ID`, and `CLIENT_SECRET`. It will also prompt you to create a credential reference name (for example, `MY_GITHUB_TOKEN`) that maps to your actual secret. Keep these values secure for the next step. +4. The CLI generates your `DEPLOYMENT_ID`, `CLIENT_ID`, and `CLIENT_SECRET`. It also prompts you to create a credential reference name (for example, `MY_GITHUB_TOKEN`) that maps to your actual secret. Keep these values secure for the next step. {% hint style="info" %} If you are setting up Snyk Essentials for asset management with over 1,000 repositories, Snyk recommends a dedicated Broker and Organization. diff --git a/discover-snyk/implementation-and-setup/enterprise-implementation-guide/create-a-template-organization/structure-your-account.md b/discover-snyk/implementation-and-setup/enterprise-implementation-guide/create-a-template-organization/structure-your-account.md index bc4ef05b4ebd..74cc5965dad5 100644 --- a/discover-snyk/implementation-and-setup/enterprise-implementation-guide/create-a-template-organization/structure-your-account.md +++ b/discover-snyk/implementation-and-setup/enterprise-implementation-guide/create-a-template-organization/structure-your-account.md @@ -12,4 +12,4 @@ Snyk Organizations (Orgs) are the primary level for managing Projects and user a | -------------------------- | --------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------- | | **Team-based** | Linked to a specific developer or security team. | Strict security ownership and reporting by team. | Multiple teams need access to the exact same set of projects (leads to complexity). | | **Product-based** | Set up for distinct applications or product lines (for example, product a front-end, product a back-end). | Product-centric reporting and access control. | You have hundreds of small, unrelated products. | -| **SCM Organization-based** | Mimics your SCM hosting platform structure (for example Github orgs, Gitlab groups). | Automated onboarding using the Snyk API, when you have more than 10 SCM-related integrations. | Your SCM organization names are not intuitive or don't align with business units. | +| **SCM Organization-based** | Mimics your SCM hosting platform structure (for example, GitHub orgs, GitLab groups). | Automated onboarding using the Snyk API, when you have more than 10 SCM-related integrations. | Your SCM organization names are not intuitive or don't align with business units. | diff --git a/discover-snyk/implementation-and-setup/enterprise-implementation-guide/create-your-snyk-structure.md b/discover-snyk/implementation-and-setup/enterprise-implementation-guide/create-your-snyk-structure.md index 6f11dabdfee6..431ffbc2c254 100644 --- a/discover-snyk/implementation-and-setup/enterprise-implementation-guide/create-your-snyk-structure.md +++ b/discover-snyk/implementation-and-setup/enterprise-implementation-guide/create-your-snyk-structure.md @@ -27,7 +27,7 @@ Use the following table to understand which configurations transfer to the new O | ------------------------------------------------------ | --------------------------------------------------- | | All integrations and settings | Members and Service Accounts | | SCM and Container settings | Existing Projects | -| Notification integrations (for example Slack, or Jira) | Custom policies and ignore settings | +| Notification integrations (for example, Slack or Jira) | Custom policies and ignore settings | | PaaS and serverless integrations | Infrastructure as Code (IaC) and Snyk Code settings | ## Configure scan and notification behavior diff --git a/discover-snyk/implementation-and-setup/enterprise-implementation-guide/initial-team-rollout.md b/discover-snyk/implementation-and-setup/enterprise-implementation-guide/initial-team-rollout.md index 670700af9d11..071729d39fd5 100644 --- a/discover-snyk/implementation-and-setup/enterprise-implementation-guide/initial-team-rollout.md +++ b/discover-snyk/implementation-and-setup/enterprise-implementation-guide/initial-team-rollout.md @@ -18,7 +18,7 @@ Follow these steps to roll out Snyk to your teams: Managing notifications ensures that developers only see high-priority issues that require action. * Instruct administrators to manually enable the critical alerts through their personal settings if they need to monitor progress. -* Once the environment is stable, enable notifications in bulk for **High** and **Critical** severities only. +* After the environment is stable, enable notifications in bulk for **High** and **Critical** severities only. * Disable all email notifications for new Organizations. Navigate to **Group** > **Settings** to view the notification defaults overview. @@ -58,7 +58,7 @@ Use these templates to introduce Snyk. Replace the bracketed text with your spec **Key decision**: Evaluate the maturity of your AppSec program. For new programs, introduce plugins as a tool to validate fixes for prioritized issues. For mature programs, provide immediate access to prevent new issues from entering the codebase. {% endhint %} -Snyk IDE plugins allow developers to find and fix vulnerabilities before they reach the CI/CD pipeline. This shift-left approach reduces the time spent on security reviews. +Snyk IDE plugins let developers find and fix vulnerabilities before they reach the CI/CD pipeline. This shift-left approach reduces the time spent on security reviews. 1. Identify the primary IDEs used by your teams (VS Code, JetBrains, Visual Studio, or Eclipse). 2. Provide installation guides for the relevant Snyk IDE extension. diff --git a/discover-snyk/implementation-and-setup/enterprise-implementation-guide/manage-and-remediate-issues.md b/discover-snyk/implementation-and-setup/enterprise-implementation-guide/manage-and-remediate-issues.md index da4021a7341d..5f173e2b0071 100644 --- a/discover-snyk/implementation-and-setup/enterprise-implementation-guide/manage-and-remediate-issues.md +++ b/discover-snyk/implementation-and-setup/enterprise-implementation-guide/manage-and-remediate-issues.md @@ -1,6 +1,6 @@ # Manage and remediate issues -After establishing visibility and prevention measures, focus on managing your existing vulnerability backlog. This stage involves defining a fix strategy, prioritizing issues based on risk, and operationalizing the remediation process in your development teams. Effective management ensures that your security posture improves over time rather than just maintaining the status quo. +After establishing visibility and prevention measures, focus on managing your existing vulnerability backlog. This stage involves defining a fix strategy, prioritizing issues based on risk, and operationalizing the remediation process in your development teams. Effective management ensures that your security posture improves over time rather than maintaining the status quo. To manage and remediate issues, follow these stages: @@ -30,7 +30,7 @@ Key decision: Choose a primary metric for triage. Use **Priority Score** (900+) Use Snyk filters iteratively to build your plan: * **Risk and priority scores**: Start with scores of 900–1000 and work downward. -* **Severity**: filter for **Critical** and **High** issues. +* **Severity**: Filter for **Critical** and **High** issues. {% hint style="info" %} For Snyk Open Source, prioritize critical issues with a **Fixable** filter to identify quick wins. @@ -51,7 +51,7 @@ Operationalize the fix process using: * **Ignore policy**: Use the **Ignore** feature for issues that cannot be fixed immediately due to environmental context or breaking changes. {% hint style="info" %} -Ensure to always include a detailed reason and always set an expiration date (monthly or quarterly) for review. +Always include a detailed reason and set an expiration date (monthly or quarterly) for review. {% endhint %} * **Permissions**: Restrict ignore permissions to Organization admins in the general settings to maintain oversight. diff --git a/discover-snyk/implementation-and-setup/enterprise-implementation-guide/phase-3-gain-visibility/README.md b/discover-snyk/implementation-and-setup/enterprise-implementation-guide/phase-3-gain-visibility/README.md index ca41b4f9989a..9dee76ee7043 100644 --- a/discover-snyk/implementation-and-setup/enterprise-implementation-guide/phase-3-gain-visibility/README.md +++ b/discover-snyk/implementation-and-setup/enterprise-implementation-guide/phase-3-gain-visibility/README.md @@ -1,6 +1,6 @@ # Gain visibility by importing repositories -Gaining visibility over your Organization security begins with importing Projects. This process allows Snyk to monitor your code, dependencies, containers, and infrastructure. +Gaining visibility over your Organization security begins with importing Projects. This process lets Snyk monitor your code, dependencies, containers, and infrastructure. There are several ways you can import Projects, depending on your tech stack and package managers: @@ -63,11 +63,11 @@ Use the API to trigger scans and handle results programmatically across a large ## Add Projects tags and attributes -After importing Projects, use Project attributes and tags to categorize your data. This metadata allows you to filter and report on specific subsets of your Organization. +After importing Projects, use Project attributes and tags to categorize your data. This metadata lets you filter and report on specific subsets of your Organization. For example, apply the `frontend` attribute and a `Team:Unicorn` tag to your Projects. You can then generate a report specifically for critical frontend vulnerabilities in production owned by Team Unicorn. -Attributes and tags also allow you to: +Attributes and tags also let you: * Group related Projects for easier management. * Customize how you view and access Project data. diff --git a/discover-snyk/implementation-and-setup/enterprise-implementation-guide/trial-limitations.md b/discover-snyk/implementation-and-setup/enterprise-implementation-guide/trial-limitations.md index 2f7419a5fd8b..4d71d6a2d176 100644 --- a/discover-snyk/implementation-and-setup/enterprise-implementation-guide/trial-limitations.md +++ b/discover-snyk/implementation-and-setup/enterprise-implementation-guide/trial-limitations.md @@ -1,12 +1,12 @@ # Trial limitations -You can try out Snyk functionalities in several ways: +You can try out Snyk functionality in several ways: * Using the limited Free plan * Using a self-serve 14-day trial -* By piloting the full product with the Enterprise plan +* Piloting the full product with the Enterprise plan -The Snyk 14-day trial offers a sample of the features available in the paid Enterprise plan. However, certain features will have limited functionality or be entirely unavailable in order to provide a seamless experience when the trial concludes. +The Snyk 14-day trial offers a sample of the features available in the paid Enterprise plan. However, certain features have limited functionality or are entirely unavailable to provide a smooth experience when the trial concludes. {% hint style="info" %} After implementing Snyk Essentials, you must access the Inventory page to ensure it is populated with all the necessary information. Depending on the number of repositories you have imported, the update may take up to several hours. diff --git a/discover-snyk/implementation-and-setup/enterprise-setup/auto-provisioning-guide.md b/discover-snyk/implementation-and-setup/enterprise-setup/auto-provisioning-guide.md index 9e3a03b03a85..bdfaef429390 100644 --- a/discover-snyk/implementation-and-setup/enterprise-setup/auto-provisioning-guide.md +++ b/discover-snyk/implementation-and-setup/enterprise-setup/auto-provisioning-guide.md @@ -32,26 +32,26 @@ This email contains two links: 2. **Create and activate a new account** - To be used if you're entirely new to Snyk or want to start from scratch with a different user. {% hint style="warning" %} -Once provisioning is complete, these links will become invalid and you will see an "Access denied" error page. +After provisioning is complete, these links become invalid and you see an "Access denied" error page. -If you have not completed provisioning but still see this error, make sure someone else in your organization has not already completed the flow themselves, in case the welcome email has more recipients. +If you have not completed provisioning but still see this error, ensure someone else in your organization has not already completed the flow themselves, in case the welcome email has more recipients. {% endhint %} ## Sign up - start from scratch -Clicking the sign-up link in your welcome email will take you to the sign-up page in the provisioning app. +Clicking the sign-up link in your welcome email takes you to the sign-up page in the provisioning app. {% hint style="warning" %} -The provisioning app is only accessible through a unique link, all other access is disabled and will show an error page. +The provisioning app is only accessible through a unique link. All other access is disabled and shows an error page. {% endhint %}
Sign up page on provision.snyk.io

Sign up page on provision.snyk.io

### Step 1: Enter the company name -The company name you enter here will be used to create the [Tenant](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/snyk-hierarchy/tenant), the top-level instance you'll see in the Snyk Platform. It is a required field and has 60-character limit. +The company name you enter here creates the [Tenant](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/snyk-hierarchy/tenant), the top-level instance you'll see in the Snyk Platform. It is a required field and has a 60-character limit. -Provisioning will also create a [Group](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/snyk-hierarchy/groups) and a default [Organization](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/snyk-hierarchy/organizations) using the same name. +Provisioning also creates a [Group](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/snyk-hierarchy/groups) and a default [Organization](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/snyk-hierarchy/organizations) using the same name. ### Step 2: Choose where to host the account @@ -65,10 +65,10 @@ Provisioning is enabled for these [three regions](https://app.gitbook.com/o/-M4t * :flag\_eu: **Europe**: SNYK-EU-01 * :flag\_au: **Australia**: SNYK-AU-01 -In the case of [multiple instances](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/ELvljsaLKPkSpffOkmsQ/regional-hosting-and-data-residency#regional-multi-and-single-tenant-hosting) being available in a chosen region (United States), Snyk reserves the right to chose the specific instance where your account will be created. For more information see [Regional Hosting and data residency](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/ELvljsaLKPkSpffOkmsQ/regional-hosting-and-data-residency). +In the case of [multiple instances](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/ELvljsaLKPkSpffOkmsQ/regional-hosting-and-data-residency#regional-multi-and-single-tenant-hosting) being available in a chosen region (United States), Snyk reserves the right to choose the specific instance where Snyk creates your account. For more information see [Regional Hosting and data residency](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/ELvljsaLKPkSpffOkmsQ/regional-hosting-and-data-residency). {% hint style="warning" %} -Automated provisioning is only possible for multi-tenant environments. For single-tenant availability (Snyk Private Cloud), reach out to your account team in advance of provisioning. +Automated provisioning is only possible for multi-tenant environments. For single-tenant availability (Snyk Private Cloud), reach out to your account team before provisioning. {% endhint %} ### Step 3: Select an authentication method @@ -88,7 +88,7 @@ The available authentication methods are either Single sign-on (SSO) or Third-pa | :flag\_eu: Europe | :heavy\_check\_mark: | :heavy\_multiplication\_x: | | :flag\_au: Australia | :heavy\_check\_mark: | :heavy\_multiplication\_x: | -Snyk recommends selecting SSO since it is best supported across all environments. Selecting this option will then prompt you to enter a valid, work-issued email address, used to create an initial Snyk Admin user. No extra configuration for SSO is required at this point. +Snyk recommends selecting SSO since it is best supported across all environments. Selecting this option then prompts you to enter a valid, work-issued email address, used to create an initial Snyk Admin user. No extra configuration for SSO is required at this point.
Email address input

Email address input

@@ -96,32 +96,32 @@ Snyk recommends selecting SSO since it is best supported across all environments As a final step, you must confirm the details entered are correct. -* If you have selected SSO as the authentication method, clicking "Sign up" will then show a loading page while Snyk does the background work. -* If you have selected Third-party authentication, clicking "Continue to sign up options" will redirect you to the Snyk Login page where you can choose your identity provider (Github, Google, and so on.). Once you have completed signing up you will be redirected back to the provisioning application where the loading page will indicate in-progress background work. +* If you have selected SSO as the authentication method, clicking "Sign up" then shows a loading page while Snyk does the background work. +* If you have selected Third-party authentication, clicking "Continue to sign up options" redirects you to the Snyk Login page where you can choose your identity provider (GitHub, Google, and so on). After you complete signing up, Snyk redirects you back to the provisioning application, where the loading page indicates in-progress background work. Snyk advises you to not close the page, otherwise you risk not seeing the process complete successfully. ### Step 5: Access the Snyk platform -If you have selected SSO as the authentication method, once plan activation is done, you will see a success message and a verification button. Snyk also sends an email to indicate a successful provisioning containing the same login verification link. This link does not expire and it can be used for multiple authentications if needed.\ +If you have selected SSO as the authentication method, after plan activation is done, you see a success message and a verification button. Snyk also sends an email to indicate a successful provisioning containing the same login verification link. This link does not expire and you can use it for multiple authentications if needed.\ \ -Once clicked, a login code will be sent to the email address previously entered. This is known as a Passwordless Login. Enter the code where prompted and you are ready to start using Snyk! +After you click it, Snyk sends a login code to the email address you previously entered. This is known as a Passwordless Login. Enter the code where prompted and you are ready to start using Snyk.
Successful provisioning for SSO

Successful provisioning for SSO

-If you have selected **Third-party authentication**, once plan activation is done you are all set! You can click "Continue to your account" and start using the platform. +If you have selected **Third-party authentication**, after plan activation is done you are all set. You can click "Continue to your account" and start using the platform. {% hint style="info" %} -Your plan might not have all the features enabled if your contract's start date is in the future. You will gain full access to all features when the start date is met. +Your plan might not have all the features enabled if your contract's start date is in the future. You gain full access to all features when the start date is met. {% endhint %} ## Logging in - provision using an existing user account -Clicking the sign-up link in your welcome email will take you to the log in page in the provisioning app. +Clicking the sign-up link in your welcome email takes you to the log in page in the provisioning app. ### Step 1: Logging in -If you have a user account connected through a third-party provider, you will need to use SNYK-US-01 +If you have a user account connected through a third-party provider, you must use SNYK-US-01 You can find the links for all the regions in the [Login and Web UI URLs section](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/ELvljsaLKPkSpffOkmsQ/regional-hosting-and-data-residency#login-and-web-ui-urls). @@ -140,17 +140,17 @@ If you already have a Snyk User, you can choose how you activate your Enterprise ### **Step 3: Access the Snyk platform** -This step is the same as [#step-5-access-the-snyk-platform](auto-provisioning-guide.md#step-5-access-the-snyk-platform "mention") when signing up. Once the process is done you can "Continue to your account" and begin using Snyk. +This step is the same as [#step-5-access-the-snyk-platform](auto-provisioning-guide.md#step-5-access-the-snyk-platform "mention") when signing up. After the process is done you can "Continue to your account" and begin using Snyk. {% hint style="info" %} -Your plan might not have all the features enabled if your contract's start date is in the future. You will gain full access to all features when the start date is met. +Your plan might not have all the features enabled if your contract's start date is in the future. You gain full access to all features when the start date is met. {% endhint %} ## Error types and solutions ### Validation errors -When creating a new Tenant or User Snyk checks for duplicates and surfaces any issues. +When creating a new Tenant or User, Snyk checks for duplicates and surfaces any issues. * **The business name provided is already in use.** - Use a different name or reach out to your account executive if you want to link your plan to that existing Tenant but you are not a member of it. diff --git a/discover-snyk/implementation-and-setup/implement-snyk.md b/discover-snyk/implementation-and-setup/implement-snyk.md index 6a9e7fc88e7a..4f0e5c389c63 100644 --- a/discover-snyk/implementation-and-setup/implement-snyk.md +++ b/discover-snyk/implementation-and-setup/implement-snyk.md @@ -5,8 +5,8 @@ Implementing a developer security tool like Snyk is critical to ensuring the sec Here is a brief overview of the process: 1. **Assessment**: Evaluate your current security practices and identify areas for improvement. -2. **Planning**: use the provided Project plans to outline your goals, timelines, and necessary resources. -3. **Configuration**: Follow configuration guidance to tailor the security platform to your needs, ensuring it integrates seamlessly with your existing tools and workflows. +2. **Planning**: Use the provided Project plans to outline your goals, timelines, and necessary resources. +3. **Configuration**: Follow configuration guidance to tailor the security platform to your needs, ensuring it integrates with your existing tools and workflows. 4. **Rollout**: Implement the platform across your development teams, following the specific guidance for small teams or enterprise environments. 5. **Training**: Educate your developers on the importance of security and how to use the platform effectively. 6. **Monitoring and iteration**: Continuously monitor the health and performance of your applications and make adjustments as needed to maintain optimal security. diff --git a/discover-snyk/implementation-and-setup/team-implementation-guide/README.md b/discover-snyk/implementation-and-setup/team-implementation-guide/README.md index b7eea6f097b0..d154cfec2146 100644 --- a/discover-snyk/implementation-and-setup/team-implementation-guide/README.md +++ b/discover-snyk/implementation-and-setup/team-implementation-guide/README.md @@ -9,7 +9,7 @@ We start with the awareness that most businesses: ## **Typical timelines** -Once your Snyk Organization is set up, you can immediately start gaining visibility into your code by integrating your code repositories (with PR checks disabled), CI/CD pipelines, or container registries. +After you set up your Snyk Organization, you can immediately start gaining visibility into your code by integrating your code repositories (with PR checks disabled), CI/CD pipelines, or container registries. To minimize disruption, Snyk recommends a gradual rollout of your "shift left" security strategy, focusing on backlog remediation and prevention. Key recommendations include providing developers with access to the IDE and piloting on a single Project before expanding best practices to the wider team. @@ -35,15 +35,15 @@ This visibility helps build trust while rolling out Snyk. With the Team plan, th ### Achieve prevention and drive developer adoption -Next is the prevention stage. You should stop new security issues from being added to your applications. During this stage, you can put controls in place to allow developers to see issues in their pipelines using Pull Request (PR)/Merge Request (MR) checks, and checks in the pipeline that may block. +Next is the prevention stage. Stop new security issues from being added to your applications. During this stage, you can put controls in place to let developers see issues in their pipelines using Pull Request (PR)/Merge Request (MR) checks, and checks in the pipeline that can block. -As part of this, developers may use IDE plugins and other tools like [Snyk Advisor](https://snyk.io/advisor) to select secure packages and [Snyk Learn](https://learn.snyk.io/) to educate on secure coding, security, and the product. It's quite common to see developers download and use IDE plugins. Provide guides indicating the settings they should use and guidelines on what they should fix to start often Criticals and Highs, where fixes are available. +As part of this, developers can use IDE plugins and other tools like [Snyk Advisor](https://snyk.io/advisor) to select secure packages and [Snyk Learn](https://learn.snyk.io/) to educate on secure coding, security, and the product. Developers commonly download and use IDE plugins. Provide guides indicating the settings they should use and guidelines on what to fix to start, often Criticals and Highs, where fixes are available. ### Fix the backlog and triage issues Finally, you can focus on fixing your backlog of security issues. This can take several forms: -* As part of the initial rollout, security or initial stakeholder may triage the initial results for the existing portfolio, create tickets for priority items to investigate or address, or have the teams do that for their applications as part of the weekly triage process. +* As part of the initial rollout, security or initial stakeholders can triage the initial results for the existing portfolio, create tickets for priority items to investigate or address, or have the teams do that for their applications as part of the weekly triage process. * After gaining visibility and achieving prevention, you can review your backlog of issues. For example, a weekly triage process with the key stakeholders can guide the teams on what to address. ## Use enhanced resources with Snyk diff --git a/discover-snyk/implementation-and-setup/team-implementation-guide/invite-users.md b/discover-snyk/implementation-and-setup/team-implementation-guide/invite-users.md index f685a21bdd1d..193b3d6a06f6 100644 --- a/discover-snyk/implementation-and-setup/team-implementation-guide/invite-users.md +++ b/discover-snyk/implementation-and-setup/team-implementation-guide/invite-users.md @@ -1,7 +1,7 @@ -# Invite Users +# Invite users Click **Members** and invite your team members, applying the role alignments decided in Phase 1 for each member. {% hint style="info" %} -Inviting members is generally suggested after importing your Projects. You may bring in a few initial members to start and then do a wider rollout. This can be done at any time as part of stages four and five. It is strongly recommended to communicate what is expected prior to the actual invitation and then communicate throughout the various stages as pull request checks are turned on, pipelines enabled, and as policies/practices change. +Inviting members is generally suggested after importing your Projects. You can bring in a few initial members to start and then do a wider rollout at any time as part of stages four and five. Communicate what is expected before the invitation, then communicate throughout the various stages as pull request checks are turned on, pipelines enabled, and policies and practices change. {% endhint %} diff --git a/discover-snyk/implementation-and-setup/team-implementation-guide/phase-1-discovery-and-planning/choose-rollout-integrations.md b/discover-snyk/implementation-and-setup/team-implementation-guide/phase-1-discovery-and-planning/choose-rollout-integrations.md index 1a9d4a0b0a32..28d0b65040a6 100644 --- a/discover-snyk/implementation-and-setup/team-implementation-guide/phase-1-discovery-and-planning/choose-rollout-integrations.md +++ b/discover-snyk/implementation-and-setup/team-implementation-guide/phase-1-discovery-and-planning/choose-rollout-integrations.md @@ -2,7 +2,7 @@ ## **SDLC integration points** -Snyk offers many integrations that seamlessly integrate into every stage of the SDLC. +Snyk offers many integrations across every stage of the SDLC. Many businesses typically roll out automated solutions first, then slowly introduce tools to enable the developers. In addition, gating features are gradually turned on over a period of time to minimize disruption. @@ -16,7 +16,7 @@ Below are typical early integrations. ### Source Code Management (SCM) integrations -Integrations with popular version control platforms like GitHub, GitLab, Azure Repos, and Bitbucket seamlessly integrate Snyk security checks into the code review process. This ensures that potential vulnerabilities are identified and addressed before the code is merged into the main branch. Important features include: +Integrations with popular version control platforms like GitHub, GitLab, Azure Repos, and Bitbucket integrate Snyk security checks into the code review process. This ensures that Snyk identifies and addresses potential vulnerabilities before the code is merged into the main branch. Important features include: * Daily testing/monitoring of a specified branch (typically "development" branch), * (optional) Pull Request/Merge Request checks against any branch of the repository. @@ -43,7 +43,7 @@ If you have a non-cloud-facing or your own instance of a Git SCM: ### Continuous Integration/Continuous Deployment (CI/CD) pipeline integrations -Integrating Snyk into CI/CD pipelines, such as Jenkins, Travis CI, or CircleCI, automates security checks during the build and deployment process. This ensures that vulnerabilities are detected early in the software development lifecycle and prevents their propagation into production. Typical features include: +Integrating Snyk into CI/CD pipelines, such as Jenkins, Travis CI, or CircleCI, automates security checks during the build and deployment process. This ensures that Snyk detects vulnerabilities early in the software development lifecycle and prevents their propagation into production. Typical features include: * (Optional) Ability to passively monitor results during build and view results in Snyk * (Optional) Ability to test and potentially break the build based on criteria you specified @@ -59,13 +59,13 @@ For more details, see [Snyk CI/CD integrations](https://app.gitbook.com/o/-M4tdx ### Integrated Development Environment (IDE) integrations -IDE integrations like Visual Studio Code, IntelliJ IDEA, and Eclipse allow developers to access Snyk's security features directly within their coding environment. This enables real-time scanning and issue remediation as developers write code at the earliest possible stages. +IDE integrations like Visual Studio Code, IntelliJ IDEA, and Eclipse let developers access the security features in Snyk directly within their coding environment. This enables real-time scanning and issue remediation as developers write code at the earliest possible stages. For more details, see [Use Snyk in your IDE](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/snyk-ide-plugins-and-extensions). ## Considerations for import strategies -
Project Import StrategyConsiderationsAdvantagesDisadvantages
CLI (automated CI/CD)Must be configured for each application within CI/CD.
  • Can select what to test and when (i.e. which package managers, where in the process, which language to analyze.
  • May need development effort for integration.
It requires configuration per application.
CLI (Run locally by user)User can use CLI to perform testing locally while working on an application, very configurable per scan type.Local use caseNot meant for visibility or automation. Can require buildable code or dependencies to be installed (For example Gradle without Lockfile, Scala).
Git Code Repository IntegrationOnboarding and daily monitoring: rapid vulnerability assessment across application portfolio.
  • Continuous monitoring of repositories (even when you are not working on it).
  • Centralized visibility for teams.
  • Monitors specified branch
  • Code does not need to be built.
  • Can be initiated via UI
  • Some languages/package managers have better resolution utilizing the CLI (Gradle without lockfile, Scala).
Pull request (PR)/merge request (MR) scanningImmediate feedback on introduced issues on the PR/MR against any branch on repository.Configurable rules for pass/fail
+
Project Import StrategyConsiderationsAdvantagesDisadvantages
CLI (automated CI/CD)Must be configured for each application within CI/CD.
  • Can select what to test and when (that is, which package managers, where in the process, which language to analyze).
  • May need development effort for integration.
It requires configuration per application.
CLI (Run locally by user)User can use CLI to perform testing locally while working on an application, configurable per scan type.Local use caseNot meant for visibility or automation. Can require buildable code or dependencies to be installed (For example Gradle without Lockfile, Scala).
Git Code Repository IntegrationOnboarding and daily monitoring: rapid vulnerability assessment across application portfolio.
  • Continuous monitoring of repositories (even when you are not working on it).
  • Centralized visibility for teams.
  • Monitors specified branch
  • Code does not need to be built.
  • Can be initiated through the UI
  • Some languages/package managers have better resolution using the CLI (Gradle without lockfile, Scala).
Pull request (PR)/merge request (MR) scanningImmediate feedback on introduced issues on the PR/MR against any branch on repository.Configurable rules for pass/fail
## Additional considerations @@ -73,8 +73,8 @@ For more details, see [Use Snyk in your IDE](https://app.gitbook.com/o/-M4tdxG8q For Snyk Infrastructure as Code, it is common that your Terraform or YAML configuration files are held in your SCM, but they may be in a separate area or repository. As a result, consider if there are other areas you need to import. You may also want to integrate with Terraform Cloud (if applicable) to enable Snyk tests as part of your "Terraform run" processes. -For complex environments, modules, and highly templated implementations, utilizing the CLI on your Terraform Plan file may provide the best results. +For complex environments, modules, and highly templated implementations, using the CLI on your Terraform Plan file can provide the best results. ### CR (Container Registries) -Snyk also integrates with various [Container Registries](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-container/container-registry-integrations) to enable you to import and monitor your containers for vulnerabilities. Snyk tests the containers you have imported for any known security vulnerabilities found at a frequency you control. +Snyk also integrates with various [Container Registries](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-container/container-registry-integrations) so you can import and monitor your containers for vulnerabilities. Snyk tests the containers you have imported for any known security vulnerabilities found at a frequency you control. diff --git a/discover-snyk/implementation-and-setup/team-implementation-guide/phase-1-discovery-and-planning/create-rollout-plan.md b/discover-snyk/implementation-and-setup/team-implementation-guide/phase-1-discovery-and-planning/create-rollout-plan.md index d6f7bfff5721..985ee383174c 100644 --- a/discover-snyk/implementation-and-setup/team-implementation-guide/phase-1-discovery-and-planning/create-rollout-plan.md +++ b/discover-snyk/implementation-and-setup/team-implementation-guide/phase-1-discovery-and-planning/create-rollout-plan.md @@ -4,7 +4,7 @@ Every business is different. If your teams have already used security tools and ## Suggested onboarding approach -When you are introducing Snyk to your business, Snyk suggests the following phased rollout after configuring integrations. +When you are introducing Snyk to your business, Snyk suggests the following phased rollout after configuring integrations. ### 1. Kick off with a pilot team @@ -14,14 +14,14 @@ Start by selecting a small group of engaged pilot users from: * Project teams building new applications * Developers of business-critical applications. -This allows you to: +This lets you: * Thoroughly onboard initial users * Gather feedback to refine processes * Identify issues before the broader rollout * Build success stories to promote Snyk. -Typically, importing everything using a repository integration for visibility and working through the rollout with a small pilot team allows you to identify the best processes and ways to implement Snyk within your environment. +Typically, importing everything using a repository integration for visibility and working through the rollout with a small pilot team lets you identify the best processes and ways to implement Snyk in your environment. ### 2. Gain visibility with Git repository integration @@ -51,7 +51,7 @@ The key advantages of using this process are: With priorities addressed and processes refined, start expanding access more broadly across teams. -This phased approach allows thoughtful onboarding while rapidly gaining visibility and control. +This phased approach supports thoughtful onboarding while rapidly gaining visibility and control. ### 5. Turn on gating @@ -60,7 +60,7 @@ After the first month, gradually turn on gating measures. * Pull Request/Merge Request Checks using criteria such as `severity` and `is fixable`. * Fail builds based on criteria such as `High` or `Critical`, `CVSS`, `Mature Exploit` for Open Source and other criteria using the [Snyk Filter](https://github.com/snyk-labs/snyk-filter) plugin. -It's recommended to start with a few applications, especially during the pilot team phase, work through the processes then roll out more widely. +Snyk recommends starting with a few applications, especially during the pilot team phase, working through the processes, then rolling out more widely. ## Exception handling diff --git a/discover-snyk/implementation-and-setup/team-implementation-guide/phase-1-discovery-and-planning/determine-member-roles.md b/discover-snyk/implementation-and-setup/team-implementation-guide/phase-1-discovery-and-planning/determine-member-roles.md index a8cd1b0fc11b..91091011819b 100644 --- a/discover-snyk/implementation-and-setup/team-implementation-guide/phase-1-discovery-and-planning/determine-member-roles.md +++ b/discover-snyk/implementation-and-setup/team-implementation-guide/phase-1-discovery-and-planning/determine-member-roles.md @@ -1,6 +1,6 @@ # Determine user roles -## Default roles +## Default roles A key consideration when setting up Snyk is determining which [default user roles](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/snyk-platform-administration/user-roles/pre-defined-roles) align with your needs. @@ -9,7 +9,7 @@ The Team plan has the following fixed roles in Snyk, each with a fixed set of pe The following are the default roles: * **Org Admin**: Typically assigned to team leads. Users with this role can add/delete Projects, override Snyk checks, and provision users. It is common to assign this to team leads, admins, and security team users. -* **Org Collaborator**: This is the default role in Snyk used for developers. This role is ideal for small teams or for a very developer-first organizational approach. +* **Org Collaborator**: This is the default role in Snyk used for developers. This role is ideal for small teams or for a developer-first organizational approach. {% hint style="info" %} If you need more granularity in roles/permissions, consider upgrading to Snyk Enterprise Plan to access Custom Roles and SSO functionality. diff --git a/discover-snyk/implementation-and-setup/team-implementation-guide/phase-1-discovery-and-planning/discovery.md b/discover-snyk/implementation-and-setup/team-implementation-guide/phase-1-discovery-and-planning/discovery.md index 02ec62a42825..0f637117a9d2 100644 --- a/discover-snyk/implementation-and-setup/team-implementation-guide/phase-1-discovery-and-planning/discovery.md +++ b/discover-snyk/implementation-and-setup/team-implementation-guide/phase-1-discovery-and-planning/discovery.md @@ -4,7 +4,7 @@ Identifying key applications early helps you identify important contacts to make, helps define success metrics, and helps early prioritization. Your business may have thousands of applications, but can you identify a few key applications to benchmark progress and priority? -For large enterprises, you can import everything, but that additional information can be collected in parallel to help prioritize work and measure success. This should not be a blocker or delay, it can be done in parallel in the planning and implementation phases. +For large enterprises, you can import everything, but you can collect that additional information in parallel to help prioritize work and measure success. This should not be a blocker or delay. You can do it in parallel in the planning and implementation phases. ## For implementations in smaller organizations/startups - confirm internal points of contact and roles @@ -19,7 +19,7 @@ To successfully implement Snyk, you must identify the skills needed and the stak ## For implementations for a Team plan within an Enterprise - identify stakeholders with a RACI matrix -In smaller organizations where a few individuals may have the necessary access, involving the stakeholders can be quick and easy. For a small team, early startup, it can be as simple as finding who can create credentials for Snyk to access the system or update a CI/CD script. In a larger enterprise, where you may have a single team using Snyk, this tends to be more organizationally complex, and the following RACI matrix can assist in determining: +In smaller organizations where a few individuals have the necessary access, involving the stakeholders can be quick. For a small team or early startup, it can be as simple as finding who can create credentials for Snyk to access the system or update a CI/CD script. In a larger enterprise, where you may have a single team using Snyk, this tends to be more organizationally complex, and the following RACI matrix can assist in determining: * **R**esponsible: the person ultimately accountable for carrying out the task or deliverable. * **A**ccountable: the approver who must sign off on work before it is considered complete. @@ -30,6 +30,6 @@ For large enterprises, the following RACI matrix is useful to clearly define rol
TaskChampionAdminSecurityDevOps
OnboardingResponsibleResponsibleResponsibleResponsible
Admin TrainingAccountableResponsibleConsultedResponsible
Security TrainingResponsibleConsultedAccountableResponsible
DevOps TrainingResponsibleConsultedConsultedAccountable
Source Control/IDE/PIPELINE SetupResponsibleResponsibleResponsibleAccountable
License Policy ManagementResponsibleResponsibleResponsibleAccountable
Security TriageResponsibleConsultedAccountableConsulted
-This ensures all stakeholders are engaged in suitable capacities without duplicated or neglected efforts. Following the matrix enables smooth collaboration, with individuals contributing specialized skills within their designated areas. +This ensures all stakeholders are engaged in suitable capacities without duplicated or neglected efforts. Following the matrix enables smooth collaboration, with individuals contributing specialized skills in their designated areas. -The clear delineation of duties promotes productivity, efficiency, and accountability. Overall, the RACI framework is an effective method for orchestrating a structured, well-coordinated onboarding process resulting in the successful implementation of Snyk. +The clear delineation of duties promotes productivity, efficiency, and accountability. Overall, the RACI framework is an effective method for orchestrating a structured, well-coordinated onboarding process that results in the successful implementation of Snyk. diff --git a/discover-snyk/implementation-and-setup/team-implementation-guide/phase-1-discovery-and-planning/name-your-organization.md b/discover-snyk/implementation-and-setup/team-implementation-guide/phase-1-discovery-and-planning/name-your-organization.md index 70256ebb5e4f..8c761cff487b 100644 --- a/discover-snyk/implementation-and-setup/team-implementation-guide/phase-1-discovery-and-planning/name-your-organization.md +++ b/discover-snyk/implementation-and-setup/team-implementation-guide/phase-1-discovery-and-planning/name-your-organization.md @@ -24,5 +24,5 @@ All customers have a Group and at least one Organization. On the Free and Team p For more details, visit [Manage Groups and Organizations](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/snyk-hierarchy/groups-and-organizations). {% hint style="info" %} -If you have hundreds or thousands of repositories, consider the Snyk Enterprise plan for access to additional organizations to restrict access, separate reporting, and manageable lists to interact with. +If you have hundreds or thousands of repositories, consider the Snyk Enterprise plan for access to additional Organizations to restrict access, separate reporting, and manageable lists to interact with. {% endhint %} diff --git a/discover-snyk/implementation-and-setup/team-implementation-guide/phase-1-discovery-and-planning/plan-for-success.md b/discover-snyk/implementation-and-setup/team-implementation-guide/phase-1-discovery-and-planning/plan-for-success.md index a6a4054842c3..1145c861484e 100644 --- a/discover-snyk/implementation-and-setup/team-implementation-guide/phase-1-discovery-and-planning/plan-for-success.md +++ b/discover-snyk/implementation-and-setup/team-implementation-guide/phase-1-discovery-and-planning/plan-for-success.md @@ -2,19 +2,19 @@ ## Determine success metrics with Snyk -Implementing Snyk provides an opportunity to enhance your application security. But how do you know if you're getting the most out of it? Key Performance Indicators (KPIs) are essential measurements that track Snyk's impact and help guide your security journey. +Implementing Snyk provides an opportunity to enhance your application security. But how do you know if you're getting the most out of it? Key Performance Indicators (KPIs) are essential measurements that track the impact of Snyk and help guide your security journey. KPIs give you valuable insights by monitoring key metrics at each adoption phase - from raising awareness to preventing new issues. They help you: * Assess progress toward security goals * Identify areas needing improvement -* Demonstrate Snyk's value to stakeholders +* Demonstrate the value of Snyk to stakeholders Tracking metrics aligned to each stage provides tangible insights into what's working well and where improvements may be needed. KPIs help optimize your use of Snyk and progress your application security program. ## Example metrics -These are just some potential examples of success metrics to consider. Analyzing relevant data points at each stage can provide insight into what's working well and identify areas for improvement. +These are some potential examples of success metrics to consider. Analyzing relevant data points at each stage can provide insight into what's working well and identify areas for improvement. ### Gain visibility diff --git a/discover-snyk/implementation-and-setup/team-implementation-guide/phase-1-discovery-and-planning/validate-your-snyk-plan.md b/discover-snyk/implementation-and-setup/team-implementation-guide/phase-1-discovery-and-planning/validate-your-snyk-plan.md index cdb4f7aa41d0..4c33bec5850e 100644 --- a/discover-snyk/implementation-and-setup/team-implementation-guide/phase-1-discovery-and-planning/validate-your-snyk-plan.md +++ b/discover-snyk/implementation-and-setup/team-implementation-guide/phase-1-discovery-and-planning/validate-your-snyk-plan.md @@ -1,5 +1,5 @@ # Validate your Snyk plan -Confirm your Snyk license has been applied correctly. Navigate to your Organization by clicking the Organization name on the left menu and click **Settings**. Confirm the license has been applied to this Organization by reviewing Usage, Plans, and Billing. Tests should be unlimited for the products purchased, and a Team plan should be indicated. +Confirm your Snyk license is applied correctly. Navigate to your Organization by clicking the Organization name in the menu and click **Settings**. Confirm the license is applied to this Organization by reviewing Usage, Plans, and Billing. Tests should be unlimited for the products purchased, and a Team plan should be indicated. -The proper license setup ensures you can fully use Snyk capabilities without limitations. It also guarantees you remain compliant with Snyk terms of use. If the license was incorrectly assigned, contact Snyk support. +The proper license setup ensures you can fully use Snyk capabilities without limitations. It also guarantees you remain compliant with Snyk terms of use. If the license was incorrectly assigned, contact Snyk support. diff --git a/discover-snyk/implementation-and-setup/team-implementation-guide/phase-2-configure-your-organization/README.md b/discover-snyk/implementation-and-setup/team-implementation-guide/phase-2-configure-your-organization/README.md index ae0275f7036a..9f43077ae4e3 100644 --- a/discover-snyk/implementation-and-setup/team-implementation-guide/phase-2-configure-your-organization/README.md +++ b/discover-snyk/implementation-and-setup/team-implementation-guide/phase-2-configure-your-organization/README.md @@ -2,15 +2,15 @@ ## Name your Organization -This step is easiest performed prior to purchasing the license. If you did not, Snyk support can assist you. +This step is easiest performed before purchasing the license. If you did not, Snyk support can assist you. -### Changing the name prior to purchase +### Changing the name before purchase Click the arrows next to your Organization name, click **Create New Organization**. From the **Settings-Plans and Billing** page, purchase a team plan. ### Changing the name after purchase -After determining the name of your Organization in phase 1, navigate to **Settings** in the Snyk web UI and update your **Organization** **name**. +After determining the name of your Organization in phase 1, navigate to **Settings** in the Snyk Web UI and update your **Organization** **name**. {% hint style="info" %} You must contact Snyk support and submit a ticket to update the url slug. This can impact any existing CI/CD scripts that your team has previously created, so this step should be performed as early as possible and be communicated to your team if CLI has been in use for a while. diff --git a/discover-snyk/implementation-and-setup/team-implementation-guide/phase-2-configure-your-organization/configure-integrations.md b/discover-snyk/implementation-and-setup/team-implementation-guide/phase-2-configure-your-organization/configure-integrations.md index 4c326dd0705e..fb1b4eea0503 100644 --- a/discover-snyk/implementation-and-setup/team-implementation-guide/phase-2-configure-your-organization/configure-integrations.md +++ b/discover-snyk/implementation-and-setup/team-implementation-guide/phase-2-configure-your-organization/configure-integrations.md @@ -26,14 +26,14 @@ The CLI provides: * Supports private packages without having to configure an additional integration, providing that your build environment will have access to your private packages. * Give visibility to components that are pushed to production by either breaking builds and reporting to Snyk or only reporting to Snyk. -There are several [CI/CD integrations](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/snyk-ci-cd-integrations) available, or you can use the [Snyk CLI](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli) as part of your pipeline, in order to have more flexibility in the tests you are running. +There are several [CI/CD integrations](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/snyk-ci-cd-integrations) available, or you can use the [Snyk CLI](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli) as part of your pipeline, to have more flexibility in the tests you are running. In the initial phase, Snyk recommends using the “monitor” feature to import information into Snyk so you can see any discovered issues (unless you are already importing your repos using a source control integration to achieve this). Later, when you want to start gating/blocking new vulnerabilities from being added, you can introduce “test” features - initially failing builds on critical issues and then gradually adapting the fail criteria over time. {% hint style="info" %} For `snyk iac test --report`, finding issues will result in the build possibly stopping with a non-zero response code. \ \ -If you want to test passively, the inclusion of the `--report` argument requires either setting the build step to always continue or an alternative like concatenating logic equating to "or true" (for example `snyk iac test --report || true`). The exact syntax depends on the ecosystem the CLI is run in. +If you want to test passively, the inclusion of the `--report` argument requires either setting the build step to always continue or an alternative like concatenating logic equating to "or true" (for example `snyk iac test --report || true`). The exact syntax depends on the ecosystem the CLI is run in. {% endhint %} When configuring pipelines, you can use popular plugins like [`snyk-filter`](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/scan-and-maintain-projects-using-the-cli/cli-tools/snyk-filter) for advanced filtering. diff --git a/discover-snyk/implementation-and-setup/team-implementation-guide/phase-3-gain-visibility/add-project-attributes.md b/discover-snyk/implementation-and-setup/team-implementation-guide/phase-3-gain-visibility/add-project-attributes.md index 7bbcd81c8d2d..8485841ad6a4 100644 --- a/discover-snyk/implementation-and-setup/team-implementation-guide/phase-3-gain-visibility/add-project-attributes.md +++ b/discover-snyk/implementation-and-setup/team-implementation-guide/phase-3-gain-visibility/add-project-attributes.md @@ -1,6 +1,6 @@ # Add project attributes -After importing your projects, you can add metadata to your Projects using [Project Attributes](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-projects/project-attributes). This allows you to filter and report on specific subsets of your Organization. +After importing your Projects, you can add metadata to your Projects using [Project Attributes](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-projects/project-attributes). This lets you filter and report on specific subsets of your Organization. -For example, if you add Project Attributes to all of your Projects, you can easily filter Projects to those that are "frontend critical vulnerabilities in production" from the Projects page. +For example, if you add Project Attributes to all of your Projects, you can filter Projects to those that are "frontend critical vulnerabilities in production" from the Projects page. diff --git a/discover-snyk/implementation-and-setup/team-implementation-guide/phase-3-gain-visibility/import-projects.md b/discover-snyk/implementation-and-setup/team-implementation-guide/phase-3-gain-visibility/import-projects.md index 5428de59a71b..15ef7a50620e 100644 --- a/discover-snyk/implementation-and-setup/team-implementation-guide/phase-3-gain-visibility/import-projects.md +++ b/discover-snyk/implementation-and-setup/team-implementation-guide/phase-3-gain-visibility/import-projects.md @@ -1,6 +1,6 @@ # Import Projects -Depending on the integrations you have configured, and the language / package managers in your tech stack, you can import Projects into Snyk using: +Depending on the integrations you have configured, and the languages and package managers in your tech stack, you can import Projects into Snyk using: * A source control integration with your Git repositories * The Snyk CLI with CI/CD. @@ -35,14 +35,14 @@ For a small number of applications, typically under a hundred: For hundreds or thousands of repositories: * At scale, Snyk recommends using the API. APIs are available with the Snyk Enterprise plan. - * Use the [Snyk API](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/snyk-api) to import your Projects. This leverages an existing source control integration and can be used to automate processes. - * The [API-import](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-apps/tool-snyk-api-import) tool uses the API to manage onboarding at scale for large enterprises and is the suggested tool to use at scale. The source control structure will need to be mirrored. + * Use the [Snyk API](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/snyk-api) to import your Projects. This uses an existing source control integration and can automate processes. + * The [API-import](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-apps/tool-snyk-api-import) tool uses the API to manage onboarding at scale for large enterprises and is the suggested tool to use at scale. You must mirror the source control structure. ## Snyk CLI For details, see [Snyk CLI](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli). -The CLI allows granular scanning of individual Projects. +The CLI lets you scan individual Projects granularly. {% hint style="info" %} A command must be formulated for each type of test to perform (open source, code, infrastructure as code, and container). @@ -55,9 +55,9 @@ To use the Snyk CLI: 3. In the script, navigate to the Project folder. 4. Run the appropriate `snyk test` or `snyk monitor` commands and options for the type of scan you want to run.\ \ - Where to implement testing in your scripts is generally flexible but most commonly prior to deployment. Use the monitor command alone for Snyk Open Source and Snyk Container to passively report. When you are using gating through the `test` command, the purpose is to break the build if issues are found that meet particular criteria like `--severity-threshold` or any number of options in the CLI or the `snyk-filter` plugin.\ + Where to implement testing in your scripts is generally flexible but most commonly before deployment. Use the monitor command alone for Snyk Open Source and Snyk Container to passively report. When you are using gating through the `test` command, the purpose is to break the build if issues are found that meet particular criteria like `--severity-threshold` or any number of options in the CLI or the `snyk-filter` plugin.\ \ - In general, Snyk Open source is typically run in `test` and/or `monitor` after the dependencies are installed on the build system.\ + In general, Snyk Open Source is typically run in `test` and `monitor` after the dependencies are installed on the build system.\ \ A typical command can look as follows: * Code: `snyk code test --org=[org-id]` @@ -65,7 +65,7 @@ To use the Snyk CLI: * `snyk test --all-projects --org=[org-id]` * `snyk monitor --all-projects --org=[org-id]`\ Replace `[org-id]` with the ID of your Organization. - * For Container and Infrastructure as Code scans, see [Container](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-container/scan-container-images) and [Infrastructure as Code](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-iac), as this will vary based on the type being scanned. + * For Container and Infrastructure as Code scans, see [Container](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-container/scan-container-images) and [Infrastructure as Code](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-iac), as this varies based on the type being scanned. 5. Review results either locally when running `snyk test`, or on the Snyk Web UI when using `monitor` or report. For demonstrations of various pipeline integrations, see [Snyk-Labs](https://github.com/snyk-labs/snyk-cicd-integration-examples). diff --git a/discover-snyk/implementation-and-setup/team-implementation-guide/phase-4-create-a-fix-strategy.md b/discover-snyk/implementation-and-setup/team-implementation-guide/phase-4-create-a-fix-strategy.md index b95672f22f8f..03da0a0c8e8a 100644 --- a/discover-snyk/implementation-and-setup/team-implementation-guide/phase-4-create-a-fix-strategy.md +++ b/discover-snyk/implementation-and-setup/team-implementation-guide/phase-4-create-a-fix-strategy.md @@ -9,7 +9,7 @@ Before diving into specific vulnerabilities, consider your Organizations and rep In your Organization, you can then consider the repositories that make up the application's different parts. Areas that handle sensitive data or are public-facing may be more important to secure, so this could be another way to narrow down your initial list of Projects to review. {% hint style="info" %} -If you have used **Attributes** to add metadata to your Projects, these can be a great way to filter down the number of Projects that you are considering. +If you have used **Attributes** to add metadata to your Projects, these can help you filter down the number of Projects that you are considering. {% endhint %} ## Group work by development teams @@ -20,17 +20,17 @@ After you have your reduced set of Projects to prioritize, you may want to split Filters are available to help prioritize what issues need to be fixed more urgently. The following search criteria are most commonly used when building a prioritization plan and can be used iteratively or in combination as you analyze results. -* Severity (Start with **High** and **Critical**). It is common to filter by critical severity. However, Snyk Code, Snyk code only goes up to High, so if you are using Snyk Code, start there for Code Analysis results. -* [Exploit Maturity](https://snyk.io/blog/whats-so-wild-about-exploits-in-the-wild-and-how-can-we-prioritize-accordingly/) (Issues with **Mature** or **Proof of Concept** are more exploitable). By choosing this filter, you implicitly only filter the results to Open Source. -* Fixable (if there’s a fix available by upgrading a package, it’s much faster to fix). +* Severity (Start with **High** and **Critical**). It is common to filter by critical severity. However, Snyk Code only goes up to High, so if you are using Snyk Code, start there for Code Analysis results. +* [Exploit Maturity](https://snyk.io/blog/whats-so-wild-about-exploits-in-the-wild-and-how-can-we-prioritize-accordingly/) (Issues with **Mature** or **Proof of Concept** are more exploitable). By choosing this filter, you implicitly filter the results to Open Source only. +* Fixable (if there’s a fix available by upgrading a package, it’s much faster to fix) * CVSS Score for Open Source Vulnerabilities -* [Priority Score](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/fix/prioritize-issues-for-fixing/priority-score) (The above values are used to calculate this score). One strategy is to eliminate the vulnerabilities with a score of 900-1000, and then move to vulnerabilities with a score of 800-900, and so on. +* [Priority Score](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/fix/prioritize-issues-for-fixing/priority-score) (Snyk uses the preceding values to calculate this score). One strategy is to eliminate the vulnerabilities with a score of 900-1000, and then move to vulnerabilities with a score of 800-900, and so on. -Decide which metrics will be used when planning your fix strategy, and get specific with your timeline. If you choose to fix by severity, for example, estimate the time it will take to resolve a vulnerability per severity. It’s recommended to be specific with your fix strategy. +Decide which metrics to use when planning your fix strategy, and get specific with your timeline. If you choose to fix by severity, for example, estimate the time it takes to resolve a vulnerability per severity. Snyk recommends being specific with your fix strategy. **Example** -If there are fifty critical-severity issues and one hundred high-severity issues, you may plan on two weeks to fix critical vulnerabilities and then four weeks to fix high-severity, based on the size of your team and workload. +If there are 50 critical-severity issues and 100 high-severity issues, you may plan on two weeks to fix critical vulnerabilities and then four weeks to fix high-severity, based on the size of your team and workload. Alternatively, you can fix by issue type. @@ -62,8 +62,8 @@ DevSecOps-led implementation, focusing on securing your custom images and enviro ## Targeted Vulnerabilities Campaigns -As you operationalize security testing in your development process, another option for your fix strategy is to have campaigns to eliminate vulnerability types, for example, SQL injection. Using CWE in your search filters can be very useful in reporting to identify and log issues. +As you operationalize security testing in your development process, another option for your fix strategy is to have campaigns to eliminate vulnerability types, for example, SQL injection. Using CWE in your search filters can be useful in reporting to identify and log issues. ## Update your timeline -Once you have created your fix strategy, update the timeline for Phase 7. +After you have created your fix strategy, update the timeline for Phase 7. diff --git a/discover-snyk/implementation-and-setup/team-implementation-guide/phase-5-rolling-out-the-prevention-stage/README.md b/discover-snyk/implementation-and-setup/team-implementation-guide/phase-5-rolling-out-the-prevention-stage/README.md index 4831f895f481..bc1deccee241 100644 --- a/discover-snyk/implementation-and-setup/team-implementation-guide/phase-5-rolling-out-the-prevention-stage/README.md +++ b/discover-snyk/implementation-and-setup/team-implementation-guide/phase-5-rolling-out-the-prevention-stage/README.md @@ -4,11 +4,11 @@ After you gain visibility on your security issues, you can now start to implemen ## Common prevention methods -Below are the two common areas that allow you to "prevent new issues": +The two common areas that let you "prevent new issues" are: -* Snyk tests on pull request (PR)/merge checks (MR), currently available for Open Source. +* Snyk tests on pull request (PR)/merge checks (MR), available for Open Source. * Adding "Snyk test" to your CI/CD pipelines (you may have already implemented "Snyk monitor" to import your Projects as part of the pipeline). - * Additionally, open source, code, infrastructure as code, and container vulnerabilities can all be gated. + * Additionally, Snyk can gate open source, code, infrastructure as code, and container vulnerabilities. In either case, Snyk suggests that you communicate these changes clearly to your developers before implementing any form of gating. @@ -24,7 +24,7 @@ To block new issues, you can use PR checks. For details, see [Run PR Checks](htt ### Communicate exception processes -It is important to ensure the teams know the exception processes and how to address if a PR is blocked or a build fails. +Ensure the teams know the exception processes and how to respond if a PR is blocked or a build fails. For example: diff --git a/discover-snyk/implementation-and-setup/team-implementation-guide/phase-5-rolling-out-the-prevention-stage/add-and-configure-snyk-to-your-ci-cd-pipeline.md b/discover-snyk/implementation-and-setup/team-implementation-guide/phase-5-rolling-out-the-prevention-stage/add-and-configure-snyk-to-your-ci-cd-pipeline.md index 3723bd81c0ae..6da9a92ab15c 100644 --- a/discover-snyk/implementation-and-setup/team-implementation-guide/phase-5-rolling-out-the-prevention-stage/add-and-configure-snyk-to-your-ci-cd-pipeline.md +++ b/discover-snyk/implementation-and-setup/team-implementation-guide/phase-5-rolling-out-the-prevention-stage/add-and-configure-snyk-to-your-ci-cd-pipeline.md @@ -6,7 +6,7 @@ After your teams understand the vulnerabilities in their applications and develo ## No import requirement -A benefit of adding tests to your pipeline is that you do not need to import the repository to Snyk using the source control integration (which is required for Snyk PR Checks). It can also be used as an additional gate, even if you are testing PRs, to further decrease the chance of new vulnerabilities entering your production builds. +A benefit of adding tests to your pipeline is that you do not need to import the repository to Snyk using the source control integration (which Snyk PR Checks require). You can also use it as an additional gate, even if you are testing PRs, to further decrease the chance of new vulnerabilities entering your production builds. ## Pipeline options @@ -15,7 +15,7 @@ When adding Snyk to a build pipeline, there are common options: * Using the specific [pipeline integration](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/snyk-ci-cd-integrations) for your tool. * Using the [Snyk CLI](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli) and running the specific commands directly. -Each option has benefits - using an existing pipeline integration may be faster and easier to configure, but using the Snyk CLI will give you a greater range of options and flexibility in your "fail" criteria. +Each option has benefits — using an existing pipeline integration may be faster to configure, but using the Snyk CLI gives you a greater range of options and flexibility in your "fail" criteria. ## Pipeline test filters @@ -23,7 +23,7 @@ When running a test in your pipeline, there are filters available to determine w ## CLI supporting tools -If you use the Snyk CLI in your pipeline, a range of supporting [Snyk Tools](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-apps/snyk-tools) provide additional functionality, including [`snyk-filter`](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/scan-and-maintain-projects-using-the-cli/cli-tools/snyk-filter), which can be used for more complex "fail" criteria, such as “fail if more than three High severity vulnerabilities are found”. +If you use the Snyk CLI in your pipeline, a range of supporting [Snyk Tools](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-apps/snyk-tools) provide additional functionality, including [`snyk-filter`](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/scan-and-maintain-projects-using-the-cli/cli-tools/snyk-filter), which you can use for more complex "fail" criteria, such as “fail if more than three High severity vulnerabilities are found”. ## Also see diff --git a/discover-snyk/implementation-and-setup/team-implementation-guide/phase-5-rolling-out-the-prevention-stage/enable-and-configure-snyk-on-prs.md b/discover-snyk/implementation-and-setup/team-implementation-guide/phase-5-rolling-out-the-prevention-stage/enable-and-configure-snyk-on-prs.md index 93be26a462f6..51a7508b7a72 100644 --- a/discover-snyk/implementation-and-setup/team-implementation-guide/phase-5-rolling-out-the-prevention-stage/enable-and-configure-snyk-on-prs.md +++ b/discover-snyk/implementation-and-setup/team-implementation-guide/phase-5-rolling-out-the-prevention-stage/enable-and-configure-snyk-on-prs.md @@ -2,40 +2,40 @@ ## Use PR Checks to introduce gating -[Snyk Pull Request(PR)/Merge Request (MR) Checks](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/prevent/pull-request-checks) allow you to prevent new security issues from entering your codebase, by automatically scanning code changes when you submit a pull request (PR). PR Checks are available for open-source vulnerabilities, license compliance issues, and your own code issues. +[Snyk Pull Request(PR)/Merge Request (MR) Checks](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/prevent/pull-request-checks) let you prevent new security issues from entering your codebase, by automatically scanning code changes when you submit a pull request (PR). PR Checks are available for open-source vulnerabilities, license compliance issues, and your own code issues. If you import Projects through a source control integration, then Snyk Open Source and Snyk Code PR Checks is a good place to start introducing gating. {% hint style="info" %} -Snyk recommendes announcing the changes prior to rolling out the changes. See [Announce prevention measures](../../enterprise-implementation-guide/automate-prevention-measures.md#announce-prevention-measures) for examples of how to message your developers. +Snyk recommends announcing the changes before rolling out the changes. See [Announce prevention measures](../../enterprise-implementation-guide/automate-prevention-measures.md#announce-prevention-measures) for examples of how to message your developers. {% endhint %} ### Implementing Open Source PR Checks There are a number of different features available that can be used to help you gradually introduce the feature to avoid friction with your development teams: -* Fail conditions: You can control whether the test will "fail" if the PR itself is adding a dependency with issues (most common) or if the repository as a whole has any issues. +* Fail conditions: You can control whether the test "fails" if the PR itself is adding a dependency with issues (most common) or if the repository as a whole has any issues. -The criteria of what constitutes a "failed test" can also be customized. By default, the test does not filter based on severity or fixability, which can mean that PR tests will regularly fail. For Snyk Open Source you can customize what the criteria are to fail the test: +You can also customize the criteria of what constitutes a "failed test". By default, the test does not filter based on severity or fixability, which can mean that PR tests regularly fail. For Snyk Open Source you can customize the criteria to fail the test: * **Only fail for high or critical severity issues** * **Only fail when the issues found have a fix available** -When you first enable this feature, Snyk suggests ticking both of these boxes so that a test would fail if a **High or Critical** and **fixable** issue is found. In this case, you would want to encourage to developer to fix the issue before proceeding. +When you first enable this feature, Snyk suggests selecting both of these check boxes so that a test fails if a **High or Critical** and **fixable** issue is found. In this case, encourage the developer to fix the issue before proceeding. -These PR tests are optional by default, meaning that even if the test fails, the developer may be able to continue and merge the PR. Controlling whether a PR test is optional or blocking is configured within your source control management platform, such as GitHub’s branch protection rules. +These PR tests are optional by default, meaning that even if the test fails, the developer can continue and merge the PR. You configure whether a PR test is optional or blocking in your source control management platform, such as GitHub’s branch protection rules. ### Implementing Code PR Checks When enabling static analysis of code changes and therefore new vulnerabilities, you can select the fail criteria to be **High** (the highest severity). -When you first enable this feature, Snyk suggests selecting **High** if an issue is found. In this case, you would want to encourage developers to fix the issue before proceeding. As your code base stabilizes and you have worked through the backlog, you can change the fail criteria to lower the severity (to either **Medium** or **Low)** in order to address broader issues or to match your internal policies. +When you first enable this feature, Snyk suggests selecting **High** if an issue is found. In this case, encourage developers to fix the issue before proceeding. As your codebase stabilizes and you have worked through the backlog, you can change the fail criteria to lower the severity (to either **Medium** or **Low)** to address broader issues or to match your internal policies. ### Using PR Checks for a phased rollout It is common to have a phased rollout of these features. Using PR checks as an example: -* You may initially run Snyk tests and set, via your source control settings, as optional checks. The results are displayed, but the developer is not blocked from merging the PR. +* You may initially run Snyk tests and set them, through your source control settings, as optional checks. The results are displayed, but the developer is not blocked from merging the PR. * Over time, as developers adapt to seeing these results and begin addressing the high issues proactively, you can choose to start blocking PRs from being merged if there are any new highest severity issues or, in the case of Snyk Open Source, if a fix is available. This phased rollout helps to decrease friction between your security and development teams. diff --git a/discover-snyk/implementation-and-setup/team-implementation-guide/phase-6-triages-ignores-and-fixes.md b/discover-snyk/implementation-and-setup/team-implementation-guide/phase-6-triages-ignores-and-fixes.md index e7837c456854..308e4daa5e4a 100644 --- a/discover-snyk/implementation-and-setup/team-implementation-guide/phase-6-triages-ignores-and-fixes.md +++ b/discover-snyk/implementation-and-setup/team-implementation-guide/phase-6-triages-ignores-and-fixes.md @@ -5,7 +5,7 @@ After you implement a strategy to prevent new issues from entering your repositories, whether blocking builds or running in a non-blocking/advisory mode, the next step is to prioritize and start fixing issues in your backlog. * In [Phase 4: Create a Fix strategy](phase-4-create-a-fix-strategy.md), you created a plan for prioritizing your Projects and issues. To implement this, you can schedule regular meetings with development team leads, to assist them with this process. -* If you use Jira Cloud, you can download and install the [Snyk Security in Jira Cloud](https://marketplace.atlassian.com/apps/1230482/snyk-security-in-jira-cloud) plugin from the Atlassian marketplace. This allows you to view information on your Snyk Vulnerabilities directly in Jira, and use Jira Automation to create new tickets when new vulnerabilities are identified. +* If you use Jira Cloud, you can download and install the [Snyk Security in Jira Cloud](https://marketplace.atlassian.com/apps/1230482/snyk-security-in-jira-cloud) plugin from the Atlassian marketplace. This lets you view information on your Snyk Vulnerabilities directly in Jira, and use Jira Automation to create new tickets when new vulnerabilities are identified. ## When should you ignore an issue? @@ -25,7 +25,7 @@ Confirm ignore with an Organization Admin (they may need to complete this step t When adding the ignore: * Ensure you add a detailed reason, so the ignore reason is clear to others who see this issue. -* Set an expiration date for the ignored rather than having a permanent ignore. This is essential, as whilst the issue may not be fixable/relevant today, it should be reviewed regularly (monthly or quarterly) to see if it is possible to implement a fix. +* Set an expiration date for the ignore rather than having a permanent ignore. This is essential, as while the issue may not be fixable or relevant today, review it regularly (monthly or quarterly) to see if it is possible to implement a fix. {% hint style="info" %} In **Settings-General** it's common to limit access to who can ignore an issue and require a reason. diff --git a/discover-snyk/implementation-and-setup/team-implementation-guide/prerequisites-project-plan-templates.md b/discover-snyk/implementation-and-setup/team-implementation-guide/prerequisites-project-plan-templates.md index 7c916cbb9b2c..87493033abce 100644 --- a/discover-snyk/implementation-and-setup/team-implementation-guide/prerequisites-project-plan-templates.md +++ b/discover-snyk/implementation-and-setup/team-implementation-guide/prerequisites-project-plan-templates.md @@ -4,7 +4,7 @@ The templates provided below are the basis of the following sections of this gui You can download and use these templates in your project management system. {% hint style="info" %} -The suggested timelines are typically for individual teams and small companies, which may involve a small team or company. Adjust accordingly for what makes sense for your company. +The suggested timelines are typically for individual teams and small companies. Adjust accordingly for what makes sense for your company. {% endhint %} You can download or import these plans: diff --git a/discover-snyk/snyk-api/rest-api/getting-started-with-the-rest-api.md b/discover-snyk/snyk-api/rest-api/getting-started-with-the-rest-api.md index ccb760027f8b..5f57bd157ba7 100644 --- a/discover-snyk/snyk-api/rest-api/getting-started-with-the-rest-api.md +++ b/discover-snyk/snyk-api/rest-api/getting-started-with-the-rest-api.md @@ -6,7 +6,7 @@ Follow these steps to make a simple call to the REST API using `curl` in the com 2. In your account, use the left navigation to find an **Organization** where you have Projects you can list. 3. Navigate to your **Organization Settings**, and on the **General** settings page, find your **Organization ID** and copy the value. 4. Navigate to your personal [General Account Settings](https://app.snyk.io/account/) and copy your **API Token**. For instructions, see [Authentication for API](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/authentication-for-api). -5. Use a `curl` command to make your request. Replace the `{orgId}` and API\_TOKEN with your **Organization ID** and **API Token**, respectively. Snyk recommends using 2024-10-15 for the version number unless you are using an earlier version for a specific reason. Using the current day's date will call the most recent version of the API. An example follows: +5. Use a `curl` command to make your request. Replace the `{orgId}` and API\_TOKEN with your **Organization ID** and **API Token**, respectively. Snyk recommends using 2024-10-15 for the version number unless you are using an earlier version for a specific reason. Using the current day's date calls the most recent version of the API. An example follows: ```sh curl --request GET \ diff --git a/discover-snyk/snyk-learn/README.md b/discover-snyk/snyk-learn/README.md index e7a902234e64..36d6808c3791 100644 --- a/discover-snyk/snyk-learn/README.md +++ b/discover-snyk/snyk-learn/README.md @@ -2,7 +2,7 @@ [Snyk Learn](https://learn.snyk.io) offers lessons for developer [security education](./#security-education) and Snyk [product training](./#product-training) with short and interactive content. Snyk Learn also has[ learning paths](https://learn.snyk.io/catalog/?format=learning_path\&type=security-education) for learners to take a predefined set of lessons following a structured flow. These lessons and learning plans are designed to help you start using Snyk, implement a [DevSecOps](../getting-started/glossary.md#devsecops) framework, and also to help you implement an ongoing security education and training program. -Snyk Learn is one component of learning available for users and customers. The Snyk [customer resource page](https://snyk.io/customer-resources/) will help you learn the best practices for implementing Snyk in your Organization. +Snyk Learn is one component of learning available for users and customers. The Snyk [customer resource page](https://snyk.io/customer-resources/) helps you learn the best practices for implementing Snyk in your Organization. Snyk Learn is integrated into the Snyk Platform, giving learners the ability to [track their progress](your-learning/) and Organizations the ability to manage users through Snyk. @@ -14,13 +14,13 @@ The following table shows the features available for each plan. For more informa ### Learning Management add-on -The Snyk Learning Management add-on allows AppSec and compliance teams to easily [assign](snyk-learn-assignments.md) lessons, track progress, and download reports for proof of completion. These capabilities are also supported through the [Snyk Learn API](snyk-learn-api.md). +The Snyk Learning Management add-on lets AppSec and compliance teams [assign](snyk-learn-assignments.md) lessons, track progress, and download reports for proof of completion. The [Snyk Learn API](snyk-learn-api.md) also supports these capabilities. For more information and to add this capability to your Snyk plan, contact your Snyk account team. ## Regional hosting -Snyk Learn also allows for regional hosting and data residency. Multi-tenant support enables seamless operation across multiple deployment environments, specifically tailored to meet the needs of Snyk users in the US, AU, and EU. +Snyk Learn also supports regional hosting and data residency. Multi-tenant support enables operation across multiple deployment environments, specifically tailored to meet the needs of Snyk users in the US, AU, and EU. Snyk customers have access to Snyk Learn resources according to their region in the Snyk application. There is no need to create an additional user. For more information, see [Regional hosting and data residency](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/ELvljsaLKPkSpffOkmsQ/regional-hosting-and-data-residency). @@ -44,6 +44,6 @@ Snyk[ product training](https://learn.snyk.io/catalog/?type=product-training) pr * How to configure and manage Snyk organizations * How to use Snyk to find and fix issues -The platform provides an easy way for teams to get an introduction to Snyk tools and user best practices. Most courses take between three and ten minutes. +The platform provides a way for teams to get an introduction to Snyk tools and user best practices. Most courses take between 3 and 10 minutes. Snyk offers product training[ learning paths](https://learn.snyk.io/catalog/?type=product-training\&format=learning_path), including Implementing Snyk, Managing application security with Snyk, and Developing using Snyk. diff --git a/discover-snyk/snyk-learn/snyk-assist.md b/discover-snyk/snyk-learn/snyk-assist.md index 163ab34106d7..3d23b352b6d1 100644 --- a/discover-snyk/snyk-learn/snyk-assist.md +++ b/discover-snyk/snyk-learn/snyk-assist.md @@ -9,21 +9,21 @@ Snyk Assist for Learn is an AI-powered learning assistant integrated into the Sn Snyk Assist enhances your learning experience within the Snyk Learn platform by: * Providing immediate answers to questions about Snyk products, features, and general application security concepts. -* Delivering context-aware replies based on Snyk's extensive knowledge base. +* Delivering context-aware replies based on the extensive knowledge base in Snyk. * Suggesting relevant follow-on learning opportunities available within Snyk Learn, Snyk Docs and the Snyk Blog.

Snyk Assist on Snyk Learn

## How Snyk Assist works -Snyk Assist utilizes Generative AI to respond to questions based on information retrieved from trusted Snyk sources: +Snyk Assist uses Generative AI to respond to questions based on information retrieved from trusted Snyk sources: * [Snyk Learn lessons](https://learn.snyk.io/catalog/?format=lesson) * [Snyk Documentation](../) Snyk Assist **does not** have access to your Snyk tenant data, such as issue and asset information, or Snyk Learn learning history. While interacting with Snyk Assist, we collect and process your queries and conversation history to provide responses and improve our service. -The technology leverages Snyk-managed services and selected third-party Large Language Model (LLM) providers to respond with helpful and informative answers. +The technology uses Snyk-managed services and selected third-party Large Language Model (LLM) providers to respond with helpful and informative answers. {% hint style="info" %} **Capabilities and Limitations** @@ -32,7 +32,7 @@ The technology leverages Snyk-managed services and selected third-party Large La * Snyk Assist **does not** perform security analysis, check your code for vulnerabilities, comment on code quality, or provide specific code samples. For code scanning and analysis, continue using the Snyk CLI, Snyk IDE extensions, or recurring SCM tests integrated with your repositories. * Snyk Assist provides information from its body of knowledge, but responses should not be considered legal, security, or compliance advice. While we strive for accuracy, Snyk is not liable for decisions made based on information provided by Snyk Assist. Always verify critical security information through official Snyk documentation and tools. -See the usage disclaimer [here](https://snyk.io/policies/snyk-assist-disclaimer). +See the [usage disclaimer](https://snyk.io/policies/snyk-assist-disclaimer). {% endhint %} ## Using Snyk Assist @@ -43,7 +43,7 @@ Snyk Assist is accessible directly within the Snyk Learn interface for users wit 2. Click the **Snyk Assist** icon to open the chat window. This is found in the bottom right of the page. 3. Type your questions about Snyk products or application security concepts into the chat prompt. -Snyk Assist will answer based on its knowledge base, potentially including links to relevant documentation, Learn lessons, and Snyk blogs. +Snyk Assist answers based on its knowledge base, potentially including links to relevant documentation, Learn lessons, and Snyk blogs. {% hint style="info" %} If you do not see the chat icon, your Snyk admin may not have enabled this functionality for your Group. Additionally, ensure that the default Org in your Snyk settings is set to your company's Snyk Org and not a personal Snyk Org. @@ -63,6 +63,6 @@ After Snyk Assist is enabled, it is visible and accessible on Snyk Learn for the

Snyk Assist settings page

-## Data Handling and Safeguards +## Data handling and safeguards See [How Snyk handles your data](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/ELvljsaLKPkSpffOkmsQ/how-snyk-handles-your-data#snyk-learn) for more information on this topic. diff --git a/discover-snyk/snyk-learn/snyk-learn-access-controls.md b/discover-snyk/snyk-learn/snyk-learn-access-controls.md index 5ecf262e5a5f..1389a6e05394 100644 --- a/discover-snyk/snyk-learn/snyk-learn-access-controls.md +++ b/discover-snyk/snyk-learn/snyk-learn-access-controls.md @@ -12,7 +12,7 @@ description: >- Assignment permissions are available in the Snyk Learning Management add-on offering. Report permissions are available to Snyk Enterprise plan customers. For more information, contact your Snyk account team. {% endhint %} -**Snyk Learn Access Controls** functionality enables you to manage user permissions for Snyk Learn using the same [access control model](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/snyk-platform-administration/user-roles/user-role-management) as the Snyk Platform. A Group Admin can create custom roles with a set of permissions related to Snyk Learn Assignments. These roles can reflect users and functions in the Organization. For example, you can limit permissions for education and training management functionality for Snyk Learn to the user who is the education and training manager at your organization. +**Snyk Learn Access Controls** functionality lets you manage user permissions for Snyk Learn using the same [access control model](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/snyk-platform-administration/user-roles/user-role-management) as the Snyk Platform. A Group Admin can create custom roles with a set of permissions related to Snyk Learn Assignments. These roles can reflect users and functions in the Organization. For example, you can limit permissions for education and training management functionality for Snyk Learn to the user who is the education and training manager at your organization. {% hint style="info" %} Group and Organization Admins have access to Snyk Learn Reports and Assignments by default without extra permissions. @@ -20,7 +20,7 @@ Group and Organization Admins have access to Snyk Learn Reports and Assignments #### Assignments -To grant permissions for access to Assignments beyond the default Organization and Group Admin roles, you must create a [custom role](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/snyk-platform-administration/user-roles/custom-role-templates/snyk-learn-learning-admin) with a set of permissions for assignments. The custom role must have the View Users permission in order for managing assignments to work. The following lists the permissions for managing assignments: +To grant permissions for access to Assignments beyond the default Organization and Group Admin roles, you must create a [custom role](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/snyk-platform-administration/user-roles/custom-role-templates/snyk-learn-learning-admin) with a set of permissions for assignments. The custom role must have the View Users permission for managing assignments to work. The following lists the permissions for managing assignments: * View Organization assignments * Edit Organization assignments diff --git a/discover-snyk/snyk-learn/snyk-learn-api.md b/discover-snyk/snyk-learn/snyk-learn-api.md index a4bae19636a9..fe1f019956b0 100644 --- a/discover-snyk/snyk-learn/snyk-learn-api.md +++ b/discover-snyk/snyk-learn/snyk-learn-api.md @@ -6,7 +6,7 @@ The Snyk Learn API endpoints are [Beta](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/rest-api/about-the-rest-api#versioning) endpoints. {% endhint %} -The Snyk Learn API endpoints are part of the [Snyk REST API](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/rest-api/about-the-rest-api) and allow for programmatic interaction with Snyk Learn. +The Snyk Learn API endpoints are part of the [Snyk REST API](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/rest-api/about-the-rest-api) and let you interact programmatically with Snyk Learn. The Snyk REST API requires authentication. For information about authentication, see [Authentication for API](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/authentication-for-api). diff --git a/discover-snyk/snyk-learn/snyk-learn-assignments.md b/discover-snyk/snyk-learn/snyk-learn-assignments.md index cdb5f59472d1..82773cb30e2a 100644 --- a/discover-snyk/snyk-learn/snyk-learn-assignments.md +++ b/discover-snyk/snyk-learn/snyk-learn-assignments.md @@ -6,7 +6,7 @@ Assignments are available in the Snyk Learning Management add-on offering. For more information, contact your Snyk account team. {% endhint %} -Assignments streamline training management by empowering admins to assign, track, and manage learning efficiently. The Assignments feature enhances accountability by allowing customers to set due dates for completion and seamlessly integrate with organizational goals, for example, compliance timelines, ensuring alignment across training initiatives. +Assignments streamline training management by empowering admins to assign, track, and manage learning efficiently. The Assignments feature enhances accountability by letting you set due dates for completion and integrate with organizational goals, for example, compliance timelines, ensuring alignment across training initiatives. Using Assignments, your company can gain: @@ -17,7 +17,7 @@ Using Assignments, your company can gain: * Compliance: Get help with meeting regulatory requirements through the timely completion of mandatory training. {% hint style="info" %} -Snyk Learn Assignments support Organizations with up to 5000 members. +Snyk Learn Assignments support Organizations with up to 5,000 members. {% endhint %} ## Use cases for assignments @@ -66,7 +66,7 @@ By default, only Snyk Org or Group admins can create assignments. Group admins c

Creating new assignments button on the Assignments Dashboard page

-The **New Assignments** page opens, which allows you to create assignments for Snyk Organization users. On the **New Assignments** page: +The **New Assignments** page opens, where you can create assignments for Snyk Organization users. On the **New Assignments** page: 1. Verify that the selected Organization is correct. @@ -88,7 +88,7 @@ The **New Assignments** page opens, which allows you to create assignments for S
-6. Optionally reset user learning progress. If selected this forces users to retake lessons that have already been completed. +6. Optionally reset user learning progress. If selected, this forces users to retake lessons that have already been completed.

Optionally reset user learning progress

diff --git a/discover-snyk/snyk-learn/snyk-learn-learning-programs.md b/discover-snyk/snyk-learn/snyk-learn-learning-programs.md index 0e4b5d8d26f1..fdd2fe251f45 100644 --- a/discover-snyk/snyk-learn/snyk-learn-learning-programs.md +++ b/discover-snyk/snyk-learn/snyk-learn-learning-programs.md @@ -8,11 +8,11 @@ This feature is available in Early Access as part of the Snyk Learning Managemen Send feedback to your Snyk account team, or email [support@snyk.io](mailto:support@snyk.io). {% endhint %} -Learning programs allow Snyk administrators to curate specific paths of security education and Snyk product training, and assign them to groups of developers or Snyk users. By grouping lessons into programs and setting deadlines, organizations can automate security onboarding, meet compliance requirements, and drive targeted remediation. +Learning programs let Snyk administrators curate specific paths of security education and Snyk product training, and assign them to groups of developers or Snyk users. By grouping lessons into programs and setting deadlines, organizations can automate security onboarding, meet compliance requirements, and drive targeted remediation. ## Prerequisites -To create and manage learning programs, you must must be a [Tenant Admin](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/snyk-hierarchy/tenant) or have a custom role with the `tenant.learning_program.edit` and `tenant.learning_program.read` permissions. +To create and manage learning programs, you must be a [Tenant Admin](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/snyk-hierarchy/tenant) or have a custom role with the `tenant.learning_program.edit` and `tenant.learning_program.read` permissions. ### Example: Creating a custom role @@ -52,7 +52,7 @@ curl --location --globoff --request POST "https://api.snyk.io/rest/tenants/{tena ## Creating a new learning program {% hint style="info" %} -Programs cannot be edited once they have started. Ensure your lesson list and participant list are final before the start date of the program. +Programs cannot be edited after they have started. Ensure your lesson list and participant list are final before the start date of the program. During Early Access, there is a limit to 300 participants per program. {% endhint %} @@ -61,7 +61,7 @@ Follow these steps to build and launch a new training initiative: 1. Navigate to [Learning Programs](https://learn.snyk.io/admin/management/). 2. Click **Create new learning program**. Enter a unique name (for example, `New Joiners 2026`) and a description. -3. Browse the available Snyk Learn catalog and select the modules you wish to include in the learning program. +3. Browse the available Snyk Learn catalog and select the modules you want to include in the learning program. 4. Download the participants `.csv` template provided in the UI, add the email addresses of your learners, and upload the file. 5. Set the start date and duration for your learning program, and choose whether to send reminders to your users. 6. If needed, you can reset progress for lessons to have your users retake those lessons. @@ -97,6 +97,6 @@ The progress state for each user is displayed: ## Completing a learning program -Learning programs complete automatically once the scheduled end date is reached. +Learning programs complete automatically after the scheduled end date is reached. If needed, you can click **Mark as Completed** on the program details page to end the program early. diff --git a/discover-snyk/snyk-learn/snyk-learn-reports/README.md b/discover-snyk/snyk-learn/snyk-learn-reports/README.md index 57b776d0f726..9f1a55c61a9a 100644 --- a/discover-snyk/snyk-learn/snyk-learn-reports/README.md +++ b/discover-snyk/snyk-learn/snyk-learn-reports/README.md @@ -3,14 +3,14 @@ {% hint style="info" %} **Feature availability** -Snyk Learn organization reports are available only with Enterprise plans. Snyk Learn assignment reports and program reports are available only in the Learning Management add-on offering. +Snyk Learn organization reports are available only with Enterprise plans. Snyk Learn assignment reports and program reports are available only in the Learning Management add-on offering. For more information, see [plans and pricing](https://snyk.io/plans/). {% endhint %} Snyk Learn offers reports to help you track learning progress across your Snyk tenant. -Snyk Learn offers [organization-level reports](organization-reports.md) to understand on an org by org basis how your teams are engaging with the Snyk Learn content. This is useful for team leads or security champions to track the progress of their teams. +Snyk Learn offers [organization-level reports](organization-reports.md) to understand on an Organization by Organization basis how your teams are engaging with the Snyk Learn content. This is useful for team leads or security champions to track the progress of their teams. You can use the [assignments report](assignment-reports.md) to track individual [Snyk Learn assignments](../snyk-learn-assignments.md). diff --git a/discover-snyk/snyk-learn/snyk-learn-reports/assignment-reports.md b/discover-snyk/snyk-learn/snyk-learn-reports/assignment-reports.md index d66cc603e423..b407e3530c88 100644 --- a/discover-snyk/snyk-learn/snyk-learn-reports/assignment-reports.md +++ b/discover-snyk/snyk-learn/snyk-learn-reports/assignment-reports.md @@ -4,24 +4,24 @@ Snyk Learn assignment reporting is available only in the Learning Management add-on offering. For more information, contact your Snyk account team. {% endhint %} -After you have created your first [Assignments](../snyk-learn-assignments.md) with Snyk Learn, you can use the Assignment reporting to track progress at an organization level. This is useful for team managers, security champions, AppSec engineers, and compliance team members to follow up on detailed progress and to extract reports for compliance usage. +After you have created your first [Assignments](../snyk-learn-assignments.md) with Snyk Learn, you can use the Assignment reporting to track progress at an organization level. This is useful for team managers, security champions, AppSec engineers, and compliance team members to follow up on detailed progress and to extract reports for compliance use. ## Assignment report By navigating to your [assignment](https://learn.snyk.io/admin/assignments/) dashboard, you can find reports showing your organizational progress against assignments. -You can also use the filter to drill down further, and the buttons below the filter allow you to change the due date, delete assignments, and also trigger email reminders for your users. +You can also use the filter to drill down further. The buttons next to the filter let you change the due date, delete assignments, and trigger email reminders for your users.
### Changing the due date -First, select the assignments you would like to change the due date for, and then press the icon highlighted in the image below. You will then be asked to pick a new date. This updates the due date, and also updates the user's Learning Progress dashboard. +First, select the assignments you want to change the due date for, and then click the highlighted icon. Snyk asks you to pick a new date. This updates the due date and the Learning Progress dashboard of the user.
### Sending a reminder email -By selecting an assignment and then pressing the button highlighted you can trigger a reminder email to be sent. You will be offered the chance to add a custom message before the reminder is sent. +Select an assignment and then click the highlighted button to trigger a reminder email. You can add a custom message before Snyk sends the reminder.
diff --git a/discover-snyk/snyk-learn/snyk-learn-reports/organization-reports.md b/discover-snyk/snyk-learn/snyk-learn-reports/organization-reports.md index a023357202a8..572bd16b6392 100644 --- a/discover-snyk/snyk-learn/snyk-learn-reports/organization-reports.md +++ b/discover-snyk/snyk-learn/snyk-learn-reports/organization-reports.md @@ -9,7 +9,7 @@ Snyk Learn organization reports are available only with Enterprise plans. For mo By default, only Snyk Org or Group admins can view and export reports. Group admins can create custom roles by using the standard Snyk workflow. Learn more about the access controls for reports at [Snyk Learn Access Controls](../snyk-learn-access-controls.md). {% hint style="info" %} -Snyk Learn organization reports support Organizations with up to 5000 members. +Snyk Learn organization reports support Organizations with up to 5,000 members. {% endhint %} ## Organization Overview report diff --git a/discover-snyk/snyk-learn/snyk-learn-reports/program-reporting.md b/discover-snyk/snyk-learn/snyk-learn-reports/program-reporting.md index 2f5a876277ea..7e23e6418272 100644 --- a/discover-snyk/snyk-learn/snyk-learn-reports/program-reporting.md +++ b/discover-snyk/snyk-learn/snyk-learn-reports/program-reporting.md @@ -10,7 +10,7 @@ Snyk Learn provides a Snyk in-app reporting powered report to give you insights The goal of the engagement report is to provide insights into the overall progress of your security education and training programs, and give you insights into which parts of your Organization are engaging with Snyk Learn content. You can use the data and insights to better optimize your program, find security champions, generate reports for compliance, and show progress to your executive sponsors. This report is available at the Group level. -Read more about this report [here](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/prevent/analytics/reports-tab/education-reports#learn-engagement). +Learn more in the [Learn engagement report documentation](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/prevent/analytics/reports-tab/education-reports#learn-engagement). {% hint style="info" %} [Learning Programs](../snyk-learn-learning-programs.md) are not included in the Engagement Report @@ -24,9 +24,9 @@ Read more about this report [here](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpF The Learning Impact & Opportunities report is available in Early Access. {% endhint %} -The goal of the Impact and Opportunities report is to provide insights into the impact your security education and training programs have on code issue remediation and prevention. In addition, the report gives recommendations for future training based on your code issue backlog and issues that were introduced during the selected time period of the report. This report is available at the Group level. +The goal of the Impact and Opportunities report is to provide insights into the impact your security education and training programs have on code issue remediation and prevention. In addition, the report gives recommendations for future training based on your code issue backlog and issues introduced during the selected time period of the report. This report is available at the Group level. -Read more about this report [here](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/prevent/analytics/reports-tab/education-reports#learning-impact-and-opportunities). +Learn more in the [Learning Impact and Opportunities report documentation](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/prevent/analytics/reports-tab/education-reports#learning-impact-and-opportunities).
diff --git a/discover-snyk/snyk-learn/your-learning/README.md b/discover-snyk/snyk-learn/your-learning/README.md index f799cdd373cf..bcc5eaa59f5e 100644 --- a/discover-snyk/snyk-learn/your-learning/README.md +++ b/discover-snyk/snyk-learn/your-learning/README.md @@ -20,7 +20,7 @@ In your profile, you can set your learning preferences, including the preferred ## In progress learning -The [Learning Progress](https://learn.snyk.io/user/learning-progress/) area lets you see your in-progress learning and start where you left off. You will also receive recommendations for what to learn next. +The [Learning Progress](https://learn.snyk.io/user/learning-progress/) area lets you see your in-progress learning and start where you left off. You also receive recommendations for what to learn next. ## Vulnerabilities in your code @@ -58,4 +58,4 @@ Some Snyk Learn lessons include a quiz at the end to test your knowledge. You mu ## Certificates of completion -For all Snyk Learn security learning paths, you will be awarded a Certificate of Completion upon completion. The certificate recognizes your time and effort to improve your security skills and knowledge. You can download a PDF of the certificate from the Learning Path page. +For all Snyk Learn security learning paths, Snyk awards you a Certificate of Completion upon completion. The certificate recognizes your time and effort to improve your security skills and knowledge. You can download a PDF of the certificate from the Learning Path page. diff --git a/discover-snyk/snyk-learn/your-learning/claiming-cpe-credits-with-snyk-learn.md b/discover-snyk/snyk-learn/your-learning/claiming-cpe-credits-with-snyk-learn.md index cc93e2d957c8..3c4fed44e0a1 100644 --- a/discover-snyk/snyk-learn/your-learning/claiming-cpe-credits-with-snyk-learn.md +++ b/discover-snyk/snyk-learn/your-learning/claiming-cpe-credits-with-snyk-learn.md @@ -4,7 +4,7 @@ description: >- and learning paths. --- -# Claiming CPE Credits with Snyk Learn +# Claiming CPE credits with Snyk Learn Snyk Learn offers a range of security education lessons and learning paths designed to enhance your application security skills. While these lessons provide valuable knowledge, they do not automatically grant Continuing Professional Education (CPE) credits. To claim CPE credits for your participation in Snyk Learn lessons and learning paths, follow these steps. @@ -22,7 +22,7 @@ The specific process for claiming CPE credits may vary depending on your certify * Duration: Time spent on the module 3. Submit to your certification body. 1. Access the CPE submission portal of your certifying organization, such as ISC2 or ISACA. - 2. Enter the recorded details and provide any required documentation, such as completion certificates (available for Learning Paths) or screenshots of the completed lesson in your Learning Progress dashboard or the lesson page, see examples below. + 2. Enter the recorded details and provide any required documentation, such as completion certificates (available for Learning Paths) or screenshots of the completed lesson in your Learning Progress dashboard or the lesson page. See the following examples. 4. Provide additional information if requested. You may be asked to supply further details or respond to inquiries from your certifying body to verify your CPE claim. ### Examples diff --git a/discover-snyk/snyk-platform-administration/structure-your-account-for-high-application-performance.md b/discover-snyk/snyk-platform-administration/structure-your-account-for-high-application-performance.md index cee177b1526b..1feb7cfcf55d 100644 --- a/discover-snyk/snyk-platform-administration/structure-your-account-for-high-application-performance.md +++ b/discover-snyk/snyk-platform-administration/structure-your-account-for-high-application-performance.md @@ -10,11 +10,11 @@ Snyk recommends structuring your Organizations so that there are no more than 2, If you have more than 2,000 users in an Organization, you begin to risk performance issues. When the application must load a large number of users, performance is slowed for the dashboard and the Group members management page. -If users have a large number of memberships in a given Group, all requests--in the Snyk Web UI and through the CLI and the API, are slowed because, on most requests, calculations and queries occur to check access and permissions. +If users have a large number of memberships in a given Group, all requests — in the Snyk Web UI and through the CLI and the API — are slowed because, on most requests, calculations and queries occur to check access and permissions. ## Structure of Groups -A small number of Snyk customers have more than one Group, for example, to keep different business units completely separate. However, anyone considering multiple Groups must understand the limitations of setting up their account with multiple groups. +A small number of Snyk customers have more than one Group, for example, to keep different business units completely separate. However, anyone considering multiple Groups must understand the limitations of setting up their account with multiple Groups. Specifically, each Group is a standalone entity. This has the following consequences: diff --git a/discover-snyk/supported-languages-package-managers-and-frameworks/apex.md b/discover-snyk/supported-languages-package-managers-and-frameworks/apex.md index b81862429f37..a562e7553cd0 100644 --- a/discover-snyk/supported-languages-package-managers-and-frameworks/apex.md +++ b/discover-snyk/supported-languages-package-managers-and-frameworks/apex.md @@ -19,7 +19,7 @@ For Apex, Snyk supports the following features: * CLI and IDE: test or monitor your app. For more information, see [Snyk CLI for Snyk Code](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/scan-and-maintain-projects-using-the-cli/snyk-cli-for-snyk-code). {% hint style="info" %} -The **Snyk fix PR** feature is not available for Apex. This means that you will not be notified if the PR checks fail when the following conditions are met: +The **Snyk fix PR** feature is not available for Apex. This means that Snyk does not notify you if the PR checks fail when the following conditions are met: * The **PR checks** feature is enabled and configured to **Only fail when the issues found have a fix available.** * "**Fixed in" available** is set to **Yes.** diff --git a/discover-snyk/supported-languages-package-managers-and-frameworks/java-and-kotlin/README.md b/discover-snyk/supported-languages-package-managers-and-frameworks/java-and-kotlin/README.md index 8e7f18e389e2..fa7355cdbb1c 100644 --- a/discover-snyk/supported-languages-package-managers-and-frameworks/java-and-kotlin/README.md +++ b/discover-snyk/supported-languages-package-managers-and-frameworks/java-and-kotlin/README.md @@ -133,7 +133,7 @@ Available features: ## Validating, monitoring, alerting, and gating for Java and Kotlin -For SCM integrations, Snyk allows you to [run PR Checks](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/prevent/pull-request-checks) to validate submitted changes to code and open source packages before merging. Snyk can also retest and alert on the default branch on a scheduled basis. You can see the results on the **Projects** page. +For SCM integrations, Snyk lets you [run PR Checks](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/prevent/pull-request-checks) to validate submitted changes to code and open source packages before merging. Snyk can also retest and alert on the default branch on a scheduled basis. You can see the results on the **Projects** page. For CI/CD integrations, Snyk can passively monitor and provide a QA gate by failing build checks during testing for policy violations. @@ -150,7 +150,7 @@ Snyk provides flexible capabilities, including: Snyk can monitor container images and their open source or Linux based packages being used in production using Kubernetes integration, to notify customers of known vulnerabilities for applications in production. This feature is available for Enterprise plans only. -Where a production integration does not exist, use the [snyk monitor](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/commands/monitor) CLI command to take a snapshot and monitor what is being pushed to production (available for all plans). +Where a production integration does not exist, use the [snyk monitor](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/commands/monitor) CLI command to take a snapshot and monitor what you push to production (available for all plans). ## Java support for BOM @@ -198,7 +198,7 @@ Example of a BOM file: The `dependencyManagement` section contains dependency elements. Each dependency is a lookup reference for Maven to determine the version to select for transitive (and direct) dependencies. -Defining a dependency in the `dependencyManagement` section ia used only for lookup reference, it does not add it to the dependency tree of the Project. +Defining a dependency in the `dependencyManagement` section is used only for lookup reference. It does not add the dependency to the dependency tree of the Project. You can run `mvn dependency:tree` on the previous BOM example to show that Maven does not treat the contents as dependencies of the file itself. diff --git a/discover-snyk/supported-languages-package-managers-and-frameworks/java-and-kotlin/git-repositories-with-maven-and-gradle.md b/discover-snyk/supported-languages-package-managers-and-frameworks/java-and-kotlin/git-repositories-with-maven-and-gradle.md index b9e1c83daa8f..f35834ad46e1 100644 --- a/discover-snyk/supported-languages-package-managers-and-frameworks/java-and-kotlin/git-repositories-with-maven-and-gradle.md +++ b/discover-snyk/supported-languages-package-managers-and-frameworks/java-and-kotlin/git-repositories-with-maven-and-gradle.md @@ -40,7 +40,7 @@ If you are using Maven or Gradle with a gradle.lockfile, the Git code repository Typically you can instrument testing as part of a build system or adopt a lockfile as part of their process. -* It is quite common for large organizations to monitor applications via Git integration, to begin with, daily monitoring, turning on PR checks for only key applications at the start. +* It is quite common for large organizations to monitor applications through Git integration, to begin with, daily monitoring, turning on PR checks for only key applications at the start. * As developers become familiar with Snyk capabilities, they widen the scope of applications with PR checks for gating. * Use CI/CD to passively monitor and then turn on gating by using the [snyk \[product\] test and monitor commands](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/snyk-ci-cd-integrations/snyk-ci-cd-integration-deployment-and-strategies/snyk-test-and-snyk-monitor-in-ci-cd-integration). @@ -81,12 +81,12 @@ Improved Gradle SCM scanning is in Early Access. You can enable the feature by u The following Gradle features are not supported: * Custom configuration in [buildSrc](https://docs.gradle.org/current/userguide/organizing_gradle_projects.html#sec:build_sources) directories -* Dependencies introduced via [plugins](https://docs.gradle.org/current/userguide/plugins.html). +* Dependencies introduced through [plugins](https://docs.gradle.org/current/userguide/plugins.html). ### Enable improved Gradle SCM scanning {% hint style="warning" %} -Improved Gradle SCM scanning supports importing a maximum limit of 5,000 `build.gradle(.kts)` files per SCM repository. Attempts to import repos with more than 5,000 Gradle build files will fail. +Improved Gradle SCM scanning supports importing a maximum limit of 5,000 `build.gradle(.kts)` files per SCM repository. Attempts to import repos with more than 5,000 Gradle build files fail. {% endhint %} To enable this feature, follow these steps for your Snyk Organization: @@ -104,7 +104,7 @@ After Improved Gradle SCM scanning is enabled: If your application build uses private package repositories, you must configure the relevant Snyk integration to get the most accurate results. -To use package repository integrations with the Improved Gradle scanning feature, use the configuration instructions and settings for Maven. These will be detected and used in improved Gradle scans. +To use package repository integrations with the Improved Gradle scanning feature, use the configuration instructions and settings for Maven. Snyk detects and uses these in improved Gradle scans. In the Java language settings, you can integrate Snyk with your private package repositories (for example, Artifactory or Nexus). This enables Snyk to build a complete dependency tree when scanning Maven or Gradle Projects that reference private packages. @@ -145,4 +145,4 @@ You can configure language settings for your open source libraries and licensing Customers develop advanced dependency management strategies and can choose not to use the standard and frequently used package managers. -For on-time testing using the Snyk API, you can use the [Test](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/reference/test-v1) endpoints. Examples include [Test for issues in a (Maven) public package by group id, artifact id and version](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/reference/test-v1#test-maven-groupid-artifactid-version) and [List issues for a package](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/reference/issues#orgs-org_id-packages-purl-issues). +For one-time testing using the Snyk API, you can use the [Test](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/reference/test-v1) endpoints. Examples include [Test for issues in a (Maven) public package by group id, artifact id and version](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/reference/test-v1#test-maven-groupid-artifactid-version) and [List issues for a package](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/reference/issues#orgs-org_id-packages-purl-issues). diff --git a/discover-snyk/supported-languages/supported-languages-list/.net/README.md b/discover-snyk/supported-languages/supported-languages-list/.net/README.md index eea590219ad1..4c286351eca5 100644 --- a/discover-snyk/supported-languages/supported-languages-list/.net/README.md +++ b/discover-snyk/supported-languages/supported-languages-list/.net/README.md @@ -31,7 +31,7 @@ For .NET with Snyk Code, the following frameworks and libraries are supported: ### Supported file formats -* For C#, Snyk supports the `.aspx` & `.cs` file formats. +* For C#, Snyk supports the `.aspx` and `.cs` file formats. * For VB.NET, Snyk supports the `.vb` file format. ### Available features @@ -103,7 +103,7 @@ To include developer dependencies in NuGet SCM imports, navigate to **Settings** When scanning through an SCM integration, the methodology varies based on your Project format: -* Modern Projects (SDK-style): For modern `.csproj` formats, the scanner utilises the .NET SDK directly to resolve dependencies, resulting in higher accuracy. This also provides the capability of scanning any Project that can be successfully restored by the `dotnet` SDK itself including `Directory.Build.props` files, `global.json`, or Central Package Management (`Directory.Packages.props`). +* Modern Projects (SDK-style): For modern `.csproj` formats, the scanner uses the .NET SDK directly to resolve dependencies, resulting in higher accuracy. This also provides the capability of scanning any Project that can be successfully restored by the `dotnet` SDK itself including `Directory.Build.props` files, `global.json`, or Central Package Management (`Directory.Packages.props`). * Legacy Projects (Non-SDK style): For Projects relying on `packages.config`, `project.json`, or XML-style `*.csproj` , `*.vbproj` or `*.fproj` files. The scanner uses static analysis to approximate the dependency graph based on standard NuGet algorithms. To improve accuracy, migrate to the [Universal Broker](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/snyk-broker/universal-broker) and [enable](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/snyk-broker/universal-broker/basic-steps-to-install-and-configure-universal-broker#enabling-the-universal-broker-for-enhanced-sca-scanning) it for Open Source Scanning. @@ -116,7 +116,7 @@ By default, Microsoft enables the `RestoreEnablePackagePruning` property for the Snyk respects your Project configuration. If you set `RestoreEnablePackagePruning` to `false` in your Project file or `Directory.Build.props`, Snyk does not prune these references during the scan. -For Projects targeting .NET 10.0 and later, Snyk SCM and CLI scanners align with the default Microsoft build behaviour. +For Projects targeting .NET 10.0 and later, Snyk SCM and CLI scanners align with the default Microsoft build behavior. By default, Microsoft enables the `RestoreEnablePackagePruning` property for these target frameworks. This setting prunes framework-provided package references during the restore operation. diff --git a/discover-snyk/supported-languages/supported-languages-list/.net/snyk-cli-for-.net.md b/discover-snyk/supported-languages/supported-languages-list/.net/snyk-cli-for-.net.md index 259b7e07d695..dc9bc2dc6caa 100644 --- a/discover-snyk/supported-languages/supported-languages-list/.net/snyk-cli-for-.net.md +++ b/discover-snyk/supported-languages/supported-languages-list/.net/snyk-cli-for-.net.md @@ -36,10 +36,7 @@ Snyk supports `packages.config` files. To scan these Projects: 1. Run `nuget install -OutputDirectory packages` to install dependencies into the `packages` folder. 2. Ensure the command created the `packages` directory. -3. Run `snyk test` as follows: - 1. Install the dependencies into the packages folder by running `nuget install -OutputDirectory packages` - 2. Ensure that the packages directory has been created by the previous command. - 3. Run `snyk test`. +3. Run `snyk test`. ## Paket diff --git a/discover-snyk/supported-languages/supported-languages-list/.net/troubleshooting-snyk-for-.net.md b/discover-snyk/supported-languages/supported-languages-list/.net/troubleshooting-snyk-for-.net.md index d156c2457b74..731b15708bf7 100644 --- a/discover-snyk/supported-languages/supported-languages-list/.net/troubleshooting-snyk-for-.net.md +++ b/discover-snyk/supported-languages/supported-languages-list/.net/troubleshooting-snyk-for-.net.md @@ -11,19 +11,19 @@ To improve accuracy, migrate to the Universal Broker. ### Static analysis limitations -The following functionality is not supported when using static analysis: +Static analysis does not support the following functionality: * Private dependencies: Snyk cannot access private dependencies, including brokered and non-brokered. Transitive dependencies are not resolved. * Build configuration: Snyk ignores `Directory.Build.props`, `Directory.Build.targets`, and `global.json` files. -* Runtime precision: Snyk cannot reliably identify the specific runtime, which may increase false positives +* Runtime precision: Snyk cannot reliably identify the specific runtime, which can increase false positives. ### Handle runtime false positives -Static analysis may flag vulnerabilities already patched in your environment because it may not detect your specific runtime patch version. +Static analysis can flag vulnerabilities already patched in your environment because it might not detect your specific runtime patch version. #### Vulnerabilities in SCM -If your application runs on a system updated with the latest Microsoft patches, a flagged vulnerability may not be relevant. You can ignore these vulnerabilities in the Snyk Web UI. +If your application runs on a system updated with the latest Microsoft patches, a flagged vulnerability might not be relevant. You can ignore these vulnerabilities in the Snyk Web UI. #### Vulnerabilities in CLI diff --git a/discover-snyk/supported-languages/supported-languages-list/bazel.md b/discover-snyk/supported-languages/supported-languages-list/bazel.md index 83ff82dff847..17da8e01a4ba 100644 --- a/discover-snyk/supported-languages/supported-languages-list/bazel.md +++ b/discover-snyk/supported-languages/supported-languages-list/bazel.md @@ -28,7 +28,7 @@ The Dep Graph API requires specific permissions. If you do not have access, cont You can test Bazel dependencies across any supported ecosystem, except C++, which is not supported by these endpoints. -Use the Snyk Dep Graph API endpoints [Test Dep Graph](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/reference/test-v1) and [Monitor Dep Graph](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/reference/monitor-v1) to test and monitor dependencies managed by Bazel. The monitor capability allows you to submit a tree for Snyk to monitor for vulnerabilities. +Use the Snyk Dep Graph API endpoints [Test Dep Graph](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/reference/test-v1) and [Monitor Dep Graph](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/reference/monitor-v1) to test and monitor dependencies managed by Bazel. The monitor capability lets you submit a tree for Snyk to monitor for vulnerabilities. ### Test and monitor dependencies diff --git a/discover-snyk/supported-languages/supported-languages-list/c-c++.md b/discover-snyk/supported-languages/supported-languages-list/c-c++.md index 8477593399b5..85b918710703 100644 --- a/discover-snyk/supported-languages/supported-languages-list/c-c++.md +++ b/discover-snyk/supported-languages/supported-languages-list/c-c++.md @@ -17,7 +17,7 @@ For C/C++, the following frameworks and libraries are supported: * argparse parser * Asio Library * Boost Library -* Botan LIbrary +* Botan Library * C Standard Library * C++ Standard Library * Curl library @@ -36,7 +36,7 @@ For C/C++, the following frameworks and libraries are supported: {% column %} * MySQL framework * OpenSSL framework -* POSIX LIbrary +* POSIX Library * pugixml library * SQLite library * WinHTTP framework @@ -61,13 +61,13 @@ For C/C++ with Snyk Code, Snyk supports the following file formats: `.c`, `.cc`, * SCM import * Support for interfile analysis -If you use macros, it is possible that your results include false positives and false negatives. +If you use macros, your results can include false positives and false negatives. For C/C++ Projects: * Snyk does not require compilation or a build to perform analysis. * Snyk Code analyzes the source code directly. -* If you have precompile components, ensure the source code is available during the scan. +* If you have precompiled components, ensure the source code is available during the scan. When using the IDE, you do not need additional options. The Snyk plugin displays results in the IDE views. @@ -80,7 +80,7 @@ When using the IDE, you do not need additional options. The Snyk plugin displays * Test your app's SBOM and packages using `pkg:generic` or `pkg:conan` PURLs through [SBOM test](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/commands/sbom-test) CLI command. {% hint style="info" %} -The **Snyk FixPR** feature is not available for C/C++. This means that you will not be notified if the PR checks fail when the following conditions are met: +The **Snyk FixPR** feature is not available for C/C++. This means Snyk does not notify you if the PR checks fail when the following conditions are met: * The **PR checks** feature is enabled and configured to **Only fail when the issues found have a fix available.** * "**Fixed in" available** is set to **Yes.** @@ -103,7 +103,7 @@ To scan for C/C++ Open Source dependencies using the IDE, add the `--unmanaged` ### Troubleshooting -Your Snyk Open Source code is not sent to Snyk severs. Snyk converts the files to a list of hashes before sending them for scanning. +Snyk does not send your Snyk Open Source code to Snyk servers. Snyk converts the files to a list of hashes before sending them for scanning. Snyk matches your code against a database of official open-source releases. If a scan returns no results, check these common causes: @@ -152,7 +152,7 @@ To monitor and share reports, run the following command: snyk monitor --unmanaged --org=*org-id* ``` -Find your org-id under **Organization settings** in the Snyk web UI. Although the Organization ID is optional, Snyk recommends using it. You can use the `snyk-to-html` plugin to generate reports. +Find your org-id under **Organization settings** in the Snyk Web UI. Although the Organization ID is optional, Snyk recommends using it. You can use the `snyk-to-html` plugin to generate reports. For individual scans, use the CLI or IDE and run `snyk monitor --unmanaged` to upload results. This displays license and policy information. @@ -440,7 +440,7 @@ Explore this snapshot at https://app.snyk.io/org/example-org/project/8ac0e233-d0 Notifications about newly disclosed issues related to these dependencies will be emailed to you. ``` -Snyk creates a snapshot of dependencies and vulnerabilities and imports them into the Snyk web UI. You can review the issues and view them in your reports. +Snyk creates a snapshot of dependencies and vulnerabilities and imports them into the Snyk Web UI. You can review the issues and view them in your reports. Importing a Snyk Project with unmanaged dependencies creates a new Snyk Project on the **Projects** page: diff --git a/discover-snyk/supported-languages/supported-languages-list/dart-and-flutter.md b/discover-snyk/supported-languages/supported-languages-list/dart-and-flutter.md index 7c7cfef4a105..909175536efd 100644 --- a/discover-snyk/supported-languages/supported-languages-list/dart-and-flutter.md +++ b/discover-snyk/supported-languages/supported-languages-list/dart-and-flutter.md @@ -69,11 +69,11 @@ The following file formats are supported: `.dart` ### Available features * Test your app's SBOM and packages using `pkg:pub` PURLs through the [SBOM test](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/commands/sbom-test) CLI command -* Test & monitor your Flutter apps native platform dependencies using [`snyk test`](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/commands/test) and [`snyk monitor`](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/commands/monitor) commands +* Test and monitor your Flutter apps native platform dependencies using [`snyk test`](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/commands/test) and [`snyk monitor`](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/commands/monitor) commands ### Testing a Dart applications pub dependency tree -Activate the pub [`sbom`](https://pub.dev/packages/sbom) package & create a minimal `sbom.yaml` file in the root folder of the repository: +Activate the pub [`sbom`](https://pub.dev/packages/sbom) package and create a minimal `sbom.yaml` file in the root folder of the repository: ``` dart pub global activate sbom @@ -84,7 +84,7 @@ spdx: EOF ``` -Use the dart `sbom` command to create a SBOM file & test it using the [`sbom test`](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/commands/sbom-test) command: +Use the dart `sbom` command to create a SBOM file and test it using the [`sbom test`](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/commands/sbom-test) command: ``` dart pub global run sbom @@ -95,7 +95,7 @@ snyk sbom test --experimental --file sbom-pub.json Flutter applications rely on native platform dependencies to handle lower-level tasks, such as analytics, hardware access, or integrating existing functionality. These dependencies can be added through pub packages to extend functionality or integrated directly into build systems like Gradle or Cocoapods. -Snyk’s regular open-source support can scan these packages; however, a complete app build is necessary to make them available in the repository and accessible to CLI tools. +The regular open-source support in Snyk can scan these packages. However, a complete app build is necessary to make them available in the repository and accessible to CLI tools. You can start by building the application for all relevant platforms. This ensures that `pub` fetches all required packages, and the Flutter build system establishes the necessary links for the native build systems. @@ -113,6 +113,6 @@ snyk monitor --all-projects --exclude=example,.symlinks The `--exclude` parameter removes duplicates and ignores example applications, which are part of the plugin source code but not included in regular application builds. -You are now able to view in the Snyk Web UI all native dependencies, including those introduced by third-party plugins. +You can now view in the Snyk Web UI all native dependencies, including those introduced by third-party plugins.

Snyk Project page showing dependencies in Flutter apps

diff --git a/discover-snyk/supported-languages/supported-languages-list/elixir.md b/discover-snyk/supported-languages/supported-languages-list/elixir.md index 6f489e85b0ec..aaa5084b5266 100644 --- a/discover-snyk/supported-languages/supported-languages-list/elixir.md +++ b/discover-snyk/supported-languages/supported-languages-list/elixir.md @@ -19,7 +19,7 @@ For Elixir, the following features are available: * Test your app's SBOM and packages using `pkg:hex` PURLs through the [SBOM test](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/commands/sbom-test) CLI command {% hint style="info" %} -The **Snyk Fix PR** feature is not available for Elixir. This means that you will not be notified if the PR checks fail when the following conditions are met: +The **Snyk Fix PR** feature is not available for Elixir. This means Snyk does not notify you if the PR checks fail when the following conditions are met: * The **PR checks** feature is enabled and configured to **Only fail when the issues found have a fix available.** * "**Fixed in" available** is set to **Yes.** diff --git a/discover-snyk/supported-languages/supported-languages-list/go.md b/discover-snyk/supported-languages/supported-languages-list/go.md index bc9596eaaa69..2f74a1dbeb62 100644 --- a/discover-snyk/supported-languages/supported-languages-list/go.md +++ b/discover-snyk/supported-languages/supported-languages-list/go.md @@ -55,7 +55,7 @@ Available features for Go Projects with dependencies managed by Go Modules and d * Test your app's SBOM and packages using `pkg:golang` PURLs through the [SBOM test](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/commands/sbom-test) command. {% hint style="info" %} -If the **Snyk Fix PR** feature is enabled, this means that you will be notified if the PR checks fail when the following conditions are met: +If the **Snyk Fix PR** feature is enabled, this means Snyk notifies you if the PR checks fail when the following conditions are met: * The **PR checks** feature is enabled and configured to **Only fail when the issues found have a fix available.** * "**Fixed in" available** is set to **Yes.** @@ -63,12 +63,12 @@ If the **Snyk Fix PR** feature is enabled, this means that you will be notified Snyk supports all versions of Go, including the latest stable version listed on the Go [All releases](https://go.dev/dl/) page. -Snyk tracks only official releases. Snyk does not identify commits, including those in the default branch, unless they are included in an official release or tag. For Projects with a package manager, Snyk requires a release to the package manager. For Go and unamanaged scans (C/C++), Snyk requires an official release or tag in the GitHub repository. +Snyk tracks only official releases. Snyk does not identify commits, including those in the default branch, unless they are included in an official release or tag. For Projects with a package manager, Snyk requires a release to the package manager. For Go and unmanaged scans (C/C++), Snyk requires an official release or tag in the GitHub repository. {% hint style="warning" %} Since January 1, 2023, Snyk has not supported govendor Projects. As a general security best practice, Snyk recommends using tools that are consistently maintained and up-to-date. -Since Snyk no longer supports scanning of govendor Projects, a warning is issued and no results are provided. +Because Snyk no longer supports scanning of govendor Projects, Snyk issues a warning and provides no results. {% endhint %} ### Go Modules and dep support @@ -141,7 +141,7 @@ For more details on levels of access to your repository required by different Sn Go modules Projects that rely on modules from private SCM repositories are supported if those repositories are in the same SCM organization as the main project repository. -If you have private modules in repositories from other SCM organizations, it is possible that your Project imports do not work properly. The same is true if your code uses SCM submodules from another organization. +If you have private modules in repositories from other SCM organizations, your Project imports might not work properly. The same is true if your code uses SCM submodules from another organization. If your private modules have other private modules from another SCM organization, your Project imports do not work. All private modules, including the ones within other modules, need to be part of the same SCM organization as the main project repository. diff --git a/discover-snyk/supported-languages/supported-languages-list/java-and-kotlin/snyk-cli-for-java-and-kotlin.md b/discover-snyk/supported-languages/supported-languages-list/java-and-kotlin/snyk-cli-for-java-and-kotlin.md index b1b025610a44..d487ddd0d5ff 100644 --- a/discover-snyk/supported-languages/supported-languages-list/java-and-kotlin/snyk-cli-for-java-and-kotlin.md +++ b/discover-snyk/supported-languages/supported-languages-list/java-and-kotlin/snyk-cli-for-java-and-kotlin.md @@ -52,7 +52,7 @@ snyk test -- -Dpkg_version=1.4 ## CLI help for Gradle Projects -Gradle build can consist of several sub-projects, where each sub-project has its own build.gradle, while the root Project is the only one that also includes a `settings.gradle` file. Sub-projects depend on the root ProjectProjects but can be configured otherwise. +Gradle build can consist of several sub-projects, where each sub-project has its own build.gradle, while the root Project is the only one that also includes a `settings.gradle` file. Sub-projects depend on the root Project but you can configure them otherwise. By default, Snyk CLI scans only the current Project, the Project in the root of the current folder, or the Project that is specified by `--file=path/to/build.gradle`). @@ -62,7 +62,7 @@ To scan all Projects at once (recommended), use the `--all-sub-projects` option: snyk test --all-sub-projects ``` -Each of the individual sub-projects appears as a separate Snyk Project in the eb UI. +Each of the individual sub-projects appears as a separate Snyk Project in the Web UI. To scan a specific Project (for example, "myapp"), use the following command: @@ -136,7 +136,7 @@ By default, Snyk passes `gradle build --no-daemon` in the background when runnin If you see `snyk test` or `snyk monitor` fail on other operating systems because of daemon-related issues, try adding the `--no-daemon` flag to the Snyk command or set `GRADLE_OPTS: '-Dorg.gradle.daemon=false'`. -For tips on disabling the daemon, the [Gradle documentation](https://docs.gradle.org/current/userguide/gradle_daemon.html#sec:disabling_the_daemon). +For tips on disabling the daemon, see the [Gradle documentation](https://docs.gradle.org/current/userguide/gradle_daemon.html#sec:disabling_the_daemon). ### Lockfiles @@ -190,7 +190,7 @@ Such a dependency file is typically evaluated using an `ant` task defined in `bu ``` -Using the command `ant resolve-dependencies`, dependencies will be downloaded from Maven Central, just like regular Maven dependencies. +Using the command `ant resolve-dependencies`, Maven Central downloads the dependencies, like regular Maven dependencies. To let Snyk know about the dependency tree, you must first convert to the Maven POM format. Start by configuring a new `makepom` task in `build.xml` @@ -210,7 +210,7 @@ ant makepom snyk test --file=pom.xml ``` -The `pom.xml` file does not need to be checked in and can be deleted after a test is done using `snyk`. Additionally, the dependency tree can be monitored using: +You do not need to check in the `pom.xml` file, and you can delete it after a test using `snyk`. You can also monitor the dependency tree using: ``` snyk monitor --file=pom.xml @@ -218,7 +218,7 @@ snyk monitor --file=pom.xml ## Snyk CLI tips and tricks -the [CLI commands and options summary](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/cli-commands-and-options-summary) and the [CLI cheat sheet](https://snyk.io/blog/snyk-cli-cheat-sheet/). Use the `--help` option in the CLI for details of Snyk CLI commands. +See the [CLI commands and options summary](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/cli-commands-and-options-summary) and the [CLI cheat sheet](https://snyk.io/blog/snyk-cli-cheat-sheet/). Use the `--help` option in the CLI for details of Snyk CLI commands. ### Testing your own code @@ -248,27 +248,27 @@ By default, Snyk CLI scans only the current project (the project in the root of `--all-projects` can be used across all package managers, which also includes the behaviors of `--all-sub-projects`, mentioned below. * To scan all projects at once (recommended), use the `--all-sub-projects` option:\ - (that is, `snyk test --all-sub-projects`). Each of the individual sub-projects appears as a separate Snyk Project in the eb UI. + (that is, `snyk test --all-sub-projects`). Each of the individual sub-projects appears as a separate Snyk Project in the Web UI. * To scan a specific project (for example, myapp), use `--sub-project=` (that is, `snyk test --sub-project=myapp`). -specific configurations, [Snyk for Java and Kotlin](../../../supported-languages-package-managers-and-frameworks/java-and-kotlin/). +For specific configurations, see [Snyk for Java and Kotlin](../../../supported-languages-package-managers-and-frameworks/java-and-kotlin/). #### Unmanaged -For more details on unmanaged Jars, [Scan all unmanaged JAR files](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/scan-and-maintain-projects-using-the-cli/scan-all-unmanaged-jar-files). +For more details on unmanaged Jars, see [Scan all unmanaged JAR files](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/scan-and-maintain-projects-using-the-cli/scan-all-unmanaged-jar-files). ### Testing containers -Snyk automatically looks for application (such as open source, maven, and npm) vulnerabilities as part of a container scan. Snyk recommends integrating via CLI or Registry earlier in the pipeline and use this as an additional signal or insight into what is in production. [Snyk CLI for container security](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/scan-and-maintain-projects-using-the-cli/snyk-cli-for-snyk-container). +Snyk automatically looks for application (such as open source, maven, and npm) vulnerabilities as part of a container scan. Snyk recommends integrating through the CLI or Registry earlier in the pipeline and using this as an additional signal or insight into what is in production. See [Snyk CLI for container security](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/scan-and-maintain-projects-using-the-cli/snyk-cli-for-snyk-container). -To test Infrastructure as Code, [Infrastructure as Code security](https://snyk.io/product/infrastructure-as-code-security/). +To test Infrastructure as Code, see [Infrastructure as Code security](https://snyk.io/product/infrastructure-as-code-security/). -To fix vulnerabilities, [Fixing vulnerabilities on Maven projects](https://snyk.io/blog/fixing-vulnerabilities-in-maven-projects/). +To fix vulnerabilities, see [Fixing vulnerabilities on Maven projects](https://snyk.io/blog/fixing-vulnerabilities-in-maven-projects/). ### Options and plugins -To help generate reports locally or at build time, [snyk-to-html plugin](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/scan-and-maintain-projects-using-the-cli/cli-tools/snyk-to-html). +To help generate reports locally or at build time, see the [snyk-to-html plugin](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/scan-and-maintain-projects-using-the-cli/cli-tools/snyk-to-html). -See `--json` and `--sarif` options for generating output that can be programmatically accessed. +Use the `--json` and `--sarif` options to generate output that you can access programmatically. -For advanced filtering options, [snyk-filter](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/scan-and-maintain-projects-using-the-cli/cli-tools/snyk-filter). +For advanced filtering options, see [snyk-filter](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/scan-and-maintain-projects-using-the-cli/cli-tools/snyk-filter). diff --git a/discover-snyk/supported-languages/supported-languages-list/javascript/README.md b/discover-snyk/supported-languages/supported-languages-list/javascript/README.md index be932b6401f7..10e5851a8b16 100644 --- a/discover-snyk/supported-languages/supported-languages-list/javascript/README.md +++ b/discover-snyk/supported-languages/supported-languages-list/javascript/README.md @@ -116,7 +116,7 @@ Snyk supports the following package managers and versions: * pnpm: `pnpm 7`, `pnpm 8`, `pnpm 9`, `pnpm 10` * Yarn: `Yarn 1`, `Yarn 2`, `Yarn 3`, `Yarn 4` -Snyk's default package registry is [npmjs.org](https://www.npmjs.org/). Private package registries are supported. For more information, visit [Package repository integrations.](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-open-source/package-repository-integrations) +The default package registry in Snyk is [npmjs.org](https://www.npmjs.org/). Snyk supports private package registries. For more information, visit [Package repository integrations.](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-open-source/package-repository-integrations) ### Available integrations @@ -143,9 +143,9 @@ Lerna is partially supported. ### Language and package manager considerations {% hint style="info" %} -Only official releases are tracked. Commits, including into the default branch, are not identified unless included in an official release or tag. +Snyk tracks only official releases. Snyk does not identify commits, including those into the default branch, unless they are included in an official release or tag. -In the case of JavaScript packages this means a release to the npmjs.org package registry. +For JavaScript packages, this means a release to the npmjs.org package registry. {% endhint %} #### devDependencies analysis @@ -161,7 +161,7 @@ optionalDependencies are included by default for CLI and CI/CD, as well as SCM i #### Unmanaged JavaScript -If you are on the Enterprise plan and thus have access to the Snyk API, can use the API to get a full list of dependencies and their transitive dependencies. +If you are on the Enterprise plan and have access to the Snyk API, you can use the API to get a full list of dependencies and their transitive dependencies. To test for vulnerabilities, you can use the following API endpoints: @@ -171,7 +171,7 @@ To test for vulnerabilities, you can use the following API endpoints: #### Out of sync lockfiles -Control behavior when the lockfile and package file are in sync can be done using: +Control the behavior for when the lockfile and package file are in sync using: * CLI additional values: `--strict-out-of-sync`, `--fail-on` * Web UI for SCM scans: **Settings** > **Language** > **JavaScript** @@ -188,7 +188,7 @@ For all supported lockfile versions, the following features are available: Snyk can build a dependency tree with or without a lockfile. If a lockfile is present, Snyk uses it as follows: * Locally and with CI/CD: if a lockfile is not present and the scan is performed with the CLI or an IDE, Snyk looks at `node_modules` to determine what is installed. -* With SCM integrations: if a lockfile is not present, Snyk approximates what the tree will look like at build time. This is highly valuable for getting insights into Projects in development or what the next build will look like when there is no lockfile present +* With SCM integrations: if a lockfile is not present, Snyk approximates what the tree looks like at build time. This is valuable for getting insights into Projects in development or what the next build looks like when no lockfile is present. As a user of npm, even though npm-audit is at hand anytime you are working with your dependencies, Snyk provides the following capabilities. These are designed for both individuals and companies: @@ -273,7 +273,7 @@ Snyk uses the Yarn lockfile (`yarn.lock`) to generate a representation of Projec The files Snyk relies on to scan a Project may change on version upgrades of the package manager. Snyk lists only versions verified internally as supported. -If you are using a newer version of Yarn than is not listed on this page, it is possible that Snyk performs as expected because Yarn is using a lockfile version that is already supported. That version of Yarn has likely not been evaluated and, thus not added to this page. +If you are using a newer version of Yarn that is not listed on this page, Snyk might perform as expected because Yarn is using a lockfile version that is already supported. That version of Yarn has likely not been evaluated and so was not added to this page. For all supported Yarn versions, the following features are available: @@ -283,7 +283,7 @@ For all supported Yarn versions, the following features are available: * Automatic and Manual Fix PRs {% hint style="info" %} -Because different versions of Yarn have different feature sets, there are differences in Snyk support in order to match how the package manager works. +Because different versions of Yarn have different feature sets, Snyk support differs to match how the package manager works. Resolutions are supported in Yarn v2 and above. Yarn v1 resolutions are not supported. {% endhint %} @@ -341,11 +341,11 @@ Pnpm workspaces must have the `package.json`, `pnpm-lock.yaml` and `pnpm-workspa Pnpm [workspace protocol](https://pnpm.io/workspaces#workspace-protocol-workspace) is not supported for SCM scans. -Dependencies should be defined explicitly with specific versions, or versions using standard semver. (eg `"foo": "^1.1.0"` ) +Define dependencies explicitly with specific versions, or versions using standard semver (for example, `"foo": "^1.1.0"`). -Dependencies that are defined using workspace protocol for the version (eg `"foo" : "workspace:*"` ) will be listed in SCM scans as undefined version. +Dependencies that you define using workspace protocol for the version (for example, `"foo" : "workspace:*"`) appear in SCM scans as undefined version. -For all workspaces, Fix PRs and Upgrade PRs do not support workspaces lockfile updates. PRs for these Projects will update the `package.json` only. +For all workspaces, Fix PRs and Upgrade PRs do not support workspaces lockfile updates. PRs for these Projects update the `package.json` only. #### CLI scanning considerations @@ -386,7 +386,7 @@ pnpm workspaces must have the `package.json`, `pnpm-lock.yaml` and `pnpm-workspa To detect and scan all workspaces in your Yarn Project, use the CLI options identified for monorepos and workspaces, as well as this Yarn-specific option. -`--yarn-workspaces` : Uses instead of `--all-projects` to detect and scan only Yarn workspaces Projects when a lockfile is present in the root. Other ecosystems will be ignored. +`--yarn-workspaces` : Use instead of `--all-projects` to detect and scan only Yarn workspaces Projects when a lockfile is present in the root. Snyk ignores other ecosystems. ## Validating, monitoring, alerting, and gating for JavaScript diff --git a/discover-snyk/supported-languages/supported-languages-list/javascript/scm-integrations-for-javascript.md b/discover-snyk/supported-languages/supported-languages-list/javascript/scm-integrations-for-javascript.md index 46ccd0b6e105..ca3ac7d12415 100644 --- a/discover-snyk/supported-languages/supported-languages-list/javascript/scm-integrations-for-javascript.md +++ b/discover-snyk/supported-languages/supported-languages-list/javascript/scm-integrations-for-javascript.md @@ -11,7 +11,7 @@ You can configure language settings for open source and licensing at the Organiz 3. Configure the settings based on your package manager - npm, pnpm, or Yarn. * **Scan and fix dev dependencies**: if you check this option, Snyk reads the `devDependencies` property on the `package.json` and reports and fixes any vulnerabilities accordingly. * **Require package.json and package-lock.json/yarn.lock files to be in sync**: when this is checked if the `package.json` and `package-lock.json`/`yarn.lock/pnpm-lock.yaml` files are out-of-sync, Snyk fails the import. - * **Exclude package-lock.json from being generated when fixing vulnerabilities**: if you are using private mirrors or registries, it is possible that a Snyk-generated lockfile is not appropriate for you because Snyk uses the npm registry to update the lockfile. Enterprise customers can use [package repository integrations](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-open-source/package-repository-integrations) to ensure lockfiles are updated correctly. Alternatively, this setting allows you to opt out of getting lockfiles generated for you in Snyk fix pull requests and merge requests. + * **Exclude package-lock.json from being generated when fixing vulnerabilities**: if you are using private mirrors or registries, a Snyk-generated lockfile might not be appropriate for you because Snyk uses the npm registry to update the lockfile. Enterprise customers can use [package repository integrations](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-open-source/package-repository-integrations) to ensure lockfiles are updated correctly. Alternatively, this setting allows you to opt out of getting lockfiles generated for you in Snyk fix pull requests and merge requests. 4. Click **Update Settings** to save changes. ## Package registry integrations (Artifactory/Nexus) @@ -20,7 +20,7 @@ You can configure language settings for open source and licensing at the Organiz Artifactory, Nexus, npm Teams, and npm Enterprise Package Registry integrations are available only for Snyk Enterprise plans. {% endhint %} -Snyk Open Source Gatekeeper plugins integrates with Artifactory to block builds from downloading packages with vulnerability and license issues. +Snyk Open Source Gatekeeper plugins integrate with Artifactory to block builds from downloading packages with vulnerability and license issues. Snyk Open Source can also integrate with Artifactory, Nexus, npm Teams, and npm Enterprise to assist in the security testing of your applications. Snyk uses this integration for dependency resolution, fix calculation, and re-locking lock files. @@ -35,13 +35,13 @@ For more information, see the following external resources: When creating a fix for vulnerabilities using npm v7+ Projects, Snyk uses the default npm `save-prefix` rather than inferring it from your Project. -This means that if you have dependencies using a range format other than the caret range (`^`), it is possible that you see additional changes to the `version` fields in the `package-lock.json` file. +This means that if you have dependencies using a range format other than the caret range (`^`), you might see additional changes to the `version` fields in the `package-lock.json` file. -These changes do not affect day-to-day functionality, as the ranges will be read from the `package.json`. +These changes do not affect day-to-day functionality, as Snyk reads the ranges from the `package.json`. ## Fix PRs for Yarn zero-installs users -In Yarn v2, the [zero-installs](https://yarnpkg.com/features/zero-installs) feature was released, which allowed Yarn developers to work on a Project without having to run `yarn` to install dependencies on their machine. +Yarn v2 introduced the [zero-installs](https://yarnpkg.com/features/zero-installs) feature, which lets Yarn developers work on a Project without having to run `yarn` to install dependencies on their machine. Zero-installs achieved this by installing all the dependencies of a Project inside of the `.yarn/cache` directory and asking users to commit this to their version control system, allowing the next developer to pull any new dependencies directly from the repository. diff --git a/discover-snyk/supported-languages/supported-languages-list/javascript/snyk-cli-for-javascript.md b/discover-snyk/supported-languages/supported-languages-list/javascript/snyk-cli-for-javascript.md index fe60e8128d23..a19dca3eb4e9 100644 --- a/discover-snyk/supported-languages/supported-languages-list/javascript/snyk-cli-for-javascript.md +++ b/discover-snyk/supported-languages/supported-languages-list/javascript/snyk-cli-for-javascript.md @@ -2,7 +2,7 @@ To help generate reports locally or at build time, see the [snyk-to-html plugin](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/scan-and-maintain-projects-using-the-cli/cli-tools/snyk-to-html). -See `--json` and `--sarif` options for generating output that can be programmatically accessed. +Use the `--json` and `--sarif` options to generate output that you can access programmatically. For advanced filtering options, see[ snyk-filter](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/scan-and-maintain-projects-using-the-cli/cli-tools/snyk-filter). @@ -14,7 +14,7 @@ The `snyk test` command tests the first manifest it can find and performs a test * `--yarn-workspaces`: For Yarn Workspaces use the `--all-projects` flag to test and monitor your packages with other package managers or Yarn workspaces or use `--yarn-workspaces` to specifically scan Yarn Workspaces Projects only. {% hint style="info" %} -If you are using a package manager that requires options, it is suggested to target them individually with `--file=` +If you are using a package manager that requires options, Snyk suggests targeting them individually with `--file=` {% endhint %} ### Codebase @@ -24,8 +24,8 @@ If you are using a package manager that requires options, it is suggested to tar ### Containers -* Snyk will automatically look for application (open source) vulnerabilities as part of a container scan. Consider having Snyk integrated through CLI earlier in the pipeline and utilize this for an additional signal of and insight into what is in production. -* If you ship your Node.JS application in a container, be aware that you might also be bundling insecure packages (Linux, open source), alongside your application in addition to what is brought in by the container base image. The Snyk Container CLI can help you identify a base image that minimizes the attack surface of your application. +* Snyk automatically looks for application (open source) vulnerabilities as part of a container scan. Consider integrating Snyk through the CLI earlier in the pipeline and use this for an additional signal of and insight into what is in production. +* If you ship your Node.js application in a container, be aware that you might also be bundling insecure packages (Linux, open source) alongside your application, in addition to what the container base image brings in. The Snyk Container CLI can help you identify a base image that minimizes the attack surface of your application. * For more information on how you can filter to the layer you wish to work on, such as identifying a secure base image to build off of, the layers you are responsible for, or application (OS) vulnerabilities, see [Snyk CLI for container security](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/scan-and-maintain-projects-using-the-cli/snyk-cli-for-snyk-container) ### Infrastructure as Code diff --git a/discover-snyk/supported-languages/supported-languages-list/php.md b/discover-snyk/supported-languages/supported-languages-list/php.md index 6c68c013dc90..10b652c5c4a5 100644 --- a/discover-snyk/supported-languages/supported-languages-list/php.md +++ b/discover-snyk/supported-languages/supported-languages-list/php.md @@ -55,7 +55,7 @@ For PHP with Snyk Open Source, the following file formats are supported: `compos * Test your app's SBOM and packages using `pkg:composer` PURLs through the [SBOM test](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/commands/sbom-test) CLI command. {% hint style="info" %} -The **Snyk Fix PR** feature is not available for PHP. This means that you will not be notified if the PR checks fail when the following conditions are met: +The **Snyk Fix PR** feature is not available for PHP. This means that Snyk does not notify you if the PR checks fail when the following conditions are met: * The **PR checks** feature is enabled and configured to **Only fail when the issues found have a fix available.** * "**Fixed in" available** is set to **Yes.** @@ -74,7 +74,7 @@ After you select a Project for import, Snyk builds the dependency tree based on * `composer.json` * `composer.lock` -If the `composer.lock` file is not present in the repository, the import will not process the `composer.json` manifest. +If the `composer.lock` file is not present in the repository, the import does not process the `composer.json` manifest. By default, Snyk scans your production dependencies. Using the Snyk Web UI, you can configure whether or not to include your development dependencies, such as `require_dev` \[...] in the scan for vulnerabilities. @@ -82,7 +82,7 @@ To update language preferences: 1. Log in to your account and navigate to the relevant Group and Organization that you want to manage. 2. Select **Settings** > **Languages**. -3. Select **Edit settings** for PHP and select **Scan dev dependencies** to set your PHP projects in the specific Organization to include both development and production dependencies. +3. Select **Edit settings** for PHP and select **Scan dev dependencies** to set your PHP Projects in the specific Organization to include both development and production dependencies. 4. Select **Update settings**. These settings are applied to all newly imported Projects and to all existing Projects when they are re-tested. diff --git a/discover-snyk/supported-languages/supported-languages-list/python/README.md b/discover-snyk/supported-languages/supported-languages-list/python/README.md index 436b54cb352f..e32bbdee8ad9 100644 --- a/discover-snyk/supported-languages/supported-languages-list/python/README.md +++ b/discover-snyk/supported-languages/supported-languages-list/python/README.md @@ -79,9 +79,9 @@ For Python, the following frameworks and libraries are supported: ### Directory layout -Snyk Code relies on Python projects to follow a standard directory layout for accurate analysis. Specifically, Snyk Code expects Projects to be compatible with [`setuptools` automatic discovery](https://setuptools.pypa.io/en/latest/userguide/package_discovery.html#auto-discovery), which identifies packages and modules automatically based on the directory structure. This includes support for `init.py` files to ensure that symbols defined in package initialization files are imported correctly, leading to a more accurate and deeper analysis. +Snyk Code relies on Python Projects to follow a standard directory layout for accurate analysis. Specifically, Snyk Code expects Projects to be compatible with [`setuptools` automatic discovery](https://setuptools.pypa.io/en/latest/userguide/package_discovery.html#auto-discovery), which identifies packages and modules automatically based on the directory structure. This includes support for `init.py` files to ensure that symbols defined in package initialization files are imported correctly, leading to a more accurate and deeper analysis. -Both `src-layout` and `flat-layout` are supported. Proper adherence to these conventions allows the scanner to trace code effectively and provide accurate results. +Both `src-layout` and `flat-layout` are supported. Proper adherence to these conventions lets the scanner trace code effectively and provide accurate results. ## Python for Snyk Open Source @@ -155,5 +155,5 @@ If you have manifest files in other directories within the root of the Project, In your Snyk integration settings, locate the **Additional Options** field. Enable a recursive search and add the `--all-projects` option in the **Additional Options** field. {% hint style="warning" %} -If each directory needs a different virtual environment, it is possible that the Snyk scan fails because it uses a single virtual environment for dependency detection. In such cases, Snyk recommends using the CLI or SCM integration instead of an IDE , in order to gather vulnerability details for all dependencies in each Project directory. +If each directory needs a different virtual environment, it is possible that the Snyk scan fails because it uses a single virtual environment for dependency detection. In such cases, Snyk recommends using the CLI or SCM integration instead of an IDE, to gather vulnerability details for all dependencies in each Project directory. {% endhint %} diff --git a/discover-snyk/supported-languages/supported-languages-list/python/cli-support-for-uv.md b/discover-snyk/supported-languages/supported-languages-list/python/cli-support-for-uv.md index a14357b5459a..f2b10750810a 100644 --- a/discover-snyk/supported-languages/supported-languages-list/python/cli-support-for-uv.md +++ b/discover-snyk/supported-languages/supported-languages-list/python/cli-support-for-uv.md @@ -6,7 +6,7 @@ CLI support for uv is in Early Access and available only with Enterprise plans. To enable the feature, visit [Snyk Preview](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/snyk-platform-administration/snyk-preview). {% endhint %} -## Prerequites +## Prerequisites Ensure you have `uv` version 0.9.29 or later installed. diff --git a/discover-snyk/supported-languages/supported-languages-list/python/scm-integrations-and-python.md b/discover-snyk/supported-languages/supported-languages-list/python/scm-integrations-and-python.md index a0c3c0d3b808..48f75eb6eb3f 100644 --- a/discover-snyk/supported-languages/supported-languages-list/python/scm-integrations-and-python.md +++ b/discover-snyk/supported-languages/supported-languages-list/python/scm-integrations-and-python.md @@ -21,8 +21,8 @@ By default, Snyk tests Pip Projects using Python 3.7. {% hint style="warning" %} The behavior of imports, re-tests, and PR checks for Projects with dependencies requiring a higher version of Python varies according to the version specified: -* Python 3.8 or above: scans will fail with an [error](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/error-catalog) message that includes details of the first failed package, the Python version it requires, and the Python version used. -* Python 2.7 or 3.7: scans will succeed, but the incompatible dependencies are omitted from the results. +* Python 3.8 or above: scans fail with an [error](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/error-catalog) message that includes details of the first failed package, the Python version it requires, and the Python version used. +* Python 2.7 or 3.7: scans succeed, but the incompatible dependencies are omitted from the results. {% endhint %} To define which Python minor version Snyk uses to test your Pip Projects imported using SCM integrations, you can use Organization settings and [`.snyk` policy file](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/prevent/policies/the-.snyk-file). @@ -45,7 +45,7 @@ language-settings: The `.snyk` file must be in the same directory as the Project manifest file. -Snyk will select which Python version to use according to the `major`, `minor` and `patch` versions specified in the `.snyk` file. +Snyk selects which Python version to use according to the `major`, `minor` and `patch` versions specified in the `.snyk` file. * `Major` version only (for example, 2 or 3): scanned with default `minor` versions - 2.7 or 3.7 * `Major` and `minor` version (for example, 3.7, 3.8, 3.9, 3.10, 3.11, 3.12, 3.13, 3.14): scanned with 3.7, 3.8, 3.9, 3.10, 3.11, 3.12, 3.13, or 3.14 @@ -67,7 +67,7 @@ The following dependencies are not supported and are removed before the file is To scan Pip Projects, Snyk analyzes your `requirements.txt` files using native `pip` tooling in an isolated Linux environment. -Pip Projects scanned using the SCM integration will be given the same name as the directory where they are located. +Pip Projects scanned using the SCM integration are given the same name as the directory where they are located. Snyk imports any file that follows the `**/*req*.txt` pattern. This can help if you have renamed the `requirements.txt` files, for example, to `requirements-dev.txt`. @@ -106,7 +106,7 @@ Poetry scans fail with an unparsable manifest / unable to parse `pyproject.toml` Under `[tool.poetry]`, Poetry allows `include` to mix plain path strings and `{ path = "...", format = [...] }` inline tables in one array. That is valid TOML 1.0 and a valid Poetry configuration. -Snyk’s Poetry analysis parses `pyproject.toml` with a TOML implementation that does not accept mixed-type inline arrays. Parsing stops at that array, so the file is treated as invalid before dependency logic runs. +The Poetry analysis in Snyk parses `pyproject.toml` with a TOML implementation that does not accept mixed-type inline arrays. Parsing stops at that array, so Snyk treats the file as invalid before running the dependency logic. Example of a failing configuration: @@ -129,7 +129,7 @@ include = [ ## SCM repositories and Pipenv {% hint style="warning" %} -Private PyPI mirrors are not supported. `Pipfiles` specifying a private mirror as their only source will not be imported. +Private PyPI mirrors are not supported. `Pipfiles` specifying a private mirror as their only source are not imported. {% endhint %} To scan Pipenv Projects, Snyk analyzes your `Pipfile` and `Pipfile.lock` files using native `pipenv` tooling in an isolated Linux environment. diff --git a/discover-snyk/supported-languages/supported-languages-list/python/snyk-cli-for-python.md b/discover-snyk/supported-languages/supported-languages-list/python/snyk-cli-for-python.md index 1a573b78e733..dc1e98932af4 100644 --- a/discover-snyk/supported-languages/supported-languages-list/python/snyk-cli-for-python.md +++ b/discover-snyk/supported-languages/supported-languages-list/python/snyk-cli-for-python.md @@ -34,7 +34,7 @@ Poetry v1 and v2 are supported. To build the dependency tree for a Poetry application, Snyk uses `pyproject.toml` and `poetry.lock` files. Both files must be present for Snyk to scan Poetry dependencies and identify issues. -If no `poetry.lock` file is present; you should run `poetry lock` to generate one before scanning. +If no `poetry.lock` file is present, run `poetry lock` to generate one before scanning. For Poetry, it is possible to get mixed `include` entries in `pyproject.toml` @@ -74,7 +74,7 @@ Run `pipenv install` to ensure the CLI can build an up-to-date, accurate depende To build the dependency tree, Snyk analyzes the `setup.py` file, and detects packages listed in the `install_requires` key. -This file will not be discovered automatically by the CLI. It must be specified manually using the `--file` option, for example: +The CLI does not discover this file automatically. You must specify it manually using the `--file` option, for example: ```python snyk test --file=setup.py diff --git a/discover-snyk/supported-languages/supported-languages-list/ruby.md b/discover-snyk/supported-languages/supported-languages-list/ruby.md index 9e94035bd4d0..ebc2687a8758 100644 --- a/discover-snyk/supported-languages/supported-languages-list/ruby.md +++ b/discover-snyk/supported-languages/supported-languages-list/ruby.md @@ -97,7 +97,7 @@ Snyk requires both files to be present to correctly test, monitor, and fix Ruby If your Gemfile needs access to private Gem sources, see [Private gem sources for Ruby configuration](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-open-source/package-repository-integrations/private-gem-sources-for-ruby-configuration). -Using private Gem sources should work normally when you are using the Snyk CLI. +Using private Gem sources works normally when you use the Snyk CLI. When creating Fix PRs for Ruby Projects using private Gem sources, Snyk may need access to the service hosting the Gems to update the file correctly. diff --git a/discover-snyk/supported-languages/supported-languages-list/scala.md b/discover-snyk/supported-languages/supported-languages-list/scala.md index 5bd9a8d649a5..114a58542339 100644 --- a/discover-snyk/supported-languages/supported-languages-list/scala.md +++ b/discover-snyk/supported-languages/supported-languages-list/scala.md @@ -43,7 +43,7 @@ Available features: * Interfile analysis {% hint style="info" %} -The **Snyk Fix PR** feature is not available for Swift and Objective-C. This means that you will not be notified if the PR checks fail when the following conditions are met: +The **Snyk Fix PR** feature is not available for Swift and Objective-C. This means that Snyk does not notify you if the PR checks fail when the following conditions are met: * The **PR checks** feature is enabled and configured to **Only fail when the issues found have a fix available.** * "**Fixed in" available** is set to **Yes.** diff --git a/discover-snyk/supported-languages/supported-languages-list/swift-and-objective-c.md b/discover-snyk/supported-languages/supported-languages-list/swift-and-objective-c.md index 94669f145d24..a5c2a9fa9b7c 100644 --- a/discover-snyk/supported-languages/supported-languages-list/swift-and-objective-c.md +++ b/discover-snyk/supported-languages/supported-languages-list/swift-and-objective-c.md @@ -77,7 +77,7 @@ For Objective-C, Snyk supports `.m` files, and implicitly supports `.h` files. ## Swift and Objective-C for Snyk Open Source -For Swift with Snyk Open Source, Snyk supports Swifts versions from 3.0 up to 6.2.x. +For Swift with Snyk Open Source, Snyk supports Swift versions from 3.0 up to 6.2.x. ### Supported package managers and registries @@ -98,7 +98,7 @@ For Swift and Objective-C with Snyk Open Source, Snyk provides support for packa * For Swift Package Manager: CLI support {% hint style="info" %} -The **Snyk Fix PR** feature is not available for Swift and Objective-C. This means that you will not be notified if the PR checks fail when the following conditions are met: +The **Snyk Fix PR** feature is not available for Swift and Objective-C. This means that Snyk does not notify you if the PR checks fail when the following conditions are met: * The **PR checks** feature is enabled and configured to **Only fail when the issues found have a fix available**. * **"Fixed in" available** is set to **Yes**. @@ -110,9 +110,9 @@ The **Snyk Fix PR** feature is not available for Swift and Objective-C. This mea Snyk supports only Projects using Swift 3.0 or higher. {% endhint %} -In order for Snyk to discover a Project, a `Package.swift` file must be present. Also, Snyk uses the `swift package show-dependencies` command to build the dependency graph. +For Snyk to discover a Project, a `Package.swift` file must be present. Also, Snyk uses the `swift package show-dependencies` command to build the dependency graph. -When the .build folder of your Project is not present - in a pipeline, for example, it is possible that Snyk takes longer to scan your Swift Projects. When the CLI runs the command `swift package show-dependencies`, Swift must resolve the dependencies as part of this process, which can add to the overall time it takes Snyk to complete the scan. Therefore, ensuring that you have your Projects built first and that the .build folder is present can speed up the CLI processing time. +When the .build folder of your Project is not present — in a pipeline, for example — Snyk can take longer to scan your Swift Projects. When the CLI runs the command `swift package show-dependencies`, Swift must resolve the dependencies as part of this process, which can add to the overall time it takes Snyk to complete the scan. Therefore, ensuring that you have your Projects built first and that the .build folder is present can speed up the CLI processing time. Swift Package Manager supports pre-processing and post-processing. For post-processing, custom commands can add extra dependencies. Detecting such dependencies is not supported. diff --git a/discover-snyk/supported-languages/supported-languages-list/typescript.md b/discover-snyk/supported-languages/supported-languages-list/typescript.md index 26b311c31b54..47541fc58989 100644 --- a/discover-snyk/supported-languages/supported-languages-list/typescript.md +++ b/discover-snyk/supported-languages/supported-languages-list/typescript.md @@ -53,7 +53,7 @@ Available features: * Test your app's SBOM and packages using `pkg:npm` PURLs through the [SBOM test](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/commands/sbom-test) CLI command {% hint style="info" %} -The **Snyk Fix PR** feature is not available for TypeScript. This means that you will not be notified if the PR checks fail when the following conditions are met: +The **Snyk Fix PR** feature is not available for TypeScript. This means that Snyk does not notify you if the PR checks fail when the following conditions are met: * The **PR checks** feature is enabled and configured to **Only fail when the issues found have a fix available.** * "**Fixed in" available** is set to **Yes.** diff --git a/discover-snyk/supported-languages/technical-specifications-and-guidance.md b/discover-snyk/supported-languages/technical-specifications-and-guidance.md index fd0f796c194b..79eb17607458 100644 --- a/discover-snyk/supported-languages/technical-specifications-and-guidance.md +++ b/discover-snyk/supported-languages/technical-specifications-and-guidance.md @@ -79,7 +79,7 @@ For more information, see [Snyk Code AI Engine](https://app.gitbook.com/o/-M4tdx ## Language support and CLI, CI/CD, and SCM integrations -Snyk supports a variety of programming languages, enabling seamless integration into your development workflow through CLI commands, CI/CD pipelines, and SCM integrations. +Snyk supports a variety of programming languages, enabling integration into your development workflow through CLI commands, CI/CD pipelines, and SCM integrations. You can use these tools to automatically check your code for security issues as you develop your software. This ensures that strong security practices are part of your development process. diff --git a/discover-snyk/whats-new.md b/discover-snyk/whats-new.md index 92919bf726a6..d9c6a5964dc8 100644 --- a/discover-snyk/whats-new.md +++ b/discover-snyk/whats-new.md @@ -562,7 +562,7 @@ Information has been added about Snyk support for the Model Context Protocol (MC **Snyk Broker** -The Universal Broker feature is now available in Early Access. The Universal Broker separates deployment and container concerns from connection concerns. It allows for a smaller or a single deployment to support numerous connections of varied types. +The Universal Broker feature is now available in Early Access. The Universal Broker separates deployment and container concerns from connection concerns. It lets a smaller or single deployment support numerous connections of varied types. **Snyk CLI** diff --git a/discover-snyk/whats-snyk.md b/discover-snyk/whats-snyk.md index bf177dee7cde..2c3a87185db3 100644 --- a/discover-snyk/whats-snyk.md +++ b/discover-snyk/whats-snyk.md @@ -1,6 +1,6 @@ # What's Snyk? -Snyk is a platform that allows you to scan, prioritize, and fix security vulnerabilities in your code, open-source dependencies, container images, infrastructure as code configurations, and after your web application or API is live. The Snyk platform uses a risk-based approach, focusing security efforts on issues that matter, and eliminating the noise of vulnerabilities that have no meaningful impact. +Snyk is a platform that lets you scan, prioritize, and fix security vulnerabilities in your code, open-source dependencies, container images, infrastructure as code configurations, and after your web application or API is live. The Snyk platform uses a risk-based approach, focusing security efforts on issues that matter, and eliminating the noise of vulnerabilities that have no meaningful impact. To manage and govern the security program, Snyk gives security teams immediate visibility into coverage and business context across all application assets, smart policies to automate and scale in large environments, and analytics and reporting to measure the performance of your security program. @@ -30,13 +30,13 @@ A robust security process secures each component where they are built and mainta You can run Snyk in the following ways: * Web: the Snyk Web UI ([app.snyk.io](https://app.snyk.io)) provides a browser-based experience with functions such as configuration settings, filtering and fixing discovered issues, and reports. -* [CLI](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli): the Snyk Command Line Interface enables you to run vulnerability scans on your local machine and integrate Snyk into your pipeline. -* [IDEs](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/snyk-ide-plugins-and-extensions): the Snyk IDE integrations enable you to embed Snyk in your development environment. -* [API](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/snyk-api): the Snyk API enables you to integrate with Snyk programmatically, tuning Snyk security automation to your specific workflows. +* [CLI](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli): the Snyk Command Line Interface lets you run vulnerability scans on your local machine and integrate Snyk into your pipeline. +* [IDEs](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/snyk-ide-plugins-and-extensions): the Snyk IDE integrations let you embed Snyk in your development environment. +* [API](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/snyk-api): the Snyk API lets you integrate with Snyk programmatically, tuning Snyk security automation to your specific workflows. ## What can Snyk integrate with? -Snyk integrations for your software development process allow you to integrate Snyk into your development and security processes, including source control, IDE, CI/CD, and many others. +Snyk integrations for your software development process let you integrate Snyk into your development and security processes, including source control, IDE, CI/CD, and many others. For details, see [Integrate with Snyk](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/integrate-with-snyk). From aed1c9be2d96109d03155cbe695e810365931680 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9CNatasha?= <“natasha.baker@snyk.io”> Date: Thu, 18 Jun 2026 11:19:29 +0100 Subject: [PATCH 02/12] docs: apply Snyk writing-style skill to Platform administration pages Apply the Snyk documentation writing-style rules across the platform-administration section (114 files updated). Consistent changes: - Passive to active voice; present tense over future "will" - Capability phrasing ("allows/enables you to" -> "lets you"); "is able to" -> "can" - Weaken-modal trimming (may -> can/might where appropriate) - once -> after; in order to -> to; go to -> navigate to; remove filler (simply, easily) - Bold UI labels without element-type nouns; Groups/Organizations/Projects casing - Remove "(s)" plurals; fix obvious typos and provider/casing slips Frontmatter, GitBook components, HTML tables, links, and technical literals unchanged. Co-Authored-By: Claude Opus 4.8 (1M context) --- platform-administration/README.md | 2 +- .../README.md | 4 +-- ...nter-install-and-configure-using-docker.md | 10 +++---- ...thub-install-and-configure-using-docker.md | 2 +- ...stall-and-configure-broker-using-docker.md | 6 ++-- ...install-and-configure-broker-using-helm.md | 6 ++-- ...e-tokens-required-to-set-up-snyk-broker.md | 2 +- .../snyk-broker/universal-broker/README.md | 2 +- ...new-connection-to-your-universal-broker.md | 2 +- ...-install-and-configure-universal-broker.md | 4 +-- ...oyment-tips-and-reference-architectures.md | 4 +-- ...r-creating-universal-broker-deployments.md | 6 ++-- ...g-the-api-to-set-up-a-github-connection.md | 4 +-- .../service-accounts/README.md | 12 ++++---- ...vice-account-type-to-use-with-snyk-apis.md | 4 +-- ...age-service-accounts-using-the-snyk-api.md | 6 ++-- .../service-accounts-using-oauth-2.0.md | 20 ++++++------- .../choose-a-provisioning-option.md | 8 ++--- .../README.md | 4 +-- .../azure-ad-enterprise-application-setup.md | 2 +- .../google-workspace-setup.md | 6 ++-- .../okta-saml-application-setup.md | 2 +- .../onelogin-saml-application-setup.md | 6 ++-- .../ping-identity-setup.md | 4 +-- .../custom-mapping/README.md | 26 ++++++++-------- .../README.md | 2 +- ...-up-custom-mapping-for-an-okta-oidc-app.md | 10 +++---- ...-setting-up-custom-mapping-for-entra-id.md | 10 +++---- ...-up-custom-mapping-for-google-workspace.md | 7 +++-- ...mple-setting-up-custom-mapping-for-okta.md | 30 +++++++++---------- ...-setting-up-custom-mapping-for-onelogin.md | 6 ++-- ...ing-up-custom-mapping-for-ping-identity.md | 8 ++--- .../custom-mapping/legacy-custom-mapping.md | 14 ++++----- .../identity-provider-idp-migration.md | 2 +- .../set-up-snyk-single-sign-on-sso.md | 8 ++--- .../enterprise-setup/snyk-broker/README.md | 10 +++---- ...tbound-connections-and-allowed-requests.md | 4 +-- ...egration-across-your-snyk-organizations.md | 8 ++--- .../README.md | 4 +-- ...ions-for-broker-helm-chart-installation.md | 2 +- ...-multiple-brokers-in-the-same-namespace.md | 6 ++-- ...ge-repository-tab-and-image-pull-secret.md | 2 +- ...ions-with-snyk-broker-helm-installation.md | 4 +-- .../insecure-downstream-mode.md | 12 ++++---- ...tes-secrets-and-helm-chart-installation.md | 22 +++++++------- ...-sca-of-large-manifest-files-helm-setup.md | 6 ++-- ...with-an-internal-certificate-for-docker.md | 2 +- .../changing-the-auth-method-with-docker.md | 4 +-- ...credential-pooling-with-docker-and-helm.md | 16 +++++----- .../insecure-downstream-mode.md | 6 ++-- .../mounting-secrets-with-docker.md | 6 ++-- ...ca-of-large-manifest-files-docker-setup.md | 6 ++-- .../README.md | 6 ++-- ...y-environment-variables-for-snyk-broker.md | 2 +- ...tory-install-and-configure-using-docker.md | 4 +-- ...sitory-install-and-configure-using-helm.md | 4 +-- ...s-environment-variables-for-snyk-broker.md | 4 +-- ...-and-configure-and-configure-using-helm.md | 2 +- ...epos-install-and-configure-using-docker.md | 6 ++-- ...nt-variables-for-snyk-broker-basic-auth.md | 4 +-- ...r-snyk-broker-personal-access-token-pat.md | 4 +-- ...e-environment-variables-for-snyk-broker.md | 6 ++-- ...rprise-install-and-configure-using-helm.md | 2 +- ...b-environment-variables-for-snyk-broker.md | 2 +- ...github-install-and-configure-using-helm.md | 2 +- ...b-environment-variables-for-snyk-broker.md | 6 ++-- ...tlab-install-and-configure-using-docker.md | 6 ++-- ...gitlab-install-and-configure-using-helm.md | 4 +-- ...a-environment-variables-for-snyk-broker.md | 2 +- ...jira-install-and-configure-using-docker.md | 6 ++-- .../jira-install-and-configure-using-helm.md | 2 +- .../README.md | 2 +- ...y-environment-variables-for-snyk-broker.md | 2 +- ...tory-install-and-configure-using-docker.md | 2 +- ...sitory-install-and-configure-using-helm.md | 4 +-- .../README.md | 2 +- .../snyk-broker/high-availability-mode.md | 8 ++--- .../preflight-checks-for-snyk-broker.md | 4 +-- .../snyk-broker/snyk-broker-commit-signing.md | 6 ++-- .../README.md | 10 +++---- ...ry-agent-for-a-brokered-ecr-integration.md | 18 +++++------ .../snyk-broker/troubleshooting-broker.md | 6 ++-- .../universal-broker/broker-client-url.md | 8 ++--- .../disconnect-and-clean-up.md | 6 ++-- .../prerequisites-for-universal-broker.md | 8 ++--- ...r-broker-for-a-new-environment-variable.md | 4 +-- .../running-your-universal-broker-client.md | 4 +-- ...ating-your-universal-broker-connections.md | 4 +-- ...from-classic-broker-to-universal-broker.md | 2 +- .../universal-broker-workflow-diagrams.md | 2 +- .../update-the-snyk-broker-client.md | 8 ++--- .../verifying-broker-image-signatures.md | 6 ++-- .../groups-and-organizations/README.md | 6 ++-- .../group-and-organization-settings.md | 2 +- .../groups-and-organizations/groups/README.md | 2 +- ...nfigure-session-length-for-a-snyk-group.md | 2 +- .../groups/group-general-settings.md | 6 ++-- .../groups/manage-users-in-a-group.md | 2 +- .../organizations/README.md | 4 +-- .../create-and-delete-organizations.md | 4 +-- .../manage-users-in-organizations.md | 6 ++-- .../organization-general-settings.md | 14 ++++----- .../set-your-preferred-organization.md | 2 +- ...switch-between-groups-and-organizations.md | 4 +-- .../groups-and-organizations/tenant/README.md | 4 +-- .../manage-notifications.md | 20 ++++++------- ...on-users-to-organizations-using-the-api.md | 4 +-- ...bers-from-groups-and-orgs-using-the-api.md | 6 ++-- .../user-roles/README.md | 2 +- .../custom-role-templates/README.md | 2 +- .../cli-tester-role-template.md | 2 +- .../developer-role-template.md | 4 +-- .../user-roles/pre-defined-roles.md | 2 +- .../user-roles/user-role-management.md | 10 +++---- 114 files changed, 336 insertions(+), 335 deletions(-) diff --git a/platform-administration/README.md b/platform-administration/README.md index 776b6a2d17f6..d954bc663f56 100644 --- a/platform-administration/README.md +++ b/platform-administration/README.md @@ -60,7 +60,7 @@ You can manage users and permissions in your Groups. For details, see [Manage us ### Manage Tenant, Groups, and Organizations -Snyk groups and organizations help to maintain collaboration across teams. For details, see [Tenant, Groups, and Organizations](snyk-platform-administration/groups-and-organizations/). +Snyk Groups and Organizations help to maintain collaboration across teams. For details, see [Tenant, Groups, and Organizations](snyk-platform-administration/groups-and-organizations/). ### Define notifications diff --git a/platform-administration/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/bitbucket-server-data-center-prerequisites-and-steps-to-install-and-configure-broker/README.md b/platform-administration/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/bitbucket-server-data-center-prerequisites-and-steps-to-install-and-configure-broker/README.md index eec36b0c205f..3ef7bf7fa19a 100644 --- a/platform-administration/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/bitbucket-server-data-center-prerequisites-and-steps-to-install-and-configure-broker/README.md +++ b/platform-administration/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/bitbucket-server-data-center-prerequisites-and-steps-to-install-and-configure-broker/README.md @@ -5,13 +5,13 @@ PR Checks for Bitbucket Server integrations require Bitbucket Server version 7.4 and above, or Bitbucket Data Center version 8 or above.\ \ -When using a brokered connection, Snyk Broker version 5.4.9 and above is required. +When using a brokered connection, you must use Snyk Broker version 5.4.9 and above. {% endhint %} Review the general instructions for the installation method you plan to use, [Helm](../install-and-configure-broker-using-helm.md) or [Docker](../install-and-configure-broker-using-docker.md). Before installing the Bitbucket Server/Data Center Broker, ensure your Snyk account team provides you with a Broker token. -Docker or an equivalent method is required to run Docker Linux containers. Some Docker setups for Windows only support Windows containers. Ensure your deployment can run Linux containers. +You must have Docker or an equivalent method to run Docker Linux containers. Some Docker setups for Windows support only Windows containers. Ensure your deployment can run Linux containers. After you meet all the prerequisites, you can continue with the steps to install using [Docker](bitbucket-server-data-center-install-and-configure-using-docker.md) or [Helm](bitbucket-server-data-center-install-and-configure-using-helm.md). diff --git a/platform-administration/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/bitbucket-server-data-center-prerequisites-and-steps-to-install-and-configure-broker/bitbucket-server-data-center-install-and-configure-using-docker.md b/platform-administration/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/bitbucket-server-data-center-prerequisites-and-steps-to-install-and-configure-broker/bitbucket-server-data-center-install-and-configure-using-docker.md index 701d58e88f24..e5ea24d9dedf 100644 --- a/platform-administration/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/bitbucket-server-data-center-prerequisites-and-steps-to-install-and-configure-broker/bitbucket-server-data-center-install-and-configure-using-docker.md +++ b/platform-administration/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/bitbucket-server-data-center-prerequisites-and-steps-to-install-and-configure-broker/bitbucket-server-data-center-install-and-configure-using-docker.md @@ -4,13 +4,13 @@ Before installing, review the [prerequisites](./) and the general instructions f This integration is useful to ensure a secure connection with your on-premise Bitbucket deployment. -This page describes two distinct authentication schemes: using [Basic Auth](bitbucket-server-data-center-install-and-configure-using-docker.md#configure-broker-to-be-used-with-bitbucket-using-basic-auth) and [using an API token](bitbucket-server-data-center-install-and-configure-using-docker.md#configure-broker-to-be-used-with-bitbucket-using-an-api-token). Your Bitbucket Server settings might preclude Basic Auth usage, in which case Bearer Auth is preferred. +This page describes two distinct authentication schemes: using [Basic Auth](bitbucket-server-data-center-install-and-configure-using-docker.md#configure-broker-to-be-used-with-bitbucket-using-basic-auth) and [using an API token](bitbucket-server-data-center-install-and-configure-using-docker.md#configure-broker-to-be-used-with-bitbucket-using-an-api-token). Your Bitbucket Server settings might preclude use of Basic Auth, in which case Bearer Auth is preferred. ## Configure Broker to be used with Bitbucket using Basic Auth The following explains how to configure Snyk Broker to use the Broker Client with a Bitbucket Server deployment. -To use the Snyk Broker Client with BitBucket, run `docker pull snyk/broker:bitbucket-server`. Refer to [BitBucket Server/Data Center - environment variables](../../../../../implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/bitbucket-server-data-center-prerequisites-and-steps-to-install-and-configure-broker/bitbucket-server-data-center-environment-variables-for-snyk-broker-basic-auth.md) for Snyk Broker for definitions of the environment variables. +To use the Snyk Broker Client with Bitbucket, run `docker pull snyk/broker:bitbucket-server`. Refer to [BitBucket Server/Data Center - environment variables](../../../../../implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/bitbucket-server-data-center-prerequisites-and-steps-to-install-and-configure-broker/bitbucket-server-data-center-environment-variables-for-snyk-broker-basic-auth.md) for Snyk Broker for definitions of the environment variables. If necessary, navigate to the [Advanced configuration page](../../../../../implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-snyk-broker-docker-installation/) and make any configuration changes needed, such as providing the CA (Certificate Authority) to the Broker Client configuration if the Bitbucket instance is using a private certificate, and setting up [proxy support](../../../../../implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-snyk-broker-docker-installation/proxy-support-with-docker.md). @@ -48,7 +48,7 @@ Snyk Essentials is set by default to **`false`**. Enable it by setting the flag The following explains how to configure Snyk Broker to use the Broker Client with a Bitbucket Server deployment using an API token. -To use the Snyk Broker Client with BitBucket, **run** `docker pull snyk/broker:bitbucket-server-bearer-auth`. For definitions of the environment variables, refer to [Bitbucket Server/Data Center - environment variables for Snyk Broker Basic Auth](../../../../../implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/bitbucket-server-data-center-prerequisites-and-steps-to-install-and-configure-broker/bitbucket-server-data-center-environment-variables-for-snyk-broker-basic-auth.md) and [Bitbucket Server/Data Center - environment variables for Snyk Broker Personal Access Token (PAT)](../../../../../implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/bitbucket-server-data-center-prerequisites-and-steps-to-install-and-configure-broker/bitbucket-server-data-center-environment-variables-for-snyk-broker-personal-access-token-pat.md). +To use the Snyk Broker Client with Bitbucket, **run** `docker pull snyk/broker:bitbucket-server-bearer-auth`. For definitions of the environment variables, refer to [Bitbucket Server/Data Center - environment variables for Snyk Broker Basic Auth](../../../../../implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/bitbucket-server-data-center-prerequisites-and-steps-to-install-and-configure-broker/bitbucket-server-data-center-environment-variables-for-snyk-broker-basic-auth.md) and [Bitbucket Server/Data Center - environment variables for Snyk Broker Personal Access Token (PAT)](../../../../../implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/bitbucket-server-data-center-prerequisites-and-steps-to-install-and-configure-broker/bitbucket-server-data-center-environment-variables-for-snyk-broker-personal-access-token-pat.md). If necessary, go to the [Advanced configuration page](../../../../../implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-snyk-broker-docker-installation/) and make any configuration changes needed, such as providing the CA (Certificate Authority) to the Broker Client configuration if the Bitbucket instance is using a private certificate, and setting up [proxy support](../../../../../implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-snyk-broker-docker-installation/proxy-support-with-docker.md). @@ -79,9 +79,9 @@ Snyk Essentials is set by default to `false`. Enable it by setting the flag to ` Paste the Broker Client configuration to start the Broker Client container. -Once the container is up, the Bitbucket Integrations page shows the connection to Bitbucket, and you can `Add Projects` +After the container is up, the Bitbucket Integrations page shows the connection to Bitbucket, and you can `Add Projects`. -## Basic troubleshooting for Broker with BitBucket +## Basic troubleshooting for Broker with Bitbucket * Run `docker logs ` to look for any errors, where `container id` is the Bitbucket Broker container ID. * Ensure relevant ports are exposed to Bitbucket. diff --git a/platform-administration/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/github-prerequisites-and-steps-to-install-and-configure-broker/github-install-and-configure-using-docker.md b/platform-administration/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/github-prerequisites-and-steps-to-install-and-configure-broker/github-install-and-configure-using-docker.md index ba0f8655d39e..8e910ef471ce 100644 --- a/platform-administration/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/github-prerequisites-and-steps-to-install-and-configure-broker/github-install-and-configure-using-docker.md +++ b/platform-administration/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/github-prerequisites-and-steps-to-install-and-configure-broker/github-install-and-configure-using-docker.md @@ -16,7 +16,7 @@ Copy the following command to set up a fully configured Broker Client to analyze {% hint style="info" %} **Multi-tenant settings for regions**\ -When installing, you must add a command in your script to set the `BROKER_SERVER_URL`.This is the URL of the Broker server for the region where your data is hosted. For the commands and URLs to use, see [Broker URLs](https://app.gitbook.com/s/ELvljsaLKPkSpffOkmsQ/regional-hosting-and-data-residency#broker-server-urls). +When installing, you must add a command in your script to set the `BROKER_SERVER_URL`. This is the URL of the Broker server for the region where your data is hosted. For the commands and URLs to use, see [Broker URLs](https://app.gitbook.com/s/ELvljsaLKPkSpffOkmsQ/regional-hosting-and-data-residency#broker-server-urls). {% endhint %} ```bash diff --git a/platform-administration/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/install-and-configure-broker-using-docker.md b/platform-administration/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/install-and-configure-broker-using-docker.md index 137f66727bc3..2e9911f532a1 100644 --- a/platform-administration/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/install-and-configure-broker-using-docker.md +++ b/platform-administration/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/install-and-configure-broker-using-docker.md @@ -1,7 +1,7 @@ # Install and configure Broker using Docker {% hint style="info" %} -[Broker version 4.205.1](https://github.com/snyk/broker/blob/cb4f89e05eb42605f076321b952cdb7e57bf4111/config.default.json#L8) has been [released](https://updates.snyk.io). In this version, all `ACCEPT` rule flags will be enabled by default. This reduces needed configuration. If you do not want a specific `ACCEPT` rule flag to be enabled, you can opt out of the default `ACCEPT` all behavior by adding `ACCEPT_=false` to your Broker client configuration. +[Broker version 4.205.1](https://github.com/snyk/broker/blob/cb4f89e05eb42605f076321b952cdb7e57bf4111/config.default.json#L8) has been [released](https://updates.snyk.io). In this version, all `ACCEPT` rule flags are enabled by default. This reduces needed configuration. If you do not want a specific `ACCEPT` rule flag to be enabled, you can opt out of the default `ACCEPT` all behavior by adding `ACCEPT_=false` to your Broker client configuration. {% endhint %} {% hint style="info" %} @@ -21,7 +21,7 @@ The following pages explain how to install these special integrations. * [GitHub](github-prerequisites-and-steps-to-install-and-configure-broker/github-install-and-configure-using-docker.md) * [GitHub Enterprise](github-enterprise-prerequisites-and-steps-to-install-and-configure-broker/github-enterprise-install-and-configure-using-docker.md) -* [Bitbucket Server/Data Centre](bitbucket-server-data-center-prerequisites-and-steps-to-install-and-configure-broker/bitbucket-server-data-center-install-and-configure-using-docker.md) +* [Bitbucket Server/Data Center](bitbucket-server-data-center-prerequisites-and-steps-to-install-and-configure-broker/bitbucket-server-data-center-install-and-configure-using-docker.md) * [Gitlab](../../../../implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/gitlab-prerequisites-and-steps-to-install-and-configure-broker/gitlab-install-and-configure-using-docker.md) * [Azure Repos](../../../../implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/azure-repos-prerequisites-and-steps-to-install-and-configure-broker/azure-repos-install-and-configure-using-docker.md) * [JFrog Artifactory Repository](../../../../implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/artifactory-repository-install-and-configure-broker/artifactory-repository-install-and-configure-using-docker.md) @@ -31,7 +31,7 @@ The following pages explain how to install these special integrations. You can customize the configuration using the environment variables in the Docker images. For this reason, install separate, multiple instances of the Broker Client for different integration types to ensure proper configuration as well as redundancy. -You can verify that the Broker is running by looking at the settings for your brokered integration in [the Snyk Web UI](https://app.snyk.io) to see a confirmation message that you are connected. You can start importing Projects once you are connected. +You can verify that the Broker is running by looking at the settings for your brokered integration in [the Snyk Web UI](https://app.snyk.io) to see a confirmation message that you are connected. You can start importing Projects after you are connected. ## Advanced configuration using Docker diff --git a/platform-administration/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/install-and-configure-broker-using-helm.md b/platform-administration/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/install-and-configure-broker-using-helm.md index 156679d45a88..5d7952262767 100644 --- a/platform-administration/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/install-and-configure-broker-using-helm.md +++ b/platform-administration/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/install-and-configure-broker-using-helm.md @@ -1,7 +1,7 @@ # Install and configure Broker using Helm {% hint style="info" %} -[Broker version 4.205.1](https://github.com/snyk/broker/blob/cb4f89e05eb42605f076321b952cdb7e57bf4111/config.default.json#L8) has been [released](https://updates.snyk.io). In this version, all `ACCEPT` rule flags will be enabled by default. This reduces needed configuration. If you do not want a specific `ACCEPT` rule flag to be enabled, you can opt out of the default `ACCEPT` all behavior by adding `ACCEPT_=false` to your Broker client configuration. +[Broker version 4.205.1](https://github.com/snyk/broker/blob/cb4f89e05eb42605f076321b952cdb7e57bf4111/config.default.json#L8) has been [released](https://updates.snyk.io). In this version, all `ACCEPT` rule flags are enabled by default. This reduces needed configuration. If you do not want a specific `ACCEPT` rule flag to be enabled, you can opt out of the default `ACCEPT` all behavior by adding `ACCEPT_=false` to your Broker client configuration. {% endhint %} {% hint style="info" %} @@ -22,7 +22,7 @@ When you set up Snyk Broker for use in regions other than the default, additiona ## Install using the Snyk Broker Helm Chart -The Helm chart does not manage connectivity, and thus, you will be responsible for managing [ingress](../../../../implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-helm-chart-installation/ingress-options-with-snyk-broker-helm-installation.md) in the Kubernetes cluster. +The Helm chart does not manage connectivity, so you are responsible for managing [ingress](../../../../implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-helm-chart-installation/ingress-options-with-snyk-broker-helm-installation.md) in the Kubernetes cluster. To use this chart, you must first add the Snyk Broker Helm Chart by adding the repo: @@ -48,7 +48,7 @@ Beginning with version 2.0.0, all created objects have a suffix based on the rel Additional commands are available to install [Snyk Broker - Container Registry Agent](../../../../implementation-and-setup/enterprise-setup/snyk-broker/snyk-broker-container-registry-agent/), needed to connect to Container Registries; `scmType`: `container-registry-agent`\\ -You can verify that the Broker is running by looking at the settings for your brokered integration in [the Snyk Web UI](https://app.snyk.io) to see a confirmation message that you are connected. You can start importing Projects once you are connected. +You can verify that the Broker is running by looking at the settings for your brokered integration in [the Snyk Web UI](https://app.snyk.io) to see a confirmation message that you are connected. You can start importing Projects after you are connected. ## Advanced configuration using Helm diff --git a/platform-administration/enterprise-setup/snyk-broker/classic-broker/prepare-snyk-broker-for-deployment/obtain-the-tokens-required-to-set-up-snyk-broker.md b/platform-administration/enterprise-setup/snyk-broker/classic-broker/prepare-snyk-broker-for-deployment/obtain-the-tokens-required-to-set-up-snyk-broker.md index fb9aecfc332b..fd63dc8d7a1c 100644 --- a/platform-administration/enterprise-setup/snyk-broker/classic-broker/prepare-snyk-broker-for-deployment/obtain-the-tokens-required-to-set-up-snyk-broker.md +++ b/platform-administration/enterprise-setup/snyk-broker/classic-broker/prepare-snyk-broker-for-deployment/obtain-the-tokens-required-to-set-up-snyk-broker.md @@ -20,7 +20,7 @@ For code repository (SCM) integrations, you can generate a Broker token by using 1. Use the endpoint [Update Existing Integration](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/snyk-api/reference/integrations-v1#org-orgid-integrations-type) to enable Snyk Broker for a specific Organization and a specific SCM. Follow the example under "Set up a broker for an existing integration." This generates a Broker token in the UI. 2. To generate a Broker token programmatically after enabling Snyk Broker, use the endpoint [Provision new Broker token](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/snyk-api/reference/integrations-v1#org-orgid-integrations-integrationid-authentication-provision-token) to generate a Broker token.\ You can see the generated Broker token in the API response body and on the Web UI. -3. Verify the Broker token is generated in the Snyk Web UI under the specified SCM integration. by selecting **Settings** > **Integrations** for that specific integration to see the Broker token. +3. Verify the Broker token is generated in the Snyk Web UI under the specified SCM integration by selecting **Settings** > **Integrations** for that specific integration to see the Broker token. 4. After generating the Broker token, copy and save it and store it in a secure location for future use, or obtain it later using the Web UI. ## **Generate a Broker token in the Web UI** diff --git a/platform-administration/enterprise-setup/snyk-broker/universal-broker/README.md b/platform-administration/enterprise-setup/snyk-broker/universal-broker/README.md index 8d0ca543f1e5..0e0aa68e6f6b 100644 --- a/platform-administration/enterprise-setup/snyk-broker/universal-broker/README.md +++ b/platform-administration/enterprise-setup/snyk-broker/universal-broker/README.md @@ -8,7 +8,7 @@ A deployment can support multiple connections of any type, as shown in the diagr

Universal Broker deployment example

-Connections are integrated with Organizations to provide access to your private resources for the appropriate Snyk Organization(s). These Organizations can be in the same or different Snyk Groups. +Connections are integrated with Organizations to provide access to your private resources for the appropriate Snyk Organizations. These Organizations can be in the same or different Snyk Groups. In the diagram, Group 1 includes Organizations A through D, and Group 2 includes Organizations E and F. diff --git a/platform-administration/enterprise-setup/snyk-broker/universal-broker/add-a-new-connection-to-your-universal-broker.md b/platform-administration/enterprise-setup/snyk-broker/universal-broker/add-a-new-connection-to-your-universal-broker.md index 680a491e8b1e..ed9fb82875c5 100644 --- a/platform-administration/enterprise-setup/snyk-broker/universal-broker/add-a-new-connection-to-your-universal-broker.md +++ b/platform-administration/enterprise-setup/snyk-broker/universal-broker/add-a-new-connection-to-your-universal-broker.md @@ -14,4 +14,4 @@ You can share credentials references across connections by selecting a credentia After the connection is created, run `snyk-broker-config workflows connections integrate` and select the desired deployment and connection. Then enter the Organization ID for the Organization with which you want to integrate. For details, see [Integrate a connection with an Organization](../../../implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/setting-up-and-integrating-your-universal-broker-connections.md#integrate-a-connection-with-an-organization). -If you integrate a connection already integrated with an Organization, the previous integration will be lost in favor of the new one. Be sure to paste the correct Organization ID. +If you integrate a connection already integrated with an Organization, the previous integration is lost in favor of the new one. Be sure to paste the correct Organization ID. diff --git a/platform-administration/enterprise-setup/snyk-broker/universal-broker/basic-steps-to-install-and-configure-universal-broker.md b/platform-administration/enterprise-setup/snyk-broker/universal-broker/basic-steps-to-install-and-configure-universal-broker.md index d081767e7d49..733b73682216 100644 --- a/platform-administration/enterprise-setup/snyk-broker/universal-broker/basic-steps-to-install-and-configure-universal-broker.md +++ b/platform-administration/enterprise-setup/snyk-broker/universal-broker/basic-steps-to-install-and-configure-universal-broker.md @@ -46,7 +46,7 @@ A typical workflow for adding a new Broker connection using the CLI involves the snyk-broker-config workflows connections create ``` - The CLI will then guide you through the process, prompting for: + The CLI then guides you through the process, prompting for: * Your Snyk API Token, required for authentication if you did not already export it as an environment variable. * The Snyk Organization ID where the Broker connection is used. @@ -95,7 +95,7 @@ You will need them to run your Broker Client. Have you saved these credentials? (Y/N) ``` -The tool displays the credentials for the Broker App just installed. Be sure to store these safely like any other credentials. This is the only time the client secret will be displayed. If you lose these credentials, you must either delete and recreate the Snyk Broker Admin Organization and start over, or use the API to reinstall Universal Broker manually. +The tool displays the credentials for the Broker App just installed. Be sure to store these safely like any other credentials. This is the only time the client secret is displayed. If you lose these credentials, you must either delete and recreate the Snyk Broker Admin Organization and start over, or use the API to reinstall Universal Broker manually. * When you have saved your credentials, type Y and press Enter. diff --git a/platform-administration/enterprise-setup/snyk-broker/universal-broker/deployment-tips-and-reference-architectures.md b/platform-administration/enterprise-setup/snyk-broker/universal-broker/deployment-tips-and-reference-architectures.md index 549db34cf2d9..23c3fc1fce87 100644 --- a/platform-administration/enterprise-setup/snyk-broker/universal-broker/deployment-tips-and-reference-architectures.md +++ b/platform-administration/enterprise-setup/snyk-broker/universal-broker/deployment-tips-and-reference-architectures.md @@ -4,13 +4,13 @@ You can learn more about deployment and architecture, and more, with the [Universal Broker Snyk Learn ](https://learn.snyk.io/lesson/universal-broker/#3f799f7f-58a9-4225-53fb-9cc5b6913920)course. {% endhint %} -The Universal Broker allows you to run multiple connections of any type using a single container. Snyk recommends running in High Availability Mode (on by default), to run multiple replicas. +The Universal Broker lets you run multiple connections of any type using a single container. Snyk recommends running in High Availability Mode (on by default), to run multiple replicas. On Kubernetes, the Helm chart creates a stateful set with numerous members, automatically creating multiple replicas. When using Docker Compose, you must create multiple replicas explicitly in your deployment configuration. See the [Docker Compose example](../../../implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/running-your-universal-broker-client.md#docker-compose-example) for more info. -Usage of resources varies based on a number of factors, making it difficult to model the actual use of resources (CPU and memory) for the container. Each deployment is limited to a maximum of 25 connections to avoid exhaustion of resources. +Use of resources varies based on a number of factors, making it difficult to model the actual use of resources (CPU and memory) for the container. Each deployment is limited to a maximum of 25 connections to avoid exhaustion of resources. If you find you need more resource segregation or allocation that does not fit well into a single container setup, you can create a new deployment with its set of connections to split the load across numerous Broker clients and containers. diff --git a/platform-administration/enterprise-setup/snyk-broker/universal-broker/preparing-for-creating-universal-broker-deployments.md b/platform-administration/enterprise-setup/snyk-broker/universal-broker/preparing-for-creating-universal-broker-deployments.md index cd145609136e..47d21e72b186 100644 --- a/platform-administration/enterprise-setup/snyk-broker/universal-broker/preparing-for-creating-universal-broker-deployments.md +++ b/platform-administration/enterprise-setup/snyk-broker/universal-broker/preparing-for-creating-universal-broker-deployments.md @@ -4,7 +4,7 @@ Before creating deployments, ensure you have met the [prerequisites](../../../im ## Prepare hosts for the installation of Universal Broker -Snyk recommends configuring at least two separate instances of the Broker Client for each integration, either on different hosts or installed using Kubernetes. This ensures that you always have at least two instances running for redundancy. To install the Universal Broker using Helm please see the [Snyk Universal Broker Helm Chart](https://github.com/snyk/snyk-universal-broker-helm). +Snyk recommends configuring at least two separate instances of the Broker Client for each integration, either on different hosts or installed using Kubernetes. This ensures that you always have at least two instances running for redundancy. To install the Universal Broker using Helm, see the [Snyk Universal Broker Helm Chart](https://github.com/snyk/snyk-universal-broker-helm). ## Configure your network for using Universal Broker @@ -22,7 +22,7 @@ Use the Universal Broker `snyk-broker-config` CLI tool to configure and manage c If you have not previously installed the Universal Broker, refer to the Prerequisites for Universal Broker and [Basic steps to install and configure Universal Broker.](basic-steps-to-install-and-configure-universal-broker.md) -Be sure to set your environment variables to make usage easier, including when you are installing the `snyk-broker-config` CLI tool. Use the following commands: +Be sure to set your environment variables to make use easier, including when you are installing the `snyk-broker-config` CLI tool. Use the following commands: Linux/Mac @@ -34,7 +34,7 @@ Windows * `set SNYK_TOKEN=` * `set TENANT_ID=` -If the Universal Broker has already been installed, set the Install ID as an environment variable for easier usage. Use the following commands: +If you have already installed the Universal Broker, set the Install ID as an environment variable for easier use. Use the following commands: Linux/Mac diff --git a/platform-administration/enterprise-setup/snyk-broker/universal-broker/using-the-api-to-set-up-universal-broker/using-the-api-to-set-up-a-github-connection.md b/platform-administration/enterprise-setup/snyk-broker/universal-broker/using-the-api-to-set-up-universal-broker/using-the-api-to-set-up-a-github-connection.md index 178e634af9ba..9f39e8b44fd8 100644 --- a/platform-administration/enterprise-setup/snyk-broker/universal-broker/using-the-api-to-set-up-universal-broker/using-the-api-to-set-up-a-github-connection.md +++ b/platform-administration/enterprise-setup/snyk-broker/universal-broker/using-the-api-to-set-up-universal-broker/using-the-api-to-set-up-a-github-connection.md @@ -2,7 +2,7 @@ This page provides an example of using the API to set up a GitHub connection with the Universal Broker. Repeat connecting your Organization for as many integrations as needed. -Using the `snyk-broker-config` CLI tool is recommended for an easier experience. The API allows for automation and more control, and also requires a clear understanding of Broker deployments, credentials, connections, and integrations. +Snyk recommends using the `snyk-broker-config` CLI tool for an easier experience. The API allows for automation and more control, and also requires a clear understanding of Broker deployments, credentials, connections, and integrations. {% hint style="info" %} In any of the calls that follow, replace `api.snyk.io` with your regional equivalent if necessary, for example, `api.eu.snyk.io`. For a list of URLs, see [API URLs](https://app.gitbook.com/s/ELvljsaLKPkSpffOkmsQ/regional-hosting-and-data-residency#api-urls). @@ -121,7 +121,7 @@ Use the `CLIENT_ID` and `CLIENT_SECRET` values returned when you installed the B snyk/broker:universal -When the command is running, you should get the following message in the output: +When the command is running, you get the following message in the output:
{"name":"snyk-broker","hostname":"c918a4e1535a","pid":1,"level":30,"msg":"Found deployment 12345678-1234-1234-1234-123456789012. Waiting for connections. (polling)","time":"2024-06-18T20:15:20.572Z","v":0}
 
diff --git a/platform-administration/implementation-and-setup/enterprise-setup/service-accounts/README.md b/platform-administration/implementation-and-setup/enterprise-setup/service-accounts/README.md index 31c979335471..d0d733684de4 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/service-accounts/README.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/service-accounts/README.md @@ -7,7 +7,7 @@ Service accounts are available only for Enterprise plans. For more information, Free and Team plan users and Trial users have access to a Snyk user's token under their profile and can use this token to authenticate with a CI/CD, to run the CLI locally or on a build machine, and to authenticate with an IDE manually. {% endhint %} -Service accounts are a special type of system user. Creating a service account generates an API token that is the only token associated with the service account and takes the place of standard user credentials. Snyk needs authentication in order to initiate Snyk processes. +Service accounts are a special type of system user. Creating a service account generates an API token that is the only token associated with the service account and takes the place of standard user credentials. Snyk needs authentication to initiate Snyk processes. You can set up a service account to use for automation rather than using a Snyk user's token and to help manage integrations. @@ -48,7 +48,7 @@ Generate single or multiple tokens on the Group or Organization levels to manage ### Prerequisites to set up a service account {% hint style="info" %} -Group viewers are not able to create service accounts, regardless of their Org role. +Group viewers cannot create service accounts, regardless of their Org role. {% endhint %} To create a Group service account**,** you must be a Group admin. To create an Organization service account, you must be either a Group member and Org Admin, or a Group admin. @@ -84,7 +84,7 @@ From the **Role** dropdown list, select an appropriate role. For Group service accounts, choose from the following list of roles to configure the scope of the token; Snyk recommends selecting Viewer or Admin. -* **Group Viewer** enables read-only access. Note that to set an API token to be read-only and unable to write to the platform, you must use a service account and set it to Group Viewer. See [Snyk API token permissions users can control](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/snyk-api/authentication-for-api/snyk-api-token-permissions-users-can-control). +* **Group Viewer** enables read-only access. To set an API token to be read-only and unable to write to the platform, you must use a service account and set it to Group Viewer. See [Snyk API token permissions users can control](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/snyk-api/authentication-for-api/snyk-api-token-permissions-users-can-control). * **Group Admin** enables full administrator access. * **Group Member** associates a service account with a group but does not grant any specific access. @@ -93,14 +93,14 @@ For **Organization service accounts**, choose from the standard roles, **Org Adm ### Create the service account {% hint style="warning" %} -To align with security best practice, a service account token is only generated once. If you lose this token you will need to create a new service account and safely store that newly generated token. +To align with security best practice, a service account token is only generated once. If you lose this token, you must create a new service account and safely store that newly generated token. {% endhint %} Click **Create**. The token is generated and displayed. -Ensure that you copy this token, as you will not see it again. You can click **Close and Hide** once you have copied the token; whether you do or not, when you navigate away from this page, the token will no longer be visible. This is a standard security practice to keep your tokens safe. +Ensure that you copy this token, as you cannot see it again. You can click **Close and Hide** after you have copied the token. Whether you do or not, when you navigate away from this page, the token is no longer visible. This is a standard security practice to keep your tokens safe. #### How the token is associated with a Group and Organizations @@ -165,7 +165,7 @@ When you open a role that is assigned to a service account, the system displays
Warning that you are about to change a role assigned to a service account

Warning that you are about to change a role assigned to a service account

{% hint style="warning" %} -Snyk prevents users from creating Organization service accounts with a role that has more privileges than those the user creating the service account has. If you try to create a service account with a role that has more privileges than you have, you will see the error **Cannot create a service account with a higher privilege role than yours**. +Snyk prevents users from creating Organization service accounts with a role that has more privileges than those the user creating the service account has. If you try to create a service account with a role that has more privileges than you have, you see the error **Cannot create a service account with a higher privilege role than yours**. {% endhint %}
User cannot assign a more privileged role to a service account

User cannot assign a more privileged role to a service account

diff --git a/platform-administration/implementation-and-setup/enterprise-setup/service-accounts/choose-a-service-account-type-to-use-with-snyk-apis.md b/platform-administration/implementation-and-setup/enterprise-setup/service-accounts/choose-a-service-account-type-to-use-with-snyk-apis.md index 16a1046e145a..14f57ed4ae6c 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/service-accounts/choose-a-service-account-type-to-use-with-snyk-apis.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/service-accounts/choose-a-service-account-type-to-use-with-snyk-apis.md @@ -10,7 +10,7 @@ The permissions granted to a service account depend on the user role type it is #### Access tokens -Service accounts use Snyk [access tokens](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/snyk-api/authentication-for-api/personal-access-tokens-pats) to secure your workflow. You control when the service account is created and can se the expiry date. The maximum expiry for an access token service account is one year, and on expiration you must create a new service account to continue using this authentication method. +Service accounts use Snyk [access tokens](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/snyk-api/authentication-for-api/personal-access-tokens-pats) to secure your workflow. You control when the service account is created and can set the expiry date. The maximum expiry for an access token service account is one year, and on expiration you must create a new service account to continue using this authentication method. Use an [OAuth 2.0 service account](service-accounts-using-oauth-2.0.md) instead of an access token service account, to prevent downtime when a token expires if you are using automation, for example, CI/CD pipeline. @@ -24,4 +24,4 @@ For more details on implementing this type of service account, visit [Service ac #### API key (legacy) -The service account has a Snyk API key associated with it. API keys are quick to implement in a workflow and do not expire. Due to the risk of a token which does not expire, this option is not recommended. +The service account has a Snyk API key associated with it. API keys are quick to implement in a workflow and do not expire. Due to the risk of a token that does not expire, Snyk does not recommend this option. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/service-accounts/manage-service-accounts-using-the-snyk-api.md b/platform-administration/implementation-and-setup/enterprise-setup/service-accounts/manage-service-accounts-using-the-snyk-api.md index a5b5e2b36415..a43e8dbfcc01 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/service-accounts/manage-service-accounts-using-the-snyk-api.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/service-accounts/manage-service-accounts-using-the-snyk-api.md @@ -25,7 +25,7 @@ Specific permissions are required to perform all these tasks. For more informati `jwks_url` - A JWKs URL hosting your public keys used to verify signed JWT requests. This must be `https`. Required only when `auth_type` is `oauth_private_key_jwt`. -`access_token_ttl_seconds` - The time, in seconds, that a generated access token will be valid for. Defaults to one hour if unset. Required only when `auth_type` is `oauth_client_secret` or `oauth_private_key_jwt`. +`access_token_ttl_seconds` - The time, in seconds, that a generated access token is valid for. Defaults to one hour if unset. Required only when `auth_type` is `oauth_client_secret` or `oauth_private_key_jwt`. ## Manage Group-level service accounts @@ -75,7 +75,7 @@ This call permanently deletes the specified service account and revokes its cred **API endpoint:** [Manage a group service account’s client secret](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/snyk-api/reference/serviceaccounts#groups-group_id-service_accounts-serviceaccount_id-secrets) -This call allows you to manage the client secret for `oauth_client_secret` service accounts. You can perform the following operations: +This call lets you manage the client secret for `oauth_client_secret` service accounts. You can perform the following operations: * `create` - generate a new client secret. A service account can have a maximum of two active secrets at a time. * `delete` - delete an existing client secret. This requires putting `client_secret` in the request body. Deleting an existing client secret would render it invalid. A service account must have at least one active secret; calling delete with your last secret will fail. @@ -129,7 +129,7 @@ This call permanently deletes the specified service account. **API endpoint:** [Manage an organization's service account's client secret](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/snyk-api/reference/serviceaccounts#orgs-org_id-service_accounts-serviceaccount_id-secrets) -This call allows you to manage the client secret for `oauth_client_secret` service accounts. You can perform the following operations: +This call lets you manage the client secret for `oauth_client_secret` service accounts. You can perform the following operations: * `create` - generate a new client secret. A service account can have a maximum of two active secrets at a time. * `delete` - delete an existing client secret. This requires putting `client_secret` in the request body. Deleting an existing client secret would render it invalid. A service account must have at least one active secret; calling delete with your last secret will fail. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/service-accounts/service-accounts-using-oauth-2.0.md b/platform-administration/implementation-and-setup/enterprise-setup/service-accounts/service-accounts-using-oauth-2.0.md index 0be08176b11c..9d03472621b2 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/service-accounts/service-accounts-using-oauth-2.0.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/service-accounts/service-accounts-using-oauth-2.0.md @@ -5,7 +5,7 @@ Service accounts using OAuth 2.0 are available only with Enterprise plans through the Snyk API. For more information, see [Manage service accounts using the Snyk API](manage-service-accounts-using-the-snyk-api.md). {% endhint %} -You can create service accounts that authenticate with the [Auth 2.0 `client_credentials` grant flow](https://datatracker.ietf.org/doc/html/rfc6749#section-4.4). OAuth 2.0 access tokens are used the same way another Snyk token is used, but they have added security of a short time-to-live (TTL) and can be automatically refreshed. +You can create service accounts that authenticate with the [OAuth 2.0 `client_credentials` grant flow](https://datatracker.ietf.org/doc/html/rfc6749#section-4.4). OAuth 2.0 access tokens are used the same way another Snyk token is used, but they have added security of a short time-to-live (TTL) and can be automatically refreshed. ## OAuth 2.0 with client secret @@ -23,7 +23,7 @@ After the service account is created, you can retrieve an `access_token` through You can use an`access_token` the same way as you would use a Snyk API key, but with the `Authorization: bearer $access_token` header or the `SNYK_OAUTH_TOKEN` environment variable with the Snyk CLI. -The `access_token` has a short time-to-live and must be refreshed once it expires. There are many OAuth 2.0 libraries available that greatly simplify this process. +The `access_token` has a short time-to-live and must be refreshed after it expires. Many OAuth 2.0 libraries are available that greatly simplify this process. ### Authenticate with the Snyk CLI @@ -34,7 +34,7 @@ You can also use the `client_secret` and the `client_id` to authenticate with th In addition to creating and managing OAuth service accounts through the API, you can create OAuth-based service accounts through the Web UI. The steps follow. {% hint style="info" %} -Note: you cannot modify the lifetime of an OAuth service account through the UI, but you can perform this action through the API. +You cannot modify the lifetime of an OAuth service account through the UI, but you can perform this action through the API. {% endhint %} 1. In the Group settings section, select **Service Accounts**. @@ -45,10 +45,10 @@ Note: you cannot modify the lifetime of an OAuth service account through the UI, 3. Select the **OAuth 2.0 client credentials** radio button and click the **Create service account** button.

OAuth 2.0 client credentials

-4. A window opens, showing your **Client ID** and **Client secret**. Note these credentials and copy them, as you will not be able to retrieve them in the future. After you have copied the credentials to a safe location, click **Close window**. -5. Your service account will be listed in the service accounts in your Group. +4. A window opens, showing your **Client ID** and **Client secret**. Note these credentials and copy them, as you cannot retrieve them in the future. After you have copied the credentials to a safe location, click **Close window**. +5. Your service account is listed in the service accounts in your Group. -

Service account listed for your Gorup

+

Service account listed for your Group

## Delete an OAuth-based service account through the UI @@ -59,9 +59,9 @@ Note: you cannot modify the lifetime of an OAuth service account through the UI, 3. A window opens with the prompt **Are you sure you want to delete this service account?** To delete the service account, click the **Delete service account** button. -

Confirmation screen to keep service account or delete sevice account

+

Confirmation screen to keep service account or delete service account

-Your service account has been deleted. +Your service account is deleted. ## OAuth 2.0 with Private Key JWT @@ -92,10 +92,10 @@ The JWT should include the [claims](https://datatracker.ietf.org/doc/html/rfc751 ### Retrieve a Private Key JWT access token -After the service account is created and signed JWT is prepared, you can retrieve an `access_token` using the [Snyk OAuth 2.0 access token endpoint](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/snyk-api/oauth2-api#token). This access token can be used the same way as a Snyk API key would be used. The request body should include the following: +After the service account is created and signed JWT is prepared, you can retrieve an `access_token` using the [Snyk OAuth 2.0 access token endpoint](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/snyk-api/oauth2-api#token). You can use this access token the same way as a Snyk API key. The request body should include the following: * `grant_type: client_credentials` * `client_assertion_type: private_key_jwt` * `client_assertion:` `` -The `access_token` has a short time to live and must be refreshed once it expires. Many OAuth 2.0 libraries are available that will greatly simplify this process. +The `access_token` has a short time to live and must be refreshed after it expires. Many OAuth 2.0 libraries are available that greatly simplify this process. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/choose-a-provisioning-option.md b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/choose-a-provisioning-option.md index c5a181ee3208..15ab1f3804f0 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/choose-a-provisioning-option.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/choose-a-provisioning-option.md @@ -4,7 +4,7 @@ Contact your Snyk account team or Snyk Support to turn on custom mapping once you have completed the setup steps. {% endhint %} -Determine how new users in your company will get access to Snyk: +Determine how new users in your company get access to Snyk: * [Open to all](choose-a-provisioning-option.md#open-to-all) * [Invitation required](choose-a-provisioning-option.md#invitation-required) @@ -12,9 +12,9 @@ Determine how new users in your company will get access to Snyk: ## Open to all -With the Open option, all users have automatic access to Snyk by using SSO to log in. They will have access to all Organizations in your selected Group. Their accounts will all be provisioned with the same role, with two options: +With the Open option, all users have automatic access to Snyk by using SSO to log in. They have access to all Organizations in your selected Group. Snyk provisions all their accounts with the same role, with two options: -* The **Org** **administrator** role allows all new users to manage other Org admins and collaborators, view Group reports, and work with Organizations within the Group as well as perform non-administrative tasks in the Organization. +* The **Org** **administrator** role lets all new users manage other Org admins and collaborators, view Group reports, and work with Organizations in the Group as well as perform non-administrative tasks in the Organization. * The **Org** **collaborator** role can perform non-administrative tasks in the Organization. Let Snyk Support know whether new users will have the administrator role or the collaborator role for the Organization. The selected role applies for all users. For details, see [Pre-defined roles](../../../snyk-platform-administration/user-roles/pre-defined-roles.md). @@ -25,7 +25,7 @@ With the invitation required or Group Member option, admins can invite users or There are two ways to invite users to Organizations. Invite members (see [Manage users in Organizations](../../../snyk-platform-administration/groups-and-organizations/organizations/manage-users-in-organizations.md)) or automate the process using the Snyk [API Invite users endpoint](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/snyk-api/reference/organizations-v1#org-orgid-invite). -If users who have not been invited use SSO to log in, they will gain access to Snyk, but they will not see any Projects until an admin invites them or manually adds them to the applicable Organizations. You can provide a list of Organizations with the appropriate contact person so that new users can [request access](../../../snyk-platform-administration/groups-and-organizations/organizations/requests-for-access-to-an-organization.md). +If users who have not been invited use SSO to log in, they gain access to Snyk, but they do not see any Projects until an admin invites them or manually adds them to the applicable Organizations. You can provide a list of Organizations with the appropriate contact person so that new users can [request access](../../../snyk-platform-administration/groups-and-organizations/organizations/requests-for-access-to-an-organization.md). ## Custom mapping diff --git a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/configure-self-serve-single-sign-on-sso/README.md b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/configure-self-serve-single-sign-on-sso/README.md index 905a44b51981..139440e9aab7 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/configure-self-serve-single-sign-on-sso/README.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/configure-self-serve-single-sign-on-sso/README.md @@ -24,7 +24,7 @@ The process of establishing trust between your identity provider (IdP) and Snyk {% hint style="info" %} After SSO is configured both from Snyk and your company's network, a trust relationship is established with Snyk, Auth0 (on behalf of Snyk), and your network. Any sensitive data is encrypted and stored in Auth0 only for the purposes of enabling user logins. -Although not all the examples following this page cover verifying the Snyk signature, it is recommended that you improve the trust relationship and ensure integrity even further. Follow your respective IdP's documentation to add SP signature verification where possible. +Although not all the examples following this page cover verifying the Snyk signature, Snyk recommends that you improve the trust relationship and ensure integrity even further. Follow your respective IdP's documentation to add SP signature verification where possible. {% endhint %} ## **User login** @@ -42,7 +42,7 @@ Users are [provisioned ](../choose-a-provisioning-option.md)to Snyk when they lo ### **Configuring Snyk** -1. In Step 2 of the SSO settings page in the Snyk web UI, enter the details collected from the IdP by providing the sign in URL, sign out URL if available and desired, the IdP signing certificate and domains and subdomains that will be served over the SSO connection. +1. In Step 2 of the SSO settings page in the Snyk web UI, enter the details collected from the IdP by providing the sign in URL, sign out URL if available and desired, the IdP signing certificate and domains and subdomains that are served over the SSO connection. 2. In case the connection requires HTTP-Redirect protocol binding, change that option from the default HTTP-POST. 3. Finally, verify if an IdP-initiated workflow should be enabled and then select **Create Connection** or **Save changes** if you are modifying an existing connection**.** diff --git a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/configure-self-serve-single-sign-on-sso/azure-ad-enterprise-application-setup.md b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/configure-self-serve-single-sign-on-sso/azure-ad-enterprise-application-setup.md index f2d85f40c275..9462bce45fe9 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/configure-self-serve-single-sign-on-sso/azure-ad-enterprise-application-setup.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/configure-self-serve-single-sign-on-sso/azure-ad-enterprise-application-setup.md @@ -57,4 +57,4 @@ If you wish to add signature verification of the incoming Snyk request: 1. Download the **Signing certificate** at step 1 of the Snyk SSO settings. 2. Use the following openssl command to convert it to .cer-format `openssl x509 -outform DER -in snyk.pem -out snyk.cer` 3. At the bottom of the **SAML Certificates** settings of your SSO app in Active Directory, click **Edit** next to **Verification certificates.** -4. Check **Require verification certificates** and upload the certificate from the output of the above openssl command and click **Save**. +4. Check **Require verification certificates** and upload the certificate from the output of the preceding openssl command and click **Save**. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/configure-self-serve-single-sign-on-sso/google-workspace-setup.md b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/configure-self-serve-single-sign-on-sso/google-workspace-setup.md index 7dbad7bd4643..6bb1bc74a9d5 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/configure-self-serve-single-sign-on-sso/google-workspace-setup.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/configure-self-serve-single-sign-on-sso/google-workspace-setup.md @@ -1,6 +1,6 @@ # Google Workspace setup -This example shows setting up an Google Workspace SAML application and connecting it to Snyk to facilitate SSO. +This example shows setting up a Google Workspace SAML application and connecting it to Snyk to facilitate SSO. For details in addition to the information provided on this page, see [Set up your own custom SAML app](https://support.google.com/a/answer/6087519). @@ -18,11 +18,11 @@ Start by logging into the Google Workspace [admin area](https://admin.google.com 4. Download the certificate and open it in your preferred text editor.
Download signing certificate

Download signing certificate

-5. Navigate to the Snyk portal, login and from the drop down at the top left select **GROUP OVERVIEW** and then the cog wheel (top right corner) to get to your group settings. +5. Navigate to the Snyk portal, log in, and from the dropdown at the top left select **GROUP OVERVIEW** and then the cog wheel (top right corner) to get to your group settings.
Open group view in Snyk

Open group view in Snyk

6. Click on **SSO**, scroll down to step 2, and paste the Google SSO URL from step 4 into **Sign in URL** and the certificate in your text editor into **X509 signing certificate**.\ - Add the domain name(s) you are configuring this connection for in **Email domains and subdomains that need SSO access**.\ + Add the domain names you are configuring this connection for in **Email domains and subdomains that need SSO access**.\ Verify if an **IdP-initiated workflow** should be enabled and then save your modifications
Enter details from Google Workspace

Enter details from Google Workspace

diff --git a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/configure-self-serve-single-sign-on-sso/okta-saml-application-setup.md b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/configure-self-serve-single-sign-on-sso/okta-saml-application-setup.md index 3acf4ff098eb..a6f26b0a84a7 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/configure-self-serve-single-sign-on-sso/okta-saml-application-setup.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/configure-self-serve-single-sign-on-sso/okta-saml-application-setup.md @@ -2,7 +2,7 @@ This example shows setting up an Okta SAML application and connecting this to Snyk to facilitate SSO. To configure your Okta to use SSO with Snyk, you need an entity ID and a reply URL (Assertion Consumer Service URL) from Snyk. -1. From the drop-down at the top left select **GROUP OVERVIEW** and then the cog wheel (top right corner) to get to your group settings. +1. From the dropdown at the top left select **GROUP OVERVIEW** and then the cog wheel (top right corner) to get to your group settings.
Select group overview

Select group overview

2. Click on **SSO** and copy the values under **Entity ID** and **ACS URL** or leave the browser tab open for easy access. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/configure-self-serve-single-sign-on-sso/onelogin-saml-application-setup.md b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/configure-self-serve-single-sign-on-sso/onelogin-saml-application-setup.md index 1a60894b2c9a..09718effc6d0 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/configure-self-serve-single-sign-on-sso/onelogin-saml-application-setup.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/configure-self-serve-single-sign-on-sso/onelogin-saml-application-setup.md @@ -1,4 +1,4 @@ -# OneLogin SAML Application setup +# OneLogin SAML application setup This example shows setting up a SAML application in OneLogin and connecting this to Snyk to facilitate SSO. To configure your OneLogin to use SSO with Snyk, start by obtaining an entity ID and a reply URL (Assertion Consumer Service URL) from Snyk. @@ -14,7 +14,7 @@ This example shows setting up a SAML application in OneLogin and connecting this 4\. Filter by “saml” and select the **SAML Custom Connector (Advanced)** app. -
Select SAML Cusotm Connector (Advanced) app

Select SAML Cusotm Connector (Advanced) app

+
Select SAML Custom Connector (Advanced) app

Select SAML Cusotm Connector (Advanced) app

5\. Enter a **Display Name** for the app, for example, Snyk. Optionally, pick an icon. You can find the Snyk logo on Snyk’s [press kit](https://snyk.io/press-kit/) page. @@ -34,7 +34,7 @@ For the **Field name**, use **email**. Make sure the checkbox **Include in SAML On the next screen, select **Email** in the **Value** dropdown list. **Save**. -
Select Email form the value dropdown

Select Email form the value dropdown

+
Select Email from the value dropdown

Select Email form the value dropdown

Repeat the same steps for the **name** attribute. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/configure-self-serve-single-sign-on-sso/ping-identity-setup.md b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/configure-self-serve-single-sign-on-sso/ping-identity-setup.md index e390fa7d319b..94c4e55c9c8f 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/configure-self-serve-single-sign-on-sso/ping-identity-setup.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/configure-self-serve-single-sign-on-sso/ping-identity-setup.md @@ -25,7 +25,7 @@ Before configuring your Ping Identity Application to use SSO with Snyk, obtain a 7. Scroll further down and copy the **Single Signon Service** details.
Copy the Single Signon Service details

Copy the Single Signon Service details

-8. Return to the the Snyk portal and paste the single sign-in URL copied at step 2 into the **Sign in URL** field. \\ +8. Return to the Snyk portal and paste the single sign-in URL copied at step 2 into the **Sign in URL** field. \\
Paste Sign in URL

Paste Sign in URL

9. Open the downloaded certificate in your preferred text editor, copy the text and paste it into the Snyk **X509 signing certificate** field, and add the relevant domains that are supported by this SSO connection.\ @@ -34,7 +34,7 @@ Before configuring your Ping Identity Application to use SSO with Snyk, obtain a
Enter the Ping Identity details

Enter the Ping Identity details

10. In Ping Identity, select **Attribute mappings** and click the pencil to edit. -
Edit attribue mappings

Edit attribue mappings

+
Edit attribute mappings

Edit attribue mappings

11. Click the cog icon and add the following attributes: **email**: Email Address\ diff --git a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/README.md b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/README.md index 33faa12676ce..81fb2cc55995 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/README.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/README.md @@ -1,6 +1,6 @@ # Custom mapping -Custom mapping allows you to dynamically assign users to your Snyk Groups and Organizations based on data provided by your Identity Provider (IdP), in order to implement a scaled user provisioning and access model. +Custom mapping lets you dynamically assign users to your Snyk Groups and Organizations based on data provided by your Identity Provider (IdP), to implement a scaled user provisioning and access model. {% hint style="warning" %} Contact your Snyk account team or Snyk Support to turn on custom mapping once you have completed the setup steps. @@ -38,8 +38,8 @@ Role assertions should be provided to Snyk in the following format: Where: * `snyk` is a fixed prefix for role mapping. **Required**. -* `scope` can be one of `org`, `group`, or `tenant`. **Required**; if a role mapping does not contain a valid scope, it will be ignored. -* `target` can be a slug of an `org`, `group`, or `tenant` where the role will be granted. See [slugs](./#slugs) for more information. +* `scope` can be one of `org`, `group`, or `tenant`. **Required**; if a role mapping does not contain a valid scope, Snyk ignores it. +* `target` can be a slug of an `org`, `group`, or `tenant` where the role is granted. See [slugs](./#slugs) for more information. * **Optional**; may be an asterisk `*` or empty string `::`to apply as a [wildcard](./#wildcards) for all resources within the defined `scope` that are associated with the SSO connection. * **Optional**; an asterisk ( `*`) or an empty string can be used to apply to all resources **t**hat are associated with the SSO connection. * `role` is the normalized name of the required role. **Required**; if no role is present, the role mapping is ignored. See [Role normalized name](./#role-normalized-name) to find this information. @@ -54,20 +54,20 @@ Users must only have one role mapped per Organization, Group or Tenant. Mapping All users with any memberships within a Tenant must have a Tenant membership. If a user has a membership of an Organization, they must also have a Group Membership. -If only an Organization-level role assertion is provided for a given user, for example, then the user will automatically be assigned the **Tenant Member** and **Group Member** roles. These automatic assignments can be overridden by providing role assertions at the Group or Tenant level. +If only an Organization-level role assertion is provided for a given user, for example, then Snyk automatically assigns the user the **Tenant Member** and **Group Member** roles. You can override these automatic assignments by providing role assertions at the Group or Tenant level. Snyk recommends providing explicit Tenant level and Group level role assertions where needed, to ensure that users have the correct role on login. {% hint style="info" %} -An SSO connection may only be associated with one Tenant, and all users with any memberships within a tenant must also have a Tenant Membership. +An SSO connection can only be associated with one Tenant, and all users with any memberships in a tenant must also have a Tenant Membership. -Therefore, it may be easier to assign Tenant-level roles by using the wildcard syntax (see example below), since the SSO is only linked to the one Tenant. +Therefore, it may be easier to assign Tenant-level roles by using the wildcard syntax, since the SSO is only linked to the one Tenant. {% endhint %} ### Example role assertions -* `snyk:group:*:group_admin` Assigns the user the Group admin role for all groups associated with the SSO connection. -* `snyk:group::custom:sysadmin` Assigns the user the custom Group-level role `Sys Admin` for all groups associated with the SSO connection. +* `snyk:group:*:group_admin` Assigns the user the Group admin role for all Groups associated with the SSO connection. +* `snyk:group::custom:sysadmin` Assigns the user the custom Group-level role `Sys Admin` for all Groups associated with the SSO connection. * Note that `::` here indicates an empty string for the target, and so is treated as a wildcard in the preceding example. * Note that this Group-level custom role must be created manually before it can be assigned. * `snyk:org:my-default-org:org_admin` Assigns the user the **Organization Admin** Organization-level role for the Organization `my-default-org`. @@ -97,9 +97,9 @@ snyk:org:test-org-N58YhztauHcaMiNfvi5fbL:custom:developer_readonly" ``` {% endhint %} -These assertions will assign the user: +These assertions assign the user: -* The pre-defined Group-level role **Group Viewer** for all groups in the SSO. See [pre-defined roles](../../../../snyk-platform-administration/user-roles/pre-defined-roles.md) for the permission this grants +* The pre-defined Group-level role **Group Viewer** for all Groups in the SSO. See [pre-defined roles](../../../../snyk-platform-administration/user-roles/pre-defined-roles.md) for the permission this grants * The pre-defined Organization-level role **Organization Admin** for the Organization with the name **Development**. * The custom Organization-level role **Developer ReadOnly** for the Organization with the name **Test Org**, which has the slug `test-org-N58YhztauHcaMiNfvi5fbL`. @@ -116,11 +116,11 @@ roles: [ ] ``` -These role assertions will: +These role assertions: * Grant the user the pre-defined Organization-level role **Organization Admin** in the **Development** Organization. -* Grant the user the custom Organization-level role **Developer ReadOnly** on all other organizations within the SSO connection. -* Grant the user the pre-defined Group-level role **Group Member** on all groups in the SSO connection. For more details, see the note that follows. +* Grant the user the custom Organization-level role **Developer ReadOnly** on all other Organizations in the SSO connection. +* Grant the user the pre-defined Group-level role **Group Member** on all Groups in the SSO connection. For more details, see the note that follows. {% hint style="info" %} Any user that is granted a role in an Organization within the SSO without an explicit Group-level role in the role assertion, will also be implicitly assigned the **Group Member** Group-level role for that Group. This is the pre-defined Group-level role with the fewest permissions and ensures that the user becomes a member of the Group. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/README.md b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/README.md index 0ae43b6c72bf..8433fd68a5de 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/README.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/README.md @@ -1,6 +1,6 @@ # Examples: setting up custom mapping for IdPs -The following examples of how to set up a custom mapping for various identify providers are available here: +The following examples show how to set up a custom mapping for various identity providers: * [Example: Setting up custom mapping for Okta](example-setting-up-custom-mapping-for-okta.md) * [Example: Setting up custom mapping for Entra ID](example-setting-up-custom-mapping-for-entra-id.md) diff --git a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-an-okta-oidc-app.md b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-an-okta-oidc-app.md index 4f5372214434..f4aa5a27001e 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-an-okta-oidc-app.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-an-okta-oidc-app.md @@ -1,6 +1,6 @@ # Example: setting up custom mapping for an Okta OIDC app -Follow these steps configure an integration for OIDC Okta. +Follow these steps to configure an integration for OIDC Okta. ## Create an Okta OIDC app @@ -15,11 +15,11 @@ Follow these steps configure an integration for OIDC Okta. * If you are not using the Implicit Grant type, the client secret 4. Also, share with Snyk the Issuer URL/domain. This is typically the URL you find in your browser address bar without "-admin", for example, https://customer.example.okta.com. It can also be found under the **Sign-On** tab of your application by editing the **OpenID Connect ID Token** from **Dynamic** Issuer to **Okta URL**. -If you wish to set up custom mapping, move on to the next section of this guide. +To set up custom mapping, continue to the next section. ## Add custom mapping -[Custom mapping](../) for an OIDC application in Okta is easily managed through custom attributes on the Group level. +Manage [custom mapping](../) for an OIDC application in Okta through custom attributes at the Group level. ### Create a custom app user attribute to contain both the Snyk Organization name and role @@ -38,10 +38,10 @@ If you wish to set up custom mapping, move on to the next section of this guide. ### Assign the attribute to the relevant Okta groups 1. On the main page of Okta select **Directory** > **Groups**. -2. Select a **Group**, navigate to the **Applications** tab, click **Assign** **application** if not already assigned, and choose your Snyk OIDC app,. Then click on the pencil next to the displayed Snyk OIDC app. +2. Select a **Group**, navigate to the **Applications** tab, click **Assign** **application** if not already assigned, and choose your Snyk OIDC app. Then click the pencil next to the displayed Snyk OIDC app.
Group selected for modicification

Group selected for modicification

-3. In the **Edit App Assignment** dialog, add the Snyk org name + role associated with your Okta group (no spaces or capital letter(s)), following the syntax explained in [custom mapping](../) (or [legacy custom mapping](../legacy-custom-mapping.md) if using the legacy mapping option). Example, `snyk:org:*:org_admin`.\\ +3. In the **Edit App Assignment** dialog, add the Snyk org name + role associated with your Okta group (no spaces or capital letters), following the syntax explained in [custom mapping](../) (or [legacy custom mapping](../legacy-custom-mapping.md) if using the legacy mapping option). Example, `snyk:org:*:org_admin`.\\
Adding Snyk roles

Adding Snyk roles

4. Repeat the preceding steps for all your applicable Okta groups to assign the org name and role combination to each user within each configured group. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-entra-id.md b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-entra-id.md index f359cee9f228..38c5bf5a655e 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-entra-id.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-entra-id.md @@ -1,6 +1,6 @@ # Example: setting up custom mapping for Entra ID -The following information shows how to configure the custom mapping of roles for Entra ID (formerly Azure AD). +This page shows how to configure the custom mapping of roles for Entra ID (formerly Azure AD). {% hint style="info" %} See the [Entra ID Enterprise Application example](../../configure-self-serve-single-sign-on-sso/azure-ad-enterprise-application-setup.md) for guidance setting up the initial Enterprise application. @@ -14,7 +14,7 @@ The following are the prerequisites for configuring app roles: * If you select SAML, there is a requirement to add a custom claim; the step to do that is in these instructions. * You must have an existing Azure Enterprise application and app registration connected to that SSO configuration. -The **steps** in **configuring App role**s follow. +To configure app roles, follow these steps. 1. In your App registration menu, select the name of your Enterprise Application. @@ -39,9 +39,9 @@ The **steps** in **configuring App role**s follow. 6. Select **Users and groups**; from the dropdown, select a role and select **Assign**.\\
Add assignment

Add assignment

-7. Repeat for all required groups and roles that should be assigned. Then verify that the list looks similar to this.\\ +7. Repeat for all required groups and roles. Then verify that the list looks similar to this.\\ - Note that it is also possible to add multiple Snyk roles to one App role, as the payload can be interpreted as a comma-separated string. However, this can not be used in conjunction with multiple App roles, as only one syntax will be respected (string or array). + You can also add multiple Snyk roles to one App role, as the payload can be interpreted as a comma-separated string. However, you cannot use this with multiple App roles, as Snyk respects only one syntax (string or array).
Users and group list

Users and group list

8. If you have configured a SAML connection, add a custom claim to pass the roles array in the SAML payload to Snyk. Select **Single sign-on** in the left-hand menu. @@ -59,4 +59,4 @@ Ensure you add the claim correctly. If you do not add it or you do it incorrectl
Custom claim

Custom claim

-When you have completed these steps, reach out to your Snyk point of contact to have the configuration completed. +After you complete these steps, contact your Snyk point of contact to complete the configuration. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-google-workspace.md b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-google-workspace.md index 01f6215bbe51..f0b0fa782327 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-google-workspace.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-google-workspace.md @@ -1,10 +1,10 @@ # Example: setting up custom mapping for Google Workspace -The following shows how to use [custom mapping](../) to map roles for a Google Workspace custom SAML connection. +This page shows how to use [custom mapping](../) to map roles for a Google Workspace custom SAML connection. For additional details and guidance, see the [Google documentation, Manage Custom User Fields](https://developers.google.com/admin-sdk/directory/v1/guides/manage-schemas). -To use the API, either log in to your Google Workspace admin area and from there execute the commands that follow , or for flexibility and automation, use the API with your preferred API client or script. To generate API credentials, refer to the Google documentation, [Create access credentials](https://developers.google.com/workspace/guides/create-credentials). +To use the API, either log in to your Google Workspace admin area and run the commands that follow, or, for flexibility and automation, use the API with your preferred API client or script. To generate API credentials, refer to the Google documentation, [Create access credentials](https://developers.google.com/workspace/guides/create-credentials). ## Add a user schema @@ -54,10 +54,11 @@ To expose these roles in the SAML payload, you must modify the attributes in the 1. Log in to your Google Workspace Admin area and go to **Apps** and then **Web and mobile apps** and open your application.
Open Google SAML app

Open Google SAML app

-2. Click on **SAML attribute mapping** and then **ADD MAPPING**. +2. Click **SAML attribute mapping** and then **ADD MAPPING**. 3. Click **Select field** and scroll to the bottom until you find **Snyk-SSO - roles** and select it. 4. In the **App attributes** value field, enter **roles** and click **Save**.
Adding custom mapping app attribute

Adding custom mapping app attribute

After this, log in as a user and have your Snyk contact validate the SAML payload and finalize the setup in the Snyk backend. + diff --git a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-okta.md b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-okta.md index dac9d1ab8c63..17bd14285eb5 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-okta.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-okta.md @@ -1,12 +1,12 @@ # Example: setting up custom mapping for Okta -The following shows two different options for custom mapping of Okta roles, using [Legacy custom mapping](../legacy-custom-mapping.md). +This page shows two different options for custom mapping of Okta roles, using [legacy custom mapping](../legacy-custom-mapping.md). {% hint style="info" %} For both of these options to work, the Snyk SSO application must be assigned at the group level, not the user level. {% endhint %} -## Option 1: Assign Custom Mapping with Groups +## Option 1: Assign custom mapping with Groups In this configuration: @@ -38,13 +38,13 @@ When you look at a user's Application assignment it should look similar to the i ### Assign the attribute to the relevant Okta groups 1. On the main page of Okta select **Directory** > **Groups**. -2. Select a **Group**, navigate to the **Applications** tab, click **Assign** **application** if not already assigned, and choose your Snyk SSO app,. Then click on the pencil next to the displayed Snyk SSO app. -3. In the **Edit App Assignment** dialog, add the Snyk Organization slug, and the Organization role name associated with your Okta group (no spaces or capital letters), following the syntax explained in [custom mapping ](../)(or see [legacy custom mapping](../legacy-custom-mapping.md) if you are using that option). +2. Select a **Group**, navigate to the **Applications** tab, click **Assign** **application** if not already assigned, and choose your Snyk SSO app. Then click the pencil next to the displayed Snyk SSO app. +3. In the **Edit App Assignment** dialog, add the Snyk Organization slug and the Organization role name associated with your Okta group (no spaces or capital letters), following the syntax explained in [custom mapping ](../)(or see [legacy custom mapping](../legacy-custom-mapping.md) if you are using that option). 4. Repeat the preceding steps for all your applicable Okta groups to assign the org name and role combination to each user within each configured group. ### Construct a value expression that creates a roles array to be sent to Snyk -1. Navigate to **Applications** > **Applications** and click on the **Snyk app** you configured. +1. Navigate to **Applications** > **Applications** and click the **Snyk app** you configured. 2. Select **General Tab** > **Edit SAML Settings** and click **next** to go to the **Configure SAML** step. 3. Add an **Attribute Statement** named “roles” of an unspecified type. 4. Select **Attribute Statements** and set **roles** as the **Name** field with **Name format** **Unspecified** and the **Value** in the following expression: @@ -53,16 +53,16 @@ When you look at a user's Application assignment it should look similar to the i 5. Reach out to your Snyk point of contact so they can complete the configuration. {% hint style="info" %} -If your Snyk representative lets you know that `Arrays.flatten(appuser.snyk_orgs)` is sent to Snyk, instead of the actual roles value(s), you must verify that the App is assigned at the Group level and not the user level. If both user and Group have been assigned, the individual assignment will take precedence, and the roles assignment will not work. Remove the individual assignment if this is the case. +If your Snyk representative lets you know that `Arrays.flatten(appuser.snyk_orgs)` is sent to Snyk, instead of the actual roles values, you must verify that the App is assigned at the Group level and not the user level. If both user and Group are assigned, the individual assignment takes precedence, and the roles assignment does not work. Remove the individual assignment if this is the case. {% endhint %} ## Option 2: Assign custom mapping with user roles -The following describes Custom Mapping with user roles. +The following describes custom mapping with user roles. {% hint style="warning" %} -These instructions show how to map roles using the [legacy custom mapping](../legacy-custom-mapping.md) option. To use Custom mapping, [option 1](example-setting-up-custom-mapping-for-okta.md#option-1-assign-custom-mapping-with-groups) is recommended.\ -Reach out to your Snyk point of contact if you have any questions +These instructions show how to map roles using the [legacy custom mapping](../legacy-custom-mapping.md) option. To use custom mapping, [option 1](example-setting-up-custom-mapping-for-okta.md#option-1-assign-custom-mapping-with-groups) is recommended.\ +Reach out to your Snyk point of contact if you have any questions. {% endhint %} * Okta groups are mapped to Snyk Organizations. @@ -87,7 +87,7 @@ When your Snyk Groups and users have been set up, follow these steps: **Display name**: Snyk Orgs\ **Variable name**: snyk\_orgs\ **Group Priority**: Combine values across groups -4. select **Save and Add Another**. +4. Select **Save and Add Another**. ### Create a second app attribute that contains roles @@ -106,24 +106,24 @@ When your Snyk Groups and users have been set up, follow these steps: ### Assign the first attribute to your Okta groups 1. On the main page of Okta select **Directory > Groups**. -2. Select a **Group**, navigate to the **Applications** tab, click **Assign** **application i**f not already assigned, and choose your Snyk SSO app. Then click on the pencil next to the displayed Snyk app. -3. In **Edit App Assignment** dialog, add the Snyk Organization name to associate with your Okta group (no spaces or capital letter(s)). +2. Select a **Group**, navigate to the **Applications** tab, click **Assign** **application** if not already assigned, and choose your Snyk SSO app. Then click the pencil next to the displayed Snyk app. +3. In **Edit App Assignment** dialog, add the Snyk Organization name to associate with your Okta group (no spaces or capital letters). 4. Repeat the preceding steps to assign the Snyk app to all your applicable Okta groups, modifying the Snyk Organization name as needed. ### Assign the second attribute to your users 1. On the main page of Okta select **Directory** > **People.** -2. Select a **User,** navigate to the **Applications** tab, and click on the pencil next to the application. +2. Select a **User,** navigate to the **Applications** tab, and click the pencil next to the application. 3. Select the right user type in group (user role): **Collaborator**, **Admin**, or **Group Admin**. ### Construct a value expression that concatenates these two attributes into string values in a roles array to be sent to Snyk -1. Navigate to **Applications** > **Applications** and click on the **Snyk app** you configured. +1. Navigate to **Applications** > **Applications** and click the **Snyk app** you configured. 2. Select **General Tab** > **SAML Settings** > **Edit** and click **next** to go to the Configure SAML step. 3. Select **Attribute Statements** and add an attribute named **roles** with **Name format** **Unspecified** and the **Value** in the following expression:\ `appuser.user_role == "groupadmin" ? "snyk-groupadmin" : Arrays.flatten(String.replace(String.replace(String.append("snyk-",String.append(Arrays.toCsvString(appuser.snyk_orgs),"-"+appuser.user_role)),",",",snyk-"),",","-"+appuser.user_role+","))` 4. Click **Next** > **Finish.** -5. Reach out to your Snyk point of contact so they can complete the configuration. This process may take four to five days. +5. Reach out to your Snyk point of contact so they can complete the configuration. This process can take four to five days. The following explains the roles expression: diff --git a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-onelogin.md b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-onelogin.md index 282eead8339b..91022978432f 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-onelogin.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-onelogin.md @@ -4,14 +4,14 @@ This example shows how to configure user roles after you have [configured OneLog OneLogin has the concept of groups and roles. However, OneLogin does not support the assignment of multiple groups to a user. -Therefore, roles will be assigned to users directly instead of indirectly through groups. +Therefore, assign roles to users directly instead of indirectly through groups. -1. In OneLogin, go to the **Users** and then to the **Roles** section and create the roles following the naming convention outlined for [custom mapping](../). Each role should have the Snyk SAML app enabled as the role app.\ +1. In OneLogin, navigate to **Users** and then to the **Roles** section and create the roles following the naming convention outlined for [custom mapping](../). Each role must have the Snyk SAML app enabled as the role app.\ Assign the users to their roles as needed.
OneLogin Roles section

OneLogin Roles section

-2. To transfer the user roles in the SAML assertion to Snyk, go to **Applications**, select the Snyk SAML app, and select the **Parameters** section on the left.\\ +2. To transfer the user roles in the SAML assertion to Snyk, navigate to **Applications**, select the Snyk SAML app, and select the **Parameters** section.\\
OneLogin Applications Parameters

OneLogin Applications Parameters

diff --git a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-ping-identity.md b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-ping-identity.md index cb9d2ac85c0d..66dbdcca2bf3 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-ping-identity.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-ping-identity.md @@ -1,6 +1,6 @@ # Example: setting up custom mapping for Ping Identity -This page explains how to configure the custom mapping of roles for Ping Identity using [Legacy custom mapping](../legacy-custom-mapping.md). +This page explains how to configure the custom mapping of roles for Ping Identity using [legacy custom mapping](../legacy-custom-mapping.md). {% hint style="info" %} This guide assumes your Ping Identity application is configured and functional. @@ -13,12 +13,12 @@ Any step on the Snyk side in setting up the Enterprise application must be perfo 1. In your application configuration, select **Attribute mappings** and click the pencil to edit the attributes.
Edit mapping attributes

Edit mapping attributes

-2. Select **+Add** and enter the following attribute, then save the change,\ +2. Select **+Add**, enter the following attribute, then save the change.\ **roles**: `Group Names`\\
Add roles array

Add roles array

-3. In the left menu, select **Identities/Groups** and add the Snyk Groups needed following the syntax explained on the [Cusom Mapping Option](../) page. +3. In the menu, select **Identities/Groups** and add the Snyk Groups needed following the syntax explained on the [custom mapping option](../) page.
Adding an example Group

Adding an example Group

-4. If you so not select a **Population** at the bottom of the previous screen, ensure that you assign the Group to the user(s) who should be part of the role assignment in Snyk. If you select a **Population**, all users in that population will inherit the permissions of the assigned Snyk role. +4. If you do not select a **Population** on the previous screen, ensure that you assign the Group to the users who should be part of the role assignment in Snyk. If you select a **Population**, all users in that population inherit the permissions of the assigned Snyk role. 5. To finalize the process, reach out to your Snyk contact to validate that the SAML payload contains the role array and to enable the custom mapping feature. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/legacy-custom-mapping.md b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/legacy-custom-mapping.md index 56c030780ec2..d21e341e16dc 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/legacy-custom-mapping.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/legacy-custom-mapping.md @@ -5,7 +5,7 @@ To configure this option, send the `roles` array within the SAML attributes or O snyk-groupadmin * This role mapping assigns users with the Group Admin role. -* **groupadmin** configures all users with this role as a Group Admin all Group(s) that the user is assigned to, which grants Organization Admin permissions to all Organizations that fall under the Group(s). +* **groupadmin** configures all users with this role as a Group Admin in all Groups that the user is assigned to, which grants Organization Admin permissions to all Organizations that fall under the Groups. snyk-groupviewer @@ -13,8 +13,8 @@ snyk-groupviewer snyk-{groupID} -* This role mapping assigns users with the Org Collaborator roles for all Organizations underneath the specified Group(s). -* **groupID** is the ID string for a group in Snyk. This can be found in the snyk URL at the Group level: `https://app.snyk.io/group/` or **Group dropdown -> Settings -> General -> Group ID**. +* This role mapping assigns users with the Org Collaborator roles for all Organizations underneath the specified Groups. +* **groupID** is the ID string for a Group in Snyk. You can find it in the Snyk URL at the Group level: `https://app.snyk.io/group/` or **Group dropdown -> Settings -> General -> Group ID**. snyk-{orgslug}-{role} @@ -34,12 +34,12 @@ Users must only have one role mapped per Organization. Mapping multiple roles fo ### Tenant-level role assertions {% hint style="info" %} -With the introduction of Tenants, Snyk has added new possible role assertions at a Tenant level, enabling customers to assign Tenant-level roles. +With the introduction of Tenants, Snyk has added new possible role assertions at a Tenant level, letting customers assign Tenant-level roles. {% endhint %} The following role mappings assign users a tenant role. -Only one Tenant-Level assertion may be provided for each user. If no Tenant-level assertion is provided, the user will be granted the **Tenant Member** role if they do not already have a Tenant-level membership. +You can provide only one Tenant-level assertion for each user. If you provide no Tenant-level assertion, the user receives the **Tenant Member** role if they do not already have a Tenant-level membership. snyk-tenantadmin @@ -132,7 +132,7 @@ The following example shows how to assign roles to Snyk users under the mapping * The Business Development team needs access to the ABC group and only the Partner-Plugins Organization as Org Admin. * Engineering needs access to the ABC Group, the Application-SecurityScanner1 Organization as Org Admin, Partner-Plugins Organization as Org Admin, and Application-Payments as Org Collaborator. * Security needs access to the ABC group as Group Admin and all three organizations as Org Admin. - * The Product team needs access to the ABC group and all three organizations as Org Collaborator, + * The Product team needs access to the ABC group and all three organizations as Org Collaborator. For the Business Development Team, Snyk uses the snyk-{orgslug}-{role} mapping: @@ -166,7 +166,7 @@ For the Security Team, Snyk uses the snyk-groupadmin mapping: } ``` -For the Product Team, Snyk uses the snyk-{groupID} mapping, where the value of groupID must be inserted; +For the Product Team, Snyk uses the snyk-{groupID} mapping, where you must insert the value of groupID: ``` { diff --git a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/identity-provider-idp-migration.md b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/identity-provider-idp-migration.md index f181c240fb40..c00d0ce7efe2 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/identity-provider-idp-migration.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/identity-provider-idp-migration.md @@ -10,4 +10,4 @@ To migrate identity providers: To prevent new users from being created within Snyk, you must maintain your SAML protocol and use both the same Entity ID and ACS URL. If you are changing SAML protocols, [contact Snyk Support](https://support.snyk.io). -After you have done this, the Support team will contact you and confirm the updated metadata has granted access through the new IdP. +After you have done this, the Support team contacts you and confirms the updated metadata has granted access through the new IdP. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/set-up-snyk-single-sign-on-sso.md b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/set-up-snyk-single-sign-on-sso.md index acfc13c7b949..fc18a3b418cf 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/set-up-snyk-single-sign-on-sso.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/set-up-snyk-single-sign-on-sso.md @@ -1,10 +1,10 @@ # Set up Snyk Single Sign-On (SSO) -Set up Single Sign-On (SSO) to allow your developers and teams easy access to Snyk through your existing SSO provider. +Set up Single Sign-On (SSO) to give your developers and teams access to Snyk through your existing SSO provider. The information you need to establish trust between Snyk and the identity provider depends on which type of SSO you are using. -Ensure you have at least one Group and Organization to indicate where new users will be assigned. For details, see [Manage Groups and Organizations](../../../snyk-platform-administration/groups-and-organizations/). +Ensure you have at least one Group and Organization to indicate where Snyk assigns new users. For details, see [Manage Groups and Organizations](../../../snyk-platform-administration/groups-and-organizations/). {% hint style="info" %} After you gather the needed information identified in the following sections, create a support ticket to request SSO setup. @@ -22,7 +22,7 @@ The process of establishing trust between your identity provider (IdP) and Snyk * Use the link provided by Snyk to generate a payload. * After Snyk finalizes the connection, confirm the login process is working correctly. -Users are provisioned to Snyk when they log in. If an invitation is required, users may only see a list of your Organizations until the admin adds them to the appropriate Organizations. +Snyk provisions users when they log in. If an invitation is required, users see only a list of your Organizations until the admin adds them to the appropriate Organizations. After SSO is configured both from Snyk and your company's network, a trust relationship is established with Snyk, Auth0 (on behalf of Snyk), and your network. Any sensitive data is encrypted and stored in Auth0 only for the purposes of enabling user logins. @@ -172,7 +172,7 @@ To complete your login: ## Resources for SSO setup -These worksheets include the information to enter in your Identity provider and the information you need to collect before submitting a ticket to Snyk Support to request single sign-on. Please make sure you replace any Snyk URL with the correct regional environment per the tables above. +These worksheets include the information to enter in your Identity provider and the information you need to collect before submitting a ticket to Snyk Support to request single sign-on. Ensure you replace any Snyk URL with the correct regional environment per the preceding tables. {% file src="../../../.gitbook/assets/SSO Azure Worksheet (3).pdf" %} diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/README.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/README.md index 196ee3c655a3..4b342b84ceb7 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/README.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/README.md @@ -6,7 +6,7 @@ Snyk Broker is available only for Enterprise plans. For more information, see [plans and pricing](https://snyk.io/plans/). {% endhint %} -Snyk Broker is an open-source tool that acts as a proxy between Snyk and source integrations, allowing for access by [snyk.io](http://snyk.io/) to scan your code and return results to you. The Broker allows Snyk to connect to remote resources in private repositories, leaving credentials inside the customer's network. +Snyk Broker is an open-source tool that acts as a proxy between Snyk and source integrations, letting [snyk.io](http://snyk.io/) access and scan your code and return results to you. The Broker lets Snyk connect to remote resources in private repositories, leaving credentials inside the customer's network. The diagram that follows illustrates the basic components. @@ -14,17 +14,17 @@ The diagram that follows illustrates the basic components. ## How Snyk Broker works -Snyk Broker includes a Server and a Client, the basic components that are the same across all integrations. The Broker Server runs on the Snyk SaaS backend and is provided by Snyk; no installation is required. You will install the Broker client and deploy it in your infrastructure. +Snyk Broker includes a Server and a Client, the basic components that are the same across all integrations. Snyk provides the Broker Server, which runs on the Snyk SaaS backend, so no installation is required. You install the Broker client and deploy it in your infrastructure. The Broker client and server act together, sending requests by proxy from [snyk.io](http://snyk.io/) to a repository or Jira, fetching the files needed for scanning from repositories and fetching results using webhooks posted by the SCM service. -The Broker client runs within your internal network, keeping sensitive data such as SCM tokens within the network perimeter. The Broker connection allows for scanning using only requests on an approved data list. This narrows the access permissions to the absolute minimum required for Snyk to monitor a repository. For more information, see [Approved data list for Snyk Broker](broker-inbound-and-outbound-connections-and-allowed-requests.md#approved-data-list-for-snyk-broker). +The Broker client runs within your internal network, keeping sensitive data such as SCM tokens within the network perimeter. The Broker connection allows scanning using only requests on an approved data list. This narrows the access permissions to the minimum required for Snyk to monitor a repository. For more information, see [Approved data list for Snyk Broker](broker-inbound-and-outbound-connections-and-allowed-requests.md#approved-data-list-for-snyk-broker). -Using Snyk Broker allows you to manage a fixed private IP for your integration that targets the Broker. +Using Snyk Broker, you can manage a fixed private IP for your integration that targets the Broker. All data, both in transit and at rest, is encrypted. There is no need to open incoming ports; the communication is initiated outbound. After the connection is initiated, the secure WebSocket connection is bidirectional between the Client and the Server. -SCM integrations with Broker Support Snyk Code, Open Source, Container, IaC, and Essentials. +SCM integrations with Broker support Snyk Code, Open Source, Container, IaC, and Essentials. ## Integrations supported by Snyk Broker diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/broker-inbound-and-outbound-connections-and-allowed-requests.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/broker-inbound-and-outbound-connections-and-allowed-requests.md index c62308db280f..0a66c1cd4bf9 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/broker-inbound-and-outbound-connections-and-allowed-requests.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/broker-inbound-and-outbound-connections-and-allowed-requests.md @@ -26,7 +26,7 @@ Thus you do not need to allow inbound connections to the Broker Client from Snyk ### Approved data list for Snyk Broker -The Broker Client maintains an approved data list for inbound and outbound requests. Only data on this approved list may be requested. This narrows the access permissions to the absolute minimum required for Snyk to monitor a repository. +The Broker Client maintains an approved data list for inbound and outbound requests. You can request only data on this approved list. This narrows the access permissions to the minimum required for Snyk to monitor a repository. ### Inbound requests allowed @@ -48,4 +48,4 @@ Webhook notifications are delivered to Snyk through the Broker Client only for e ### Default approved data list and `accept.json` file -On occasion, you may need to [add and configure an `accept.json`](classic-broker/snyk-broker-infrastructure-as-code-detection.md) file in your Broker deployment. Doing this will remove the ability to apply ACCEPT rules when starting the Broker. +On occasion, you might need to [add and configure an `accept.json`](classic-broker/snyk-broker-infrastructure-as-code-detection.md) file in your Broker deployment. Doing this removes the ability to apply ACCEPT rules when starting the Broker. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/clone-an-integration-across-your-snyk-organizations.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/clone-an-integration-across-your-snyk-organizations.md index 8b02740f5de1..25bac00f7f94 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/clone-an-integration-across-your-snyk-organizations.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/clone-an-integration-across-your-snyk-organizations.md @@ -4,7 +4,7 @@ You can choose to use the same brokered Git integration across multiple Organiza For example, you can integrate Snyk Organizations X, Y, and Z with your single Git repo X. -To clone Organization configurations, you must have teams and groups enabled. +To clone Organization configurations, you must have teams and Groups enabled. 1. From the **Organization** list, choose an Organization in the Group that you are working with.\ Choose Organization @@ -13,8 +13,8 @@ To clone Organization configurations, you must have teams and groups enabled.
Select +Create new Organization

Select +Create new Organization

3. In the next window, enter a name for your new Organization. 4. In the **Copy settings from an existing org** section, choose an Organization that you have already configured for the Broker token. -5. Review the summary of what will be copied across to the new Organization and click **Create organization** to confirm. +5. Review the summary of what Snyk copies to the new Organization and click **Create organization** to confirm. -
Review summary of what will be copied to the new Organization and Create

Review summary of what will be copied to the new Organization and Create

+
Review summary of what will be copied to the new Organization and Create

Review summary of what Snyk copies to the new Organization and Create

-The **Dashboard** for the Organization that you just created opens. The Broker integration is duplicated and set up, and the Broker token is identical to the token for the original Organization. +The **Dashboard** for the Organization that you created opens. The Broker integration is duplicated and set up, and the Broker token is identical to the token for the original Organization. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/README.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/README.md index e1998aed510d..3e85742059f7 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/README.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/README.md @@ -7,14 +7,14 @@ Snyk Broker is an open-source tool that acts as a proxy between Snyk and special For comprehensive information about Snyk Broker, including how it works, how to deploy it, commit signing, upgrading, and troubleshooting, see the full [Snyk Broker user documentation](../../). {% hint style="info" %} -[Broker version 4.205.1](https://github.com/snyk/broker/blob/cb4f89e05eb42605f076321b952cdb7e57bf4111/config.default.json#L8) has been [released](https://updates.snyk.io). In this version, all `ACCEPT` rule flags will be enabled by default. This reduces needed configuration. If you do not want a specific `ACCEPT` rule flag to be enabled, you can opt out of the default `ACCEPT` all behavior by adding `ACCEPT_=false` to your Broker client configuration. +[Broker version 4.205.1](https://github.com/snyk/broker/blob/cb4f89e05eb42605f076321b952cdb7e57bf4111/config.default.json#L8) has been [released](https://updates.snyk.io). In this version, all `ACCEPT` rule flags are enabled by default. This reduces needed configuration. If you do not want a specific `ACCEPT` rule flag enabled, you can opt out of the default `ACCEPT` all behavior by adding `ACCEPT_=false` to your Broker client configuration. {% endhint %} ## **Deployment options**
Install Snyk Broker with the Broker Helm Chart. For details, see Install and configure Broker using Helm.install-and-configure-broker-using-helm.md
Install Snyk Broker using the Docker images provided by Snyk. For details, see Install and configure Broker using Docker.install-and-configure-broker-using-docker.md
-Alternatively, you can use the binaries available for [each Github release](https://github.com/snyk/broker/releases). However, this approach falls outside of Snyk product support and is made available only for specific use cases where containers cannot be used. The containerized version is strongly recommended. +Alternatively, you can use the binaries available for [each GitHub release](https://github.com/snyk/broker/releases). However, this approach falls outside of Snyk product support and is available only for specific use cases where you cannot use containers. The containerized version is strongly recommended. ## Additional information for developers diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-helm-chart-installation/custom-additional-options-for-broker-helm-chart-installation.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-helm-chart-installation/custom-additional-options-for-broker-helm-chart-installation.md index df6bcbde39d4..007e241f3817 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-helm-chart-installation/custom-additional-options-for-broker-helm-chart-installation.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-helm-chart-installation/custom-additional-options-for-broker-helm-chart-installation.md @@ -1,6 +1,6 @@ # Custom additional options for Broker Helm Chart installation -If you need to inject additional option(s) using environment variables, use the `override.yaml` value file to add any additional environment variable(s) you may need. +If you need to inject additional options using environment variables, use the `override.yaml` value file to add any additional environment variables you need. Adding the `--values override.yaml` will load those values into your deployment. For example: diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-helm-chart-installation/deploying-multiple-brokers-in-the-same-namespace.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-helm-chart-installation/deploying-multiple-brokers-in-the-same-namespace.md index 6684b0676cfb..8cd7cce2f283 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-helm-chart-installation/deploying-multiple-brokers-in-the-same-namespace.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-helm-chart-installation/deploying-multiple-brokers-in-the-same-namespace.md @@ -2,15 +2,15 @@ ## Helm chart versions 2.x.x -Helm chart versions 2.x.x automatically adds a suffix to all object name based on the release name. Simply use different release name for each broker you want to add into the same namespace. +Helm chart versions 2.x.x automatically add a suffix to all object names based on the release name. Use a different release name for each Broker you want to add to the same namespace. {% hint style="info" %} -For backward compatibility, 2.1.0 introduces a disableSuffixes flag to revert to the 1.x.x behavior listed below, by simply adding --set disableSuffixes=true or disableSuffixes=true in your values file. +For backward compatibility, 2.1.0 introduces a disableSuffixes flag to revert to the 1.x.x behavior listed in the following section. Add --set disableSuffixes=true or disableSuffixes=true in your values file. {% endhint %} ## Helm chart versions 1.x.x -To deploy an additional Broker into the same namespace as an existing broker, follow these examples. +To deploy an additional Broker into the same namespace as an existing Broker, follow these examples. ### Deploy with existing service account diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-helm-chart-installation/image-repository-tab-and-image-pull-secret.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-helm-chart-installation/image-repository-tab-and-image-pull-secret.md index 1bb819eb7371..14197f71dc01 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-helm-chart-installation/image-repository-tab-and-image-pull-secret.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-helm-chart-installation/image-repository-tab-and-image-pull-secret.md @@ -4,4 +4,4 @@ You can choose to use your own container registry and tag instead of the public If your container registry requires an image pull secret, you can specify an image secret. -Note that the Image Pull Secret is NOT created by the chart; rather, the image Pull Secret is expected to be present on your cluster. +Note that the chart does not create the Image Pull Secret. The Image Pull Secret must already be present on your cluster. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-helm-chart-installation/ingress-options-with-snyk-broker-helm-installation.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-helm-chart-installation/ingress-options-with-snyk-broker-helm-installation.md index eeac859c9f9d..416669cde5d4 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-helm-chart-installation/ingress-options-with-snyk-broker-helm-installation.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-helm-chart-installation/ingress-options-with-snyk-broker-helm-installation.md @@ -1,6 +1,6 @@ # Ingress options with Snyk Broker Helm installation -When you are setting up the Broker using Helm, you may need to configure the `brokerClientUrl` parameter. This parameter enables PR Checks if you are connecting to an SCM and enables connecting to Container Registries. +When you set up the Broker using Helm, you might need to configure the `brokerClientUrl` parameter. This parameter enables PR Checks if you connect to an SCM and lets you connect to Container Registries. For this connection to happen, there must be inbound connectivity from the SCM or Container Registry to the Broker. Kubernetes manages this inbound connectivity through ingress. @@ -8,7 +8,7 @@ Ingress is a way to route incoming network traffic to specific services in a Kub There are two options available for ingress traffic. By default, the pods are not accessible from outside the cluster. -To enable a load balancer, add the `--set service.=LoadBalancer`. Allowed values are `brokertype`, `crType`, and `caType`. Servicet ype refers to the type of Broker you are running. +To enable a load balancer, add the `--set service.=LoadBalancer`. Allowed values are `brokertype`, `crType`, and `caType`. Service type refers to the type of Broker you are running. Example for Github: diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-helm-chart-installation/insecure-downstream-mode.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-helm-chart-installation/insecure-downstream-mode.md index a534fe20d392..45a773cc4ac1 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-helm-chart-installation/insecure-downstream-mode.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-helm-chart-installation/insecure-downstream-mode.md @@ -2,20 +2,20 @@ description: Usage of this mode is discouraged. --- -# Insecure Downstream Mode +# Insecure downstream mode -In some situations, you may need to use only HTTP for your downstream connection. These cases are relatively infrequent and usually occur because of historical http-only setups. Snyk recommends upgrading to use HTTPS instead. +In some situations, you might need to use only HTTP for your downstream connection. These cases are infrequent and usually occur because of historical HTTP-only setups. Snyk recommends upgrading to use HTTPS instead. -In the cases where this is not possible in the near term, the insecure downstream mode introduces a way to force downstream requests to your SCM/JIRA/others to take place over HTTP instead of HTTPS. +If upgrading is not possible in the near term, the insecure downstream mode introduces a way to force downstream requests to your SCM, JIRA, or other service to take place over HTTP instead of HTTPS. -You should avoid using this mode in most cases; it is opt-in. It makes all requests go over HTTP, thus without the benefit of the safety of TLS encryption. This mode means all your credentials and data will appear unencrypted, which is tolerable only in tightly-secured networks. +In most cases, avoid this mode; it is opt-in. It makes all requests go over HTTP, without the benefit of TLS encryption. This mode means all your credentials and data appear unencrypted, which is tolerable only in tightly secured networks. Use the [Custom additional options for Broker Helm Chart installation](custom-additional-options-for-broker-helm-chart-installation.md) to inject this environment variable: `--set env[0].name=INSECURE_DOWNSTREAM --set env[0].value="true"` {% hint style="warning" %} -Using HTTP is highly insecure. Your data and credentials will transit in the clear over the network exchanges. +Using HTTP is highly insecure. Your data and credentials transit in the clear over the network exchanges. -Snyk is not responsible for any credential leaks that may occur as a result of the use of HTTP. +Snyk is not responsible for any credential leaks that occur as a result of the use of HTTP. {% endhint %} diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-helm-chart-installation/kubernetes-secrets-and-helm-chart-installation.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-helm-chart-installation/kubernetes-secrets-and-helm-chart-installation.md index 869ae17c7626..f2520d9762c3 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-helm-chart-installation/kubernetes-secrets-and-helm-chart-installation.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-helm-chart-installation/kubernetes-secrets-and-helm-chart-installation.md @@ -4,7 +4,7 @@ Beginning with version `2.8.0` of the Snyk Broker Helm Chart, external secrets a To enable this functionality, set `useExternalSecrets` to `true` in `values.yaml` or `--set externalSecrets=true`. -To obtain a list of required secrets, perform a dry run of a Helm installation. This will not make any changes to your Kubernetes environment, but does require the following: +To obtain a list of required secrets, perform a dry run of a Helm installation. This does not make any changes to your Kubernetes environment, but does require the following: ``` helm install snyk-broker-chart \ @@ -14,7 +14,7 @@ helm install snyk-broker-chart \ --dry-run=client ``` -A list of secrets with their expected names and values will be generated. The following example uses `scmType=nexus` : +Snyk generates a list of secrets with their expected names and values. The following example uses `scmType=nexus`: ``` ### Secret Creation Disabled ### @@ -28,7 +28,7 @@ Ensure secrets are present on your cluster in the default namespace: -> nexus-broker-client-validation-url-snyk-broker-chart:nexus-broker-client-validation-url ``` -In this example, four secrets must exist within the same namespace to which the Broker will be installed, each containing one key-value pair. Any values that are shown in `<>` characters are indicators to add your own secret data. +In this example, four secrets must exist in the same namespace to which the Broker is installed, each containing one key-value pair. Any values shown in `<>` characters are indicators to add your own secret data. ## Renaming secrets and keys @@ -64,16 +64,16 @@ brokerTokenSecret: key: org-x-broker-token ``` -The Helm Chart will reference the contents under the `org-x-broker-token` key in Secret `snyk-broker-secrets` for the Broker token. +The Helm Chart references the contents under the `org-x-broker-token` key in Secret `snyk-broker-secrets` for the Broker token. ## Partial external secrets -When `useExternalSecrets` is true, the Broker Helm Chart will check whether a value is provided for a secret (for example, `brokerToken=`) +When `useExternalSecrets` is true, the Broker Helm Chart checks whether you provide a value for a secret (for example, `brokerToken=`) * If a value exists, create a secret as usual. * If no value exists, look for an external secret. -By this means, some secrets may be controlled by the Broker Helm chart, and others controlled externally: +By this means, the Broker Helm chart can control some secrets, and you can control others externally: ``` scmType: github-com @@ -82,12 +82,12 @@ useExternalSecrets: true githubToken: "" ``` -This set of values will: +This set of values does the following: -* Create a secret for the provided Broker token -* Reference an external secret for the required GitHub token +* Creates a secret for the provided Broker token +* References an external secret for the required GitHub token -Performing a dry run of a Helm installation will provide the required secret names and keys: +Performing a dry run of a Helm installation provides the required secret names and keys: ``` ### Secret Creation Disabled ### @@ -102,7 +102,7 @@ Note the Broker token secret is excluded from this list as a value is directly p ## Using a single external secret with multiple keys -A single Kubernetes secret may contain all required credentials for the Snyk Broker to operate. Using a Broker of type `nexus` as an example, assume this secret is present in Kubernetes: +A single Kubernetes secret can contain all required credentials for the Snyk Broker to operate. Using a Broker of type `nexus` as an example, assume this secret is present in Kubernetes: ``` apiVersion: v1 diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-helm-chart-installation/snyk-open-source-scans-sca-of-large-manifest-files-helm-setup.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-helm-chart-installation/snyk-open-source-scans-sca-of-large-manifest-files-helm-setup.md index 2a1257c04eb3..bb935e6ccb0a 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-helm-chart-installation/snyk-open-source-scans-sca-of-large-manifest-files-helm-setup.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-helm-chart-installation/snyk-open-source-scans-sca-of-large-manifest-files-helm-setup.md @@ -4,9 +4,9 @@ This applies only to Github and Github Enterprise Broker integrations. {% endhint %} -When large manifest files are detected by Snyk, it is sometimes necessary to use a different method (different SCM endpoint) to retrieve the file. Since the alternative method requires a more permissive rule, it is disabled by default. This ensures the maximum possible security. Use of this endpoint means that the Snyk platform can theoretically access all files in this repository because the path does not include specific allowed file names. +When Snyk detects large manifest files, you sometimes must use a different method (a different SCM endpoint) to retrieve the file. Because the alternative method requires a more permissive rule, it is disabled by default. This ensures the maximum possible security. Use of this endpoint means that the Snyk platform can theoretically access all files in this repository because the path does not include specific allowed file names. -To add this rule easily, allowing the Broker client to retrieve the larger manifests file using a different endpoint, add the following environment variable: +To add this rule, allowing the Broker client to retrieve the larger manifests file using a different endpoint, add the following environment variable: ```console --set 'env[0].name=ACCEPT_LARGE_MANIFESTS' \ @@ -14,5 +14,5 @@ To add this rule easily, allowing the Broker client to retrieve the larger manif ``` {% hint style="info" %} -If you are using other custom environment variables, you may need to adjust the 0 index in this code to avoid having any of the environment variables overwrite each other. +If you use other custom environment variables, you might need to adjust the 0 index in this code to avoid having any of the environment variables overwrite each other. {% endhint %} diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-snyk-broker-docker-installation/backend-requests-with-an-internal-certificate-for-docker.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-snyk-broker-docker-installation/backend-requests-with-an-internal-certificate-for-docker.md index e76c09978a3f..653e0db33313 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-snyk-broker-docker-installation/backend-requests-with-an-internal-certificate-for-docker.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-snyk-broker-docker-installation/backend-requests-with-an-internal-certificate-for-docker.md @@ -18,7 +18,7 @@ docker run --restart=always \ snyk/broker:bitbucket-server ``` -Beginning with [Broker version 4.166.0 (2023-10-10)](https://github.com/snyk/broker/releases/tag/v4.166.0), the custom CA cert instruction is `NODE_EXTRA_CA_CERTS` and this must be set as shown in order to use a custom CA. The `CA_CERT` environment variable is no longer in use for this purpose. +Beginning with [Broker version 4.166.0 (2023-10-10)](https://github.com/snyk/broker/releases/tag/v4.166.0), the custom CA cert instruction is `NODE_EXTRA_CA_CERTS` and you must set this as shown to use a custom CA. The `CA_CERT` environment variable is no longer in use for this purpose. Note that this completely replaces the default CA Certificate List for any requests made to your backend system, so this must be the complete chain required by the certificate used by the backend system. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-snyk-broker-docker-installation/changing-the-auth-method-with-docker.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-snyk-broker-docker-installation/changing-the-auth-method-with-docker.md index db61d30eb48e..a9db71a66b09 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-snyk-broker-docker-installation/changing-the-auth-method-with-docker.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-snyk-broker-docker-installation/changing-the-auth-method-with-docker.md @@ -28,7 +28,7 @@ For Artifactory, the auth method is configured in the `.env` file by default: ARTIFACTORY_URL=:@/artifactory ``` -For GitHub, the auth meth is part of the `origin` field in the `accept.json` file: +For GitHub, the auth method is part of the `origin` field in the `accept.json` file: ```json { @@ -42,7 +42,7 @@ For GitHub, the auth meth is part of the `origin` field in the `accept.json` fil } ``` -You can override the authentication method. Valid values for `scheme` are `bearer`, `token`, and `basic`, which set the Authorization header to `Bearer`, `Token`, and `Basic` respectively. If a bearer token is preferred, the `accept.json` file can be configured as such: +You can override the authentication method. Valid values for `scheme` are `bearer`, `token`, and `basic`, which set the Authorization header to `Bearer`, `Token`, and `Basic` respectively. If you prefer a bearer token, configure the `accept.json` file as follows: ```json { diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-snyk-broker-docker-installation/credential-pooling-with-docker-and-helm.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-snyk-broker-docker-installation/credential-pooling-with-docker-and-helm.md index e5e7a6282f74..aa10d0aeb6f5 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-snyk-broker-docker-installation/credential-pooling-with-docker-and-helm.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-snyk-broker-docker-installation/credential-pooling-with-docker-and-helm.md @@ -1,6 +1,6 @@ # Credential pooling with Docker and Helm -Under some circumstances it can be desirable to create a "pool" of credentials, for example, to work around rate-limiting issues. You can do this by creating an environment variable ending in `_POOL`, separating each credential with a comma. The Broker Client will then, when doing variable replacement, look to see if the variable in use has a variant with a `_POOL` suffix, and if so, use the next item in that pool. For example, if you have set the environment variable `GITHUB_TOKEN`, but want to provide multiple tokens, you would do this instead: +Under some circumstances, you might want to create a "pool" of credentials, for example, to work around rate-limiting issues. To do this, create an environment variable ending in `_POOL`, separating each credential with a comma. When doing variable replacement, the Broker Client looks to see whether the variable in use has a variant with a `_POOL` suffix, and if so, uses the next item in that pool. For example, if you set the environment variable `GITHUB_TOKEN` but want to provide multiple tokens, do this instead: ``` GITHUB_TOKEN_POOL=token1, token2, token3 @@ -8,17 +8,17 @@ GITHUB_TOKEN_POOL=token1, token2, token3 You can add this as env var + value in the Helm Chart. -Then the Broker Client would, any time it needed `GITHUB_TOKEN`, instead take an item from the `GITHUB_TOKEN_POOL`. +Then, any time the Broker Client needs `GITHUB_TOKEN`, it instead takes an item from the `GITHUB_TOKEN_POOL`. Credentials are taken in a round-robin fashion, so the first, the second, the third, and so on, until the Broker Client reaches the end and then takes the first credential again. -Calling the `/systemcheck` endpoint will validate all credentials, in order, and will return an array where the first item is the first credential, and so on. For example, if you were running the GitHub Client and have this: +Calling the `/systemcheck` endpoint validates all credentials, in order, and returns an array where the first item is the first credential, and so on. For example, if you run the GitHub Client and have this: ``` GITHUB_TOKEN_POOL=good_token, bad_token ``` -The `/systemcheck` endpoint would return the following, where the first object is for `good_token` and the second for `bad_token`: +The `/systemcheck` endpoint returns the following, where the first object is for `good_token` and the second for `bad_token`: ``` [ @@ -41,19 +41,19 @@ The `/systemcheck` endpoint would return the following, where the first object i ] ``` -The credentials are masked. However, note that if your credentials contain six (6) or fewer characters, they will be completely replaced with the mask. +The credentials are masked. However, note that if your credentials contain six or fewer characters, the mask completely replaces them. ## **Limitations of credential pooling** -Credential validity is not checked before using a credential, nor are invalid credentials removed from the pool, so it is _strongly_ recommended that credentials be used exclusively by the Broker Client to avoid credentials reaching rate limits at different times, and that the `/systemcheck` endpoint be called before use. +The Broker Client does not check credential validity before using a credential, nor does it remove invalid credentials from the pool. Snyk _strongly_ recommends that only the Broker Client use the credentials, to avoid credentials reaching rate limits at different times, and that you call the `/systemcheck` endpoint before use. -Some providers, such as GitHub, do rate-limiting on a per-user basis, not a per-token or per-credential basis, and in those cases you will need to create multiple accounts with one credential per account. +Some providers, such as GitHub, do rate-limiting on a per-user basis, not a per-token or per-credential basis, and in those cases you must create multiple accounts with one credential per account. ## **Credentials matrix** Generating a Matrix of credentials is not supported. -A "Matrix" in this case is defined as taking two (or more) `_POOL`s of length `x` and `y`, and producing one final pool of length `x * y`. For example, given an input like: +A "Matrix" in this case means taking two or more `_POOL`s of length `x` and `y`, and producing one final pool of length `x * y`. For example, given an input like: ``` USERNAME_POOL=u1, u2, u3 diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-snyk-broker-docker-installation/insecure-downstream-mode.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-snyk-broker-docker-installation/insecure-downstream-mode.md index 6bd55a5f2105..a1b6b55e1258 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-snyk-broker-docker-installation/insecure-downstream-mode.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-snyk-broker-docker-installation/insecure-downstream-mode.md @@ -4,17 +4,17 @@ description: Usage of this mode is discouraged. # Insecure downstream mode -In some situations, you may need to use only `http` for your downstream connection. These cases are infrequent and usually occur because of historical `http-`only setups. Snyk recommends upgrading these setups to use `https` instead. +In some situations, you might need to use only `http` for your downstream connection. These cases are infrequent and usually occur because of historical `http-`only setups. Snyk recommends upgrading these setups to use `https` instead. If upgrading is not possible in the near term, the insecure downstream mode introduces a way to force downstream requests to your SCM, JIRA, or other service to take place over `http` instead of `https`. -In most cases, you should avoid insecure downstream mode, and to use it, you must opt-in.\ +In most cases, avoid insecure downstream mode; to use it, you must opt in.\ Insecure downstream mode makes all requests go over `http`, thus no longer benefitting from the safety of TLS encryption. Insecure downstream mode means all your credentials and data will appear unencrypted, which is only tolerable in tightly secured networks. Export the environment variable `INSECURE_DOWNSTREAM="true"` to use this mode, passing it as an environment value using the `-e INSECURE_DOWNSTREAM="true"` option. {% hint style="warning" %} -Using HTTP is highly insecure! Your data and credentials will be transmitted in clear form over the network exchanges. +Using HTTP is highly insecure. Snyk transmits your data and credentials in clear form over the network exchanges. Snyk is not responsible for any credential leaks that may occur as a result of the use of an insecure downstream mode. {% endhint %} diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-snyk-broker-docker-installation/mounting-secrets-with-docker.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-snyk-broker-docker-installation/mounting-secrets-with-docker.md index 688aa20f8f26..1a5f7a6a6d2a 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-snyk-broker-docker-installation/mounting-secrets-with-docker.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-snyk-broker-docker-installation/mounting-secrets-with-docker.md @@ -1,7 +1,7 @@ # Mounting secrets with Docker -Sometimes it is required to load sensitive configurations, the GitHub or Snyk token, from a file instead of from environment variables. Broker is using [dotenv](https://www.npmjs.com/package/dotenv) to load the config, so the process is relatively simple: +Sometimes you must load sensitive configurations, such as the GitHub or Snyk token, from a file instead of from environment variables. Broker uses [dotenv](https://www.npmjs.com/package/dotenv) to load the config, so the process is straightforward: * Create a file named `.env` and put your sensitive configuration there. -* Mount this file, for example, using a [Kubernetes secret](https://kubernetes.io/docs/tasks/inject-data-application/distribute-credentials-secure/#create-a-pod-that-has-access-to-the-secret-data-through-a-volume)). Mount the file to be somewhere like `/broker`. -* Change the workdir of the docker image to be `/broker/`. An example of such file is located in your broker container at $HOME/.env. +* Mount this file, for example, using a [Kubernetes secret](https://kubernetes.io/docs/tasks/inject-data-application/distribute-credentials-secure/#create-a-pod-that-has-access-to-the-secret-data-through-a-volume). Mount the file to somewhere like `/broker`. +* Change the workdir of the Docker image to `/broker/`. An example of such a file is located in your Broker container at $HOME/.env. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-snyk-broker-docker-installation/snyk-open-source-scans-sca-of-large-manifest-files-docker-setup.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-snyk-broker-docker-installation/snyk-open-source-scans-sca-of-large-manifest-files-docker-setup.md index a52bf3d96b9e..df1433b534ef 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-snyk-broker-docker-installation/snyk-open-source-scans-sca-of-large-manifest-files-docker-setup.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/advanced-configuration-for-snyk-broker-docker-installation/snyk-open-source-scans-sca-of-large-manifest-files-docker-setup.md @@ -1,12 +1,12 @@ # Snyk Open Source Scans (SCA) of large manifest files, Docker setup {% hint style="info" %} -This applies only to Github and Github Enterprise Broker integrations. +This applies only to GitHub and GitHub Enterprise Broker integrations. {% endhint %} -When large manifest files are detected by Snyk, it is sometimes necessary to use a different method (different SCM endpoint) to retrieve the file. Since the alternative method requires a more permissive rule, it is disabled by default. This ensures the maximum possible security. Use of this endpoint means that the Snyk platform can theoretically access all files in this repository because the path does not include specific allowed file names. +When Snyk detects large manifest files, you sometimes need to use a different method (a different SCM endpoint) to retrieve the file. Because the alternative method requires a more permissive rule, it is disabled by default. This ensures the maximum possible security. Use of this endpoint means that the Snyk platform can theoretically access all files in this repository because the path does not include specific allowed file names. -To add this rule easily, allowing the Broker client to retrieve the larger manifests file using a different endpoint, add the following environment variable: +To add this rule, allowing the Broker client to retrieve the larger manifests file using a different endpoint, add the following environment variable: ```console -e ACCEPT_LARGE_MANIFESTS=true diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/artifactory-repository-install-and-configure-broker/README.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/artifactory-repository-install-and-configure-broker/README.md index 0fedb34cf748..d3a2f86fa3fc 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/artifactory-repository-install-and-configure-broker/README.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/artifactory-repository-install-and-configure-broker/README.md @@ -18,12 +18,12 @@ For convenience, instructions to obtain or generate the Broker token follow. Whe ## Obtain Broker token for Artifactory Repository setup -1. Navigate to **Settings** > **Add integrations** > **Package Repositories > Artifactory**. -2. Enter the URL of your Artifactory instance, this must end with /artifactory. +1. Navigate to **Settings** > **Add integrations** > **Package Repositories** > **Artifactory**. +2. Enter the URL of your Artifactory instance. This must end with /artifactory. 3. Enter your username and password. 4. Select **Save**. -
Artifactory integration setup

Artifactoryrepository setup

+
Artifactory integration setup

Artifactory repository setup

{% hint style="info" %} If you do not see the Snyk Broker on/off switch, you do not have the necessary permissions and can only add a publicly accessible instance. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/artifactory-repository-install-and-configure-broker/artifactory-repository-environment-variables-for-snyk-broker.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/artifactory-repository-install-and-configure-broker/artifactory-repository-environment-variables-for-snyk-broker.md index fc1fed3a51cf..afd339ca6b35 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/artifactory-repository-install-and-configure-broker/artifactory-repository-environment-variables-for-snyk-broker.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/artifactory-repository-install-and-configure-broker/artifactory-repository-environment-variables-for-snyk-broker.md @@ -14,7 +14,7 @@ The following fields are optional: * `Basic auth`: Omit if no basic auth required.\ URL encode both username and password info to avoid errors that may prevent authentication. * `Protocol`: Defaults to `https://`\ - This should only be specified when no certificate is present and `http://` is required instead for your instance. + Specify this only when no certificate is present and your instance requires `http://` instead. `ARTIFACTORY_URL` format with optional fields:\ `[http://][username:password@]hostname[:port]/artifactory`\ diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/artifactory-repository-install-and-configure-broker/artifactory-repository-install-and-configure-using-docker.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/artifactory-repository-install-and-configure-broker/artifactory-repository-install-and-configure-using-docker.md index 57bd45f3ce13..4e8e2f64da72 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/artifactory-repository-install-and-configure-broker/artifactory-repository-install-and-configure-using-docker.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/artifactory-repository-install-and-configure-broker/artifactory-repository-install-and-configure-using-docker.md @@ -10,11 +10,11 @@ Before installing, review the [prerequisites](./) and the general instructions f This integration is useful to ensure a secure connection with your on-premise Artifactory Repository deployment. -For information about non-brokered integration with Artifactory Repository see [Artifactory Repository setup](https://app.gitbook.com/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-open-source/package-repository-integrations/artifactory-package-repository-connection-setup). For information about brokered integration with Artifactory Container Registry see [Snyk Broker -Container Registry Agent](../../../snyk-broker-container-registry-agent/). +For information about non-brokered integration with Artifactory Repository see [Artifactory Repository setup](https://app.gitbook.com/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-open-source/package-repository-integrations/artifactory-package-repository-connection-setup). For information about brokered integration with Artifactory Container Registry see [Snyk Broker - Container Registry Agent](../../../snyk-broker-container-registry-agent/). ## Configure Broker to be used for Artifactory Registry -To use the Broker client with an Artifactory Registry deployment, **run** `docker pull snyk/broker:artifactory`. Refer to [Artifactory Repository - environment variables for Snyk Broker](artifactory-repository-environment-variables-for-snyk-broker.md) for definitions of the environment variables. +To use the Broker client with an Artifactory Registry deployment, run `docker pull snyk/broker:artifactory`. Refer to [Artifactory Repository - environment variables for Snyk Broker](artifactory-repository-environment-variables-for-snyk-broker.md) for definitions of the environment variables. ## Docker run commands to set up a Broker Client for Artifactory Repository diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/artifactory-repository-install-and-configure-broker/artifactory-repository-install-and-configure-using-helm.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/artifactory-repository-install-and-configure-broker/artifactory-repository-install-and-configure-using-helm.md index ecc80052d064..11fbcd80d003 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/artifactory-repository-install-and-configure-broker/artifactory-repository-install-and-configure-using-helm.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/artifactory-repository-install-and-configure-broker/artifactory-repository-install-and-configure-using-helm.md @@ -8,7 +8,7 @@ Integration with Artifactory Repository is available only with Enterprise plans. Before installing, review the [prerequisites](./) and the general instructions for installation using [Helm](../../../../../../enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/install-and-configure-broker-using-helm.md). -For information about non-brokered integration with Artifactory Repository see [Artifactory Repository setup](https://app.gitbook.com/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-open-source/package-repository-integrations/artifactory-package-repository-connection-setup). For information about brokered integration with Artifactory Container Registry see [Snyk Broker -Container Registry Agent](../../../snyk-broker-container-registry-agent/). +For information about non-brokered integration with Artifactory Repository see [Artifactory Repository setup](https://app.gitbook.com/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-open-source/package-repository-integrations/artifactory-package-repository-connection-setup). For information about brokered integration with Artifactory Container Registry see [Snyk Broker - Container Registry Agent](../../../snyk-broker-container-registry-agent/). To use this chart, you must first add the Snyk Broker Helm Chart by adding the repo: @@ -34,4 +34,4 @@ helm install snyk-broker-chart snyk-broker/snyk-broker \ You can pass any environment variable of your choice in the Helm command. For details, see [Custom additional options for Broker Helm Chart](../advanced-configuration-for-helm-chart-installation/custom-additional-options-for-broker-helm-chart-installation.md). Follow the instructions for [Advanced configuration for Helm Chart installation](../advanced-configuration-for-helm-chart-installation/) to make configuration changes as needed. -You can verify that the Broker is running by looking at the settings for your brokered integration in the Snyk Web UI to see a confirmation message that you are connected. You can start importing Projects once you are connected. +You can verify that the Broker is running by looking at the settings for your brokered integration in the Snyk Web UI to see a confirmation message that you are connected. You can start importing Projects after you are connected. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/azure-repos-prerequisites-and-steps-to-install-and-configure-broker/azure-repos-environment-variables-for-snyk-broker.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/azure-repos-prerequisites-and-steps-to-install-and-configure-broker/azure-repos-environment-variables-for-snyk-broker.md index 9035e9335d61..b9b851ec282c 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/azure-repos-prerequisites-and-steps-to-install-and-configure-broker/azure-repos-environment-variables-for-snyk-broker.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/azure-repos-prerequisites-and-steps-to-install-and-configure-broker/azure-repos-environment-variables-for-snyk-broker.md @@ -5,10 +5,10 @@ The following environment variables are required to configure the Broker Client * `BROKER_TOKEN` - the Snyk Broker token, obtained from your Azure Repos integration settings view (app.snyk.io). * `BROKER_SERVER_URL` - the URL of the Broker server for the region in which your data is hosted. For the commands and URLs to use, see [Broker URLs](https://app.gitbook.com/s/ELvljsaLKPkSpffOkmsQ/regional-hosting-and-data-residency#broker-server-urls). * `AZURE_REPOS_TOKEN` - an Azure Repos personal access token. Refer to this [Guide](https://docs.microsoft.com/en-us/azure/devops/organizations/accounts/use-personal-access-tokens-to-authenticate?view=azure-devops\&tabs=preview-page) for how to get or create the token. Required scopes: ensure Custom defined is selected and under Code select `Read & write`. -* `AZURE_REPOS_ORG` - Organization name, which can be found on your Organization Overview page in Azure. For Azure Repos on-prem, the typical organization name is `tfs/Main.` If you have more than one Azure organization, you must deploy a Broker for each one +* `AZURE_REPOS_ORG` - Organization name, which can be found on your Organization Overview page in Azure. For Azure Repos on-prem, the typical organization name is `tfs/Main.` If you have more than one Azure organization, you must deploy a Broker for each one. * `AZURE_REPOS_HOST` - the hostname of your Azure Repos Server deployment, such as `your.azure-server.domain.com`. * `PORT` - the local port at which the Broker client accepts connections. Default is 8000. -* `BROKER_CLIENT_URL` - the full URL of the Broker client as it will be accessible to your Azure Repos' webhooks, such as `http://broker.url.example:8000.`This URL is required to access features such as PR Fixes or PR Checks. +* `BROKER_CLIENT_URL` - the full URL of the Broker client as it is accessible to your Azure Repos webhooks, such as `http://broker.url.example:8000.` This URL is required to access features such as PR Fixes or PR Checks. * This must have http:// and the port number. * To configure the client with HTTPS, [additional settings are required](../../../https-for-broker-client-with-docker.md). * `ACCEPT_IAC` - by default, some file types used by Infrastructure-as-Code (IaC) are not enabled. To grant the Broker access to IaC files in your repository, for example, Terraform, you can add an environment variable, `ACCEPT_IAC`, with any combination of `tf,yaml,yml,json,tpl`. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/azure-repos-prerequisites-and-steps-to-install-and-configure-broker/azure-repos-install-and-configure-and-configure-using-helm.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/azure-repos-prerequisites-and-steps-to-install-and-configure-broker/azure-repos-install-and-configure-and-configure-using-helm.md index b19b47d4e645..6a2ac41503d4 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/azure-repos-prerequisites-and-steps-to-install-and-configure-broker/azure-repos-install-and-configure-and-configure-using-helm.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/azure-repos-prerequisites-and-steps-to-install-and-configure-broker/azure-repos-install-and-configure-and-configure-using-helm.md @@ -38,4 +38,4 @@ helm install snyk-broker-chart snyk-broker/snyk-broker \ You can pass any environment variable of your choice in the Helm command. For details, see [Custom additional options for Broker Helm Chart](../advanced-configuration-for-helm-chart-installation/custom-additional-options-for-broker-helm-chart-installation.md). Follow the instructions for [Advanced configuration for Helm Chart installation](../advanced-configuration-for-helm-chart-installation/) to make configuration changes as needed. -You can verify that the Broker is running by looking at the settings for your brokered integration in the Snyk Web UI to see a confirmation message that you are connected. You can start importing Projects once you are connected. +You can verify that the Broker is running by looking at the settings for your brokered integration in the Snyk Web UI to see a confirmation message that you are connected. You can start importing Projects after you are connected. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/azure-repos-prerequisites-and-steps-to-install-and-configure-broker/azure-repos-install-and-configure-using-docker.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/azure-repos-prerequisites-and-steps-to-install-and-configure-broker/azure-repos-install-and-configure-using-docker.md index 4a86bed5df0d..0e13d058c9a4 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/azure-repos-prerequisites-and-steps-to-install-and-configure-broker/azure-repos-install-and-configure-using-docker.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/azure-repos-prerequisites-and-steps-to-install-and-configure-broker/azure-repos-install-and-configure-using-docker.md @@ -14,7 +14,7 @@ This integration is useful to ensure a secure connection with your on-premise or To use the Broker Client with [Azure](https://azure.microsoft.com/en-us/services/devops/), run `docker pull snyk/broker:azure-repos`. Refer to [Azure Repos - environment variables for Snyk Broker](azure-repos-environment-variables-for-snyk-broker.md) for definitions of the environment variables. -If necessary, go to the [Advanced configuration page](../advanced-configuration-for-snyk-broker-docker-installation/) and make any configuration changes needed, such as providing the CA (Certificate Authority) to the Broker Client configuration if the Azure Repos instance is using a private certificate, and setting up [proxy support](../advanced-configuration-for-snyk-broker-docker-installation/proxy-support-with-docker.md). +If necessary, navigate to the [Advanced configuration page](../advanced-configuration-for-snyk-broker-docker-installation/) and make any configuration changes needed, such as providing the CA (Certificate Authority) to the Broker Client configuration if the Azure Repos instance is using a private certificate, and setting up [proxy support](../advanced-configuration-for-snyk-broker-docker-installation/proxy-support-with-docker.md). ## Docker run command to set up a Broker Client for Azure Repos @@ -47,10 +47,10 @@ docker run --restart=always \ Paste the Broker Client configuration to start the Broker Client container. -Once the container is up, the Azure Repos Integrations page shows the connection to Azure Repos and you can `Add Projects.` +After the container is up, the Azure Repos Integrations page shows the connection to Azure Repos and you can `Add Projects.` ## Basic troubleshooting for Broker with Azure Repos * Run `docker logs ` to look for any errors, where `container id` is the Azure Repos Broker container ID. * Ensure relevant ports are exposed to Azure Repos. -* Make sure that file permissions for the local path to the `accept.json` file, as well as the `accept.json` file itself, are correct and accessible. +* Ensure that file permissions for the local path to the `accept.json` file, as well as the `accept.json` file itself, are correct and accessible. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/bitbucket-server-data-center-prerequisites-and-steps-to-install-and-configure-broker/bitbucket-server-data-center-environment-variables-for-snyk-broker-basic-auth.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/bitbucket-server-data-center-prerequisites-and-steps-to-install-and-configure-broker/bitbucket-server-data-center-environment-variables-for-snyk-broker-basic-auth.md index 4de4202c8f00..014df7976fb7 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/bitbucket-server-data-center-prerequisites-and-steps-to-install-and-configure-broker/bitbucket-server-data-center-environment-variables-for-snyk-broker-basic-auth.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/bitbucket-server-data-center-prerequisites-and-steps-to-install-and-configure-broker/bitbucket-server-data-center-environment-variables-for-snyk-broker-basic-auth.md @@ -8,10 +8,10 @@ The following environment variables are required to configure the Broker client: * `BITBUCKET_PASSWORD` - the Bitbucket Server password. You can use an API token in place of a password. * `BITBUCKET` - the hostname of your Bitbucket Server deployment, such as `your.bitbucket-server.domain.com`. * `BITBUCKET_API` - the API endpoint of your Bitbucket Server deployment. Should be `$BITBUCKET/rest/api/1.0`. -* `BROKER_CLIENT_URL` - the full URL of the Broker client as it will be accessible to your Bitbucket Server for webhooks, such as `http://broker.url.example:8000.`This URL is required to access features such as PR Fixes or PR Checks. +* `BROKER_CLIENT_URL` - the full URL of the Broker client as it is accessible to your Bitbucket Server for webhooks, such as `http://broker.url.example:8000.` This URL is required to access features such as PR Fixes or PR Checks. * This must have http:// and the port number. * To configure the client with HTTPS, [additional settings are required](../../../https-for-broker-client-with-docker.md). * `PORT` - the local port at which the Broker client accepts connections. Default is 8000. -* `ACCEPT_IAC` - by default, some file types used by Infrastructure-as-Code (IaC) are not enabled. To grant the Broker access to IaC files in your repository, such as Terraform for example, you can simply add an environment variable `ACCEPT_IAC` with any combination of `tf,yaml,yml,json,tpl`. +* `ACCEPT_IAC` - by default, some file types used by Infrastructure-as-Code (IaC) are not enabled. To grant the Broker access to IaC files in your repository, such as Terraform, add an environment variable `ACCEPT_IAC` with any combination of `tf,yaml,yml,json,tpl`. * `ACCEPT_CODE` - by default, Snyk Code will not load code snippets. To enable code snippets you can add an environment variable `ACCEPT_CODE=true`. * `ACCEPT_ESSENTIALS` - enable Snyk Essentials to identify your application assets, monitor them, and prioritize the risks. To enable Snyk Essentials, add the environment variable `ACCEPT_ESSENTIALS=true`. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/bitbucket-server-data-center-prerequisites-and-steps-to-install-and-configure-broker/bitbucket-server-data-center-environment-variables-for-snyk-broker-personal-access-token-pat.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/bitbucket-server-data-center-prerequisites-and-steps-to-install-and-configure-broker/bitbucket-server-data-center-environment-variables-for-snyk-broker-personal-access-token-pat.md index d1b7ef09058a..f569de5424b6 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/bitbucket-server-data-center-prerequisites-and-steps-to-install-and-configure-broker/bitbucket-server-data-center-environment-variables-for-snyk-broker-personal-access-token-pat.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/bitbucket-server-data-center-prerequisites-and-steps-to-install-and-configure-broker/bitbucket-server-data-center-environment-variables-for-snyk-broker-personal-access-token-pat.md @@ -7,10 +7,10 @@ The following environment variables are required to configure the Broker client: * `BITBUCKET_PAT` - the Bitbucket Server Personal Access Token. * `BITBUCKET` - the hostname of your Bitbucket Server deployment, such as `your.bitbucket-server.domain.com`. * `BITBUCKET_API` - the API endpoint of your Bitbucket Server deployment. Should be `$BITBUCKET/rest/api/1.0`. -* `BROKER_CLIENT_URL` - the full URL of the Broker client as it will be accessible to your Bitbucket Server for webhooks, such as `http://broker.url.example:8000.`This URL is required to access features such as PR Fixes or PR Checks. +* `BROKER_CLIENT_URL` - the full URL of the Broker client as it is accessible to your Bitbucket Server for webhooks, such as `http://broker.url.example:8000.` This URL is required to access features such as PR Fixes or PR Checks. * This must have http:// and the port number. * To configure the client with HTTPS, [additional settings are required](../../../https-for-broker-client-with-docker.md). * `PORT` - the local port at which the Broker client accepts connections. Default is 8000. -* `ACCEPT_IAC` - by default, some file types used by Infrastructure-as-Code (IaC) are not enabled. To grant the Broker access to IaC files in your repository, such as Terraform for example, you can simply add an environment variable `ACCEPT_IAC` with any combination of `tf,yaml,yml,json,tpl`. +* `ACCEPT_IAC` - by default, some file types used by Infrastructure-as-Code (IaC) are not enabled. To grant the Broker access to IaC files in your repository, such as Terraform, add an environment variable `ACCEPT_IAC` with any combination of `tf,yaml,yml,json,tpl`. * `ACCEPT_CODE` - by default, Snyk Code will not load code snippets. To enable code snippets you can add an environment variable `ACCEPT_CODE=true`. * `ACCEPT_ESSENTIALS` - enable Snyk Essentials to identify your application assets, monitor them, and prioritize the risks. To enable Snyk Essentials, add the environment variable `ACCEPT_ESSENTIALS=true`. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/github-enterprise-prerequisites-and-steps-to-install-and-configure-broker/github-enterprise-environment-variables-for-snyk-broker.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/github-enterprise-prerequisites-and-steps-to-install-and-configure-broker/github-enterprise-environment-variables-for-snyk-broker.md index f17c4f14f98d..24b66bb62567 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/github-enterprise-prerequisites-and-steps-to-install-and-configure-broker/github-enterprise-environment-variables-for-snyk-broker.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/github-enterprise-prerequisites-and-steps-to-install-and-configure-broker/github-enterprise-environment-variables-for-snyk-broker.md @@ -1,6 +1,6 @@ # GitHub Enterprise - environment variables for Snyk Broker -The following environment variables are required to configure the Broker Client: for GitHub Enterprise: +The following environment variables are required to configure the Broker Client for GitHub Enterprise: * `BROKER_TOKEN` - the Snyk Broker token, obtained from your Snyk Org settings view (app.snyk.io). * `GITHUB_TOKEN` - a personal access token with full `repo`, `read:org` and `admin:repo_hook` scopes. @@ -14,9 +14,9 @@ The following environment variables are required to configure the Broker Client: * For GitHub Enterprise Cloud without a custom domain, use `api.github.com`. * `GITHUB_GRAPHQL` - the `graphql` endpoint of your GitHub Enterprise deployment. Do not use `http` or `https`. * For self-hosted, should be `your.ghe.domain.com/api`. - * for GitHub Enterprise Cloud without a custom domain, use `api.github.com/graphql`. + * For GitHub Enterprise Cloud without a custom domain, use `api.github.com/graphql`. * `PORT` - the local port at which the Broker client accepts connections. Default is 8000. -* `BROKER_CLIENT_URL` - the full URL of the Broker client as it will be accessible to your GitHub Enterprise deployment webhooks, such as `http://broker.url.example:8000`. +* `BROKER_CLIENT_URL` - the full URL of the Broker client as it is accessible to your GitHub Enterprise deployment webhooks, such as `http://broker.url.example:8000`. * This must have `http://` and the port number. * To configure the client with HTTPS, [additional settings are required](../../../https-for-broker-client-with-docker.md). * `ACCEPT_IAC` - by default, some file types used by Infrastructure-as-Code (IaC) are not enabled. To grant the Broker access to IaC files in your repository, for example, Terraform files, you can add an environment variable `ACCEPT_IAC` with any combination of `tf,yaml,yml,json,tpl`. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/github-enterprise-prerequisites-and-steps-to-install-and-configure-broker/github-enterprise-install-and-configure-using-helm.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/github-enterprise-prerequisites-and-steps-to-install-and-configure-broker/github-enterprise-install-and-configure-using-helm.md index f29fdd375d18..9a05f0fe53e8 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/github-enterprise-prerequisites-and-steps-to-install-and-configure-broker/github-enterprise-install-and-configure-using-helm.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/github-enterprise-prerequisites-and-steps-to-install-and-configure-broker/github-enterprise-install-and-configure-using-helm.md @@ -35,4 +35,4 @@ helm install snyk-broker-chart snyk-broker/snyk-broker \ You can pass any environment variable of your choice in the Helm command. For details, see [Custom additional options for Broker Helm Chart](../advanced-configuration-for-helm-chart-installation/custom-additional-options-for-broker-helm-chart-installation.md). Follow the instructions for [Advanced configuration for Helm Chart installation](../advanced-configuration-for-helm-chart-installation/) to make configuration changes as needed. -You can verify that the Broker is running by looking at the settings for your brokered integration in the Snyk Web UI to see a confirmation message that you are connected. You can start importing Projects once you are connected. +You can verify that the Broker is running by looking at the settings for your brokered integration in the Snyk Web UI to see a confirmation message that you are connected. You can start importing Projects after you are connected. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/github-prerequisites-and-steps-to-install-and-configure-broker/github-environment-variables-for-snyk-broker.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/github-prerequisites-and-steps-to-install-and-configure-broker/github-environment-variables-for-snyk-broker.md index affe82c35336..8034fca80751 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/github-prerequisites-and-steps-to-install-and-configure-broker/github-environment-variables-for-snyk-broker.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/github-prerequisites-and-steps-to-install-and-configure-broker/github-environment-variables-for-snyk-broker.md @@ -5,7 +5,7 @@ The following environment variables are required to configure the Broker Client * `BROKER_TOKEN` - the Snyk Broker token, obtained from your Snyk Org settings view (app.snyk.io). * `GITHUB_TOKEN` - a personal access token with full `repo`, `read:org` and `admin:repo_hook` scopes. * `PORT` - the local port at which the Broker client accepts connections. Default is 8000. -* `BROKER_CLIENT_URL` - the full URL of the Broker client as it will be accessible to GitHub webhooks, such as `http://broker.url.example:8000.`This URL is required to access features such as PR Fixes or PR Checks. +* `BROKER_CLIENT_URL` - the full URL of the Broker client as it is accessible to GitHub webhooks, such as `http://broker.url.example:8000.` This URL is required to access features such as PR Fixes or PR Checks. * This must have http:// and the port number. * To configure the client with HTTPS, [additional settings are required](../../../https-for-broker-client-with-docker.md). * `ACCEPT_IAC` - by default, some file types used by Infrastructure-as-Code (IaC) are not enabled. To grant the Broker access to IaC files in your repository, for example, Terraform, you can add an environment variable `ACCEPT_IAC` with any combination of `tf,yaml,yml,json,tpl` diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/github-prerequisites-and-steps-to-install-and-configure-broker/github-install-and-configure-using-helm.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/github-prerequisites-and-steps-to-install-and-configure-broker/github-install-and-configure-using-helm.md index 79adef67866d..ec0584860103 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/github-prerequisites-and-steps-to-install-and-configure-broker/github-install-and-configure-using-helm.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/github-prerequisites-and-steps-to-install-and-configure-broker/github-install-and-configure-using-helm.md @@ -28,4 +28,4 @@ helm install snyk-broker-chart snyk-broker/snyk-broker \ You can pass any environment variable of your choice in the Helm command. For details, see [Custom additional options for Broker Helm Chart](../advanced-configuration-for-helm-chart-installation/custom-additional-options-for-broker-helm-chart-installation.md). Follow the instructions for [Advanced configuration for Helm Chart installation](../advanced-configuration-for-helm-chart-installation/) to make configuration changes as needed. -You can verify that the Broker is running by looking at the settings for your brokered integration in the Snyk Web UI to see a confirmation message that you are connected. You can start importing Projects once you are connected. +You can verify that the Broker is running by looking at the settings for your brokered integration in the Snyk Web UI to see a confirmation message that you are connected. You can start importing Projects after you are connected. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/gitlab-prerequisites-and-steps-to-install-and-configure-broker/gitlab-environment-variables-for-snyk-broker.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/gitlab-prerequisites-and-steps-to-install-and-configure-broker/gitlab-environment-variables-for-snyk-broker.md index 36046f62934c..c63106f84e15 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/gitlab-prerequisites-and-steps-to-install-and-configure-broker/gitlab-environment-variables-for-snyk-broker.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/gitlab-prerequisites-and-steps-to-install-and-configure-broker/gitlab-environment-variables-for-snyk-broker.md @@ -7,9 +7,9 @@ The following environment variables are required to configure the Broker Client * `BROKER_SERVER_URL` - the URL of the Broker server for the region in which your data is hosted. For the commands and URLs to use, see [Broker URLs](https://app.gitbook.com/s/ELvljsaLKPkSpffOkmsQ/regional-hosting-and-data-residency#broker-server-urls). * `GITLAB` - the hostname of your GitLab deployment, such as `your.gitlab.domain.com` or `GitLab.com`. * `PORT` - the local port at which the Broker Client accepts connections. Default is 8000. -* `BROKER_CLIENT_URL` - the full URL of the Broker Client as needed to be reachable by either GitLab.com or on-prem GitLab deployment in order to establish webhook connectivity. This must be a full URL like `http://broker.url.example:8000`. +* `BROKER_CLIENT_URL` - the full URL of the Broker Client as needed to be reachable by either GitLab.com or on-prem GitLab deployment to establish webhook connectivity. This must be a full URL like `http://broker.url.example:8000`. * This must have http:// and the port number. * To configure the client with HTTPS, [additional settings are required](../../../https-for-broker-client-with-docker.md). -* `ACCEPT_IAC` - by default, some file types used by Infrastructure-as-Code (IaC) are not enabled. To grant the Broker access to IaC files in your repository, such as Terraform for example, you can simply add an environment variable `ACCEPT_IAC` with any combination of `tf,yaml,yml,json,tpl`. -* `ACCEPT_CODE` - by default, Snyk Code will not load code snippets. To enable code snippets you can simply add an environment variable `ACCEPT_CODE=true`. +* `ACCEPT_IAC` - by default, some file types used by Infrastructure as Code (IaC) are not enabled. To grant the Broker access to IaC files in your repository, such as Terraform, add an environment variable `ACCEPT_IAC` with any combination of `tf,yaml,yml,json,tpl`. +* `ACCEPT_CODE` - by default, Snyk Code does not load code snippets. To enable code snippets, add an environment variable `ACCEPT_CODE=true`. * `ACCEPT_ESSENTIALS` - Enable Snyk Essentials to identify your application assets, monitor them, and prioritize the risks. You can enable it by adding an environment variable `ACCEPT_ESSENTIALS=true`. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/gitlab-prerequisites-and-steps-to-install-and-configure-broker/gitlab-install-and-configure-using-docker.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/gitlab-prerequisites-and-steps-to-install-and-configure-broker/gitlab-install-and-configure-using-docker.md index 279dcf007321..c93ce931ad58 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/gitlab-prerequisites-and-steps-to-install-and-configure-broker/gitlab-install-and-configure-using-docker.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/gitlab-prerequisites-and-steps-to-install-and-configure-broker/gitlab-install-and-configure-using-docker.md @@ -8,7 +8,7 @@ This integration is useful to ensure a secure connection with your on-premise or To use the Broker client with GitLab.com or an on-prem GitLab deployment, run `docker pull snyk/broker:gitlab`. Refer to [GitLab - environment variables for Snyk Broker](gitlab-environment-variables-for-snyk-broker.md) for definitions of the environment variables. -If necessary, go to the [Advanced configuration page](../advanced-configuration-for-snyk-broker-docker-installation/) and make any configuration changes needed, such as providing the CA (Certificate Authority to the Broker Client configuration if the GitLab instance is using a private certificate, or setting up [proxy support](../advanced-configuration-for-snyk-broker-docker-installation/proxy-support-with-docker.md). +If necessary, navigate to the [Advanced configuration page](../advanced-configuration-for-snyk-broker-docker-installation/) and make any configuration changes needed, such as providing the CA (Certificate Authority) to the Broker Client configuration if the GitLab instance is using a private certificate, or setting up [proxy support](../advanced-configuration-for-snyk-broker-docker-installation/proxy-support-with-docker.md). ## Docker run command to set up a Broker Client for GitLab @@ -34,7 +34,7 @@ docker run --restart=always \ snyk/broker:gitlab ``` -Use the environment variable `REMOVE_X_FORWARDED_HEADERS=true` to remove the `XFF` headers from the requests made by the Broker client to GitLab. This allows the Broker to work properly. +Use the environment variable `REMOVE_X_FORWARDED_HEADERS=true` to remove the `XFF` headers from the requests made by the Broker client to GitLab. This lets the Broker work properly. Snyk Essentials is set by default to `false`. Enable it by setting the flag to `true`. @@ -42,7 +42,7 @@ Snyk Essentials is set by default to `false`. Enable it by setting the flag to ` Paste the Broker Client configuration to start the Broker Client container. -Once the container is up, the GitLab Integrations page shows the connection to GitLab, and you can `Add Projects`. +After the container is up, the GitLab Integrations page shows the connection to GitLab, and you can `Add Projects`. ## Basic troubleshooting for Broker with GitLab diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/gitlab-prerequisites-and-steps-to-install-and-configure-broker/gitlab-install-and-configure-using-helm.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/gitlab-prerequisites-and-steps-to-install-and-configure-broker/gitlab-install-and-configure-using-helm.md index b060cd7fb9c9..cdb4950d10a7 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/gitlab-prerequisites-and-steps-to-install-and-configure-broker/gitlab-install-and-configure-using-helm.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/gitlab-prerequisites-and-steps-to-install-and-configure-broker/gitlab-install-and-configure-using-helm.md @@ -14,7 +14,7 @@ For the `gitlab` value, do not include `https://.` `ACCEPT_CODE` is [set to true by default](https://github.com/snyk/snyk-broker-helm/blob/465d4ef279755fa5c9507975a88348bab04c2264/charts/snyk-broker/templates/broker_deployment.yaml#L383) in the chart, as is [ACCEPT\_IAC](https://github.com/snyk/snyk-broker-helm/blob/465d4ef279755fa5c9507975a88348bab04c2264/charts/snyk-broker/templates/broker_deployment.yaml#L386C23-L386C43). You can disable them if needed using `disableAutoAcceptRules=true`, but otherwise, these are enabled. -Use the environment variable `REMOVE_X_FORWARDED_HEADERS=true` to remove the `XFF` headers from the requests made by the Broker client to GitLab. This allows the Broker to work properly. +Use the environment variable `REMOVE_X_FORWARDED_HEADERS=true` to remove the `XFF` headers from the requests made by the Broker client to GitLab. This lets the Broker work properly. Snyk Essentials is set by default to `false`. Enable it by setting the flag to `true`. @@ -37,4 +37,4 @@ helm install snyk-broker-chart snyk-broker/snyk-broker \ You can pass any environment variable of your choice in the Helm command. For details, see [Custom additional options for Broker Helm Chart](../advanced-configuration-for-helm-chart-installation/custom-additional-options-for-broker-helm-chart-installation.md). Follow the instructions for [Advanced configuration for Helm Chart installation](../advanced-configuration-for-helm-chart-installation/) to make configuration changes as needed. -You can verify that the Broker is running by looking at the settings for your brokered integration in the Snyk Web UI to see a confirmation message that you are connected. You can start importing Projects once you are connected. +You can verify that the Broker is running by looking at the settings for your brokered integration in the Snyk Web UI to see a confirmation message that you are connected. You can start importing Projects after you are connected. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/jira-prerequisites-and-steps-to-install-and-configure-broker/jira-environment-variables-for-snyk-broker.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/jira-prerequisites-and-steps-to-install-and-configure-broker/jira-environment-variables-for-snyk-broker.md index f8edc4bbe581..cfb10fd3f5d8 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/jira-prerequisites-and-steps-to-install-and-configure-broker/jira-environment-variables-for-snyk-broker.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/jira-prerequisites-and-steps-to-install-and-configure-broker/jira-environment-variables-for-snyk-broker.md @@ -7,7 +7,7 @@ The following environment variables are needed to configure the Broker Client fo * `JIRA_USERNAME` - the Jira username. * `JIRA_PASSWORD` - the Jira password. * `JIRA_HOSTNAME` - the hostname of your Jira deployment, such as `your.jira.domain.com`. -* `BROKER_CLIENT_URL` - the full URL of the Broker client as it will be accessible by your Jira for webhooks, such as `http://my.broker.client:8000` +* `BROKER_CLIENT_URL` - the full URL of the Broker client as it is accessible by your Jira for webhooks, such as `http://my.broker.client:8000` * This must have http:// and the port number. * To configure the client with HTTPS, [additional settings are required](../../../https-for-broker-client-with-docker.md). * `PORT` - the local port at which the Broker client accepts connections. Default is 8000. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/jira-prerequisites-and-steps-to-install-and-configure-broker/jira-install-and-configure-using-docker.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/jira-prerequisites-and-steps-to-install-and-configure-broker/jira-install-and-configure-using-docker.md index 7586ab98e334..8e5f6759c76c 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/jira-prerequisites-and-steps-to-install-and-configure-broker/jira-install-and-configure-using-docker.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/jira-prerequisites-and-steps-to-install-and-configure-broker/jira-install-and-configure-using-docker.md @@ -36,7 +36,7 @@ If necessary, navigate to [Advanced configuration for Snyk Broker Docker install When SSO is enabled, JIRA usually prohibits the use of a username and password and requires the use of a personal access token (PAT). -When SSO is enabled, you must use a specific Jira version that will instead use the authorization header with the bearer token. To use this version, provide the following configuration: +When SSO is enabled, you must use a specific Jira version that instead uses the authorization header with the bearer token. To use this version, provide the following configuration: ``` docker run --restart=always \ @@ -53,9 +53,9 @@ docker run --restart=always \ Paste the Broker Client configuration to start the Broker Client container. -After the container is set up, and the Jira Integrations page shows the connection to Jira, under Projects, you can create Jira tickets +After the container is set up, and the Jira Integrations page shows the connection to Jira, under Projects, you can create Jira tickets. -## **Basic troubleshooting for Broker with Jira** +## Basic troubleshooting for Broker with Jira * Run `docker logs ` to look for any errors, where `container id` is the Jira Broker container ID. * Ensure relevant ports are exposed to Jira. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/jira-prerequisites-and-steps-to-install-and-configure-broker/jira-install-and-configure-using-helm.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/jira-prerequisites-and-steps-to-install-and-configure-broker/jira-install-and-configure-using-helm.md index 7aa257e510d2..3a40bbb73d6a 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/jira-prerequisites-and-steps-to-install-and-configure-broker/jira-install-and-configure-using-helm.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/jira-prerequisites-and-steps-to-install-and-configure-broker/jira-install-and-configure-using-helm.md @@ -37,7 +37,7 @@ You can verify that the Broker is running by looking at the settings for your br When SSO is enabled, JIRA usually prohibits the use of a username and password and requires the use of a personal access token (PAT). -When SSO is enabled, you must use a specific Jira version that will instead use the authorization header with the bearer token. To use this version, provide the following configuration: +When SSO is enabled, you must use a specific Jira version that instead uses the authorization header with the bearer token. To use this version, provide the following configuration: ``` helm install snyk-broker-chart snyk-broker/snyk-broker \ diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/nexus-repository-prerequisites-and-steps-to-install-and-configure-broker/README.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/nexus-repository-prerequisites-and-steps-to-install-and-configure-broker/README.md index 1b131b0f71d6..5cbe9defeb83 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/nexus-repository-prerequisites-and-steps-to-install-and-configure-broker/README.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/nexus-repository-prerequisites-and-steps-to-install-and-configure-broker/README.md @@ -17,7 +17,7 @@ For convenience, instructions to obtain or generate the Broker token follow. Whe ## Obtain Broker token for Nexus integration -1. Go to **Settings** > **Integrations** > **Package Repositories** > **Nexus** +1. Navigate to **Settings** > **Integrations** > **Package Repositories** > **Nexus**. 2. Verify that you see the screen to configure Nexus.
Configure Nexus

Configure Nexus

diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/nexus-repository-prerequisites-and-steps-to-install-and-configure-broker/nexus-repository-environment-variables-for-snyk-broker.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/nexus-repository-prerequisites-and-steps-to-install-and-configure-broker/nexus-repository-environment-variables-for-snyk-broker.md index bb1fc9c5b701..f51f7d2d8f9e 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/nexus-repository-prerequisites-and-steps-to-install-and-configure-broker/nexus-repository-environment-variables-for-snyk-broker.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/nexus-repository-prerequisites-and-steps-to-install-and-configure-broker/nexus-repository-environment-variables-for-snyk-broker.md @@ -58,7 +58,7 @@ Complex example: `https://alice:mypassword@acme.com: 8000` The URL that points to the base of your repositories within Nexus. By default, the broker assumes `BASE_NEXUS_URL`/nexus/content/ as the value. `RES_BODY_URL_SUB`\ -The URL of the Nexus instance, including `https://` and `/nexus/content` without basic auth credentials. Required for npm and Yarn integrations only**.** Must not end with a forward slash. +The URL of the Nexus instance, including `https://` and `/nexus/content` without basic auth credentials. Required for npm and Yarn integrations only. Must not end with a forward slash. Examples:\ `https://acme.com/nexus/content/groups`\ diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/nexus-repository-prerequisites-and-steps-to-install-and-configure-broker/nexus-repository-install-and-configure-using-docker.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/nexus-repository-prerequisites-and-steps-to-install-and-configure-broker/nexus-repository-install-and-configure-using-docker.md index 01c64032eb5e..26ef85409434 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/nexus-repository-prerequisites-and-steps-to-install-and-configure-broker/nexus-repository-install-and-configure-using-docker.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/nexus-repository-prerequisites-and-steps-to-install-and-configure-broker/nexus-repository-install-and-configure-using-docker.md @@ -54,7 +54,7 @@ docker run --restart=always \ snyk/broker:nexus2 ``` -You can find your `BASE_NEXUS_URL` by visiting the Nexus UI and navigating to the server tab under **Administration**, then selecting the **Base URL** entry without a trailing slash. This will typically end with `/nexus`, but may vary with non-default deployments. If you have a custom base URL then you must also set the `NEXUS_URL` environment variable to point to the URL where your repositories live. By default this is configured as `/nexus/content` but should follow a similar format to your base URL. +You can find your `BASE_NEXUS_URL` by visiting the Nexus UI and navigating to the server tab under **Administration**, then selecting the **Base URL** entry without a trailing slash. This typically ends with `/nexus`, but may vary with non-default deployments. If you have a custom base URL then you must also set the `NEXUS_URL` environment variable to point to the URL where your repositories live. By default this is configured as `/nexus/content` but should follow a similar format to your base URL. ## Start the Broker Client container and verify the connection with Nexus Repository Manager diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/nexus-repository-prerequisites-and-steps-to-install-and-configure-broker/nexus-repository-install-and-configure-using-helm.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/nexus-repository-prerequisites-and-steps-to-install-and-configure-broker/nexus-repository-install-and-configure-using-helm.md index 958e9b1d71bc..76170c9b4ccd 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/nexus-repository-prerequisites-and-steps-to-install-and-configure-broker/nexus-repository-install-and-configure-using-helm.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/nexus-repository-prerequisites-and-steps-to-install-and-configure-broker/nexus-repository-install-and-configure-using-helm.md @@ -38,7 +38,7 @@ helm install snyk-broker-chart snyk-broker/snyk-broker \ You can pass any environment variable of your choice in the Helm command. For details, see [Custom additional options for Broker Helm Chart](../advanced-configuration-for-helm-chart-installation/custom-additional-options-for-broker-helm-chart-installation.md). Follow the instructions for [Advanced configuration for Helm Chart installation](../advanced-configuration-for-helm-chart-installation/) to make configuration changes as needed. -You can verify that the Broker is running by looking at the settings for your brokered integration in the Snyk Web UI to see a confirmation message that you are connected. You can start importing Projects once you are connected. +You can verify that the Broker is running by looking at the settings for your brokered integration in the Snyk Web UI to see a confirmation message that you are connected. You can start importing Projects after you are connected. ## Nexus 2 Helm installation @@ -65,4 +65,4 @@ helm install snyk-broker-chart snyk-broker/snyk-broker \ You can pass any environment variable of your choice in the Helm command. For details, see [Custom additional options for Broker Helm Chart](../advanced-configuration-for-helm-chart-installation/custom-additional-options-for-broker-helm-chart-installation.md). Follow the instructions for [Advanced configuration for Helm Chart installation](../advanced-configuration-for-helm-chart-installation/) to make configuration changes as needed. -You can verify that the Broker is running by looking at the settings for your brokered integration in the Snyk Web UI to see a confirmation message that you are connected. You can start importing Projects once you are connected. +You can verify that the Broker is running by looking at the settings for your brokered integration in the Snyk Web UI to see a confirmation message that you are connected. You can start importing Projects after you are connected. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/prepare-snyk-broker-for-deployment/README.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/prepare-snyk-broker-for-deployment/README.md index 2d243d873bfd..0a96d7ca9e6b 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/prepare-snyk-broker-for-deployment/README.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/classic-broker/prepare-snyk-broker-for-deployment/README.md @@ -44,7 +44,7 @@ Consider the following to understand what the required components are for your d * See [Snyk Broker - Infrastructure as Code detection](../snyk-broker-infrastructure-as-code-detection.md). * Are you planning to detect Snyk Code vulnerabilities? See [Clone an integration across your Snyk Organizatons](../clone-an-integration-across-your-snyk-organizations.md). * Are you planning to connect to a Container Registry? - * You will need to deploy an additional agent with the Broker, the Snyk Broker Container Registry Agent. + * You must deploy an additional agent with the Broker, the Snyk Broker Container Registry Agent. * See [Snyk Broker Container Registry agent](../../snyk-broker-container-registry-agent/). Every integration has a specific Broker token assigned to it. An integration to analyze Snyk Code vulnerabilities and connect to a Container Registry has the following: diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/high-availability-mode.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/high-availability-mode.md index 886811e909fa..8b8d32dc5017 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/high-availability-mode.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/high-availability-mode.md @@ -1,16 +1,16 @@ # High availability mode -High availability mode allows you to run several Broker clients that work independently to one another. The Snyk platform will spread the requests it makes evenly across the connections to ease the load on each client and provide redundancy. High availability mode also avoids downtime during Snyk server upgrade events. +High availability mode lets you run several Broker clients that work independently of one another. The Snyk platform spreads the requests it makes evenly across the connections to ease the load on each client and provide redundancy. High availability mode also avoids downtime during Snyk server upgrade events.
Operation of multiple Broker clients in high availability

Operation of multiple Broker clients in high availability

For high availability mode, use Docker Compose to run multiple replicas (see [Docker Compose example](universal-broker/running-your-universal-broker-client.md#docker-compose-example)) or by increasing the replica count in your Kubernetes deployment. Each container must have the exact same configuration parameters. -A maximum of four Broker Clients can run concurrently in high availability mode. Running a fifth Broker Client will attempt to connect indefinitely. +A maximum of four Broker Clients can run concurrently in high availability mode. A fifth Broker Client attempts to connect indefinitely. ## **Important notes about settings** -The Dispatcher Base URL should be specific to your region if you are using a regional Snyk platform, for example, api.eu.snyk.io. See [Regional hosting and data residency](https://app.gitbook.com/s/ELvljsaLKPkSpffOkmsQ/regional-hosting-and-data-residency) for details. +The Dispatcher Base URL must be specific to your region if you are using a regional Snyk platform, for example, api.eu.snyk.io. See [Regional hosting and data residency](https://app.gitbook.com/s/ELvljsaLKPkSpffOkmsQ/regional-hosting-and-data-residency) for details. If you are using app.snyk.io, the following is not required. It is applicable only to regional Snyk platforms. @@ -18,7 +18,7 @@ If you are using app.snyk.io, the following is not required. It is applicable on BROKER_DISPATCHER_BASE_URL=https://api.snyk.io ``` -Outbound connection to api.snyk.io or the corresponding api hostname must be allowed. Otherwise, preflight checks will indicate failure upon Broker client startup. +Outbound connection to api.snyk.io or the corresponding api hostname must be allowed. Otherwise, preflight checks indicate failure upon Broker client startup. The `BROKER_CLIENT_URL` value must remain the same across all the Broker clients in the high availability set. The same `BROKER_TOKEN` must also be used.\ It is acceptable for this URL to resolve to a particular client. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/preflight-checks-for-snyk-broker.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/preflight-checks-for-snyk-broker.md index 807984740618..594c5ba54e89 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/preflight-checks-for-snyk-broker.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/preflight-checks-for-snyk-broker.md @@ -10,7 +10,7 @@ If it is not specified, BROKER\_SERVER\_URL is [https://broker.snyk.io](https:// ## `rest-api-status` -The REST API Healthcheck validates the connectivity to the Snyk REST API by performing a GET request to `{API_BASE_URL}/rest/openapi`. This check is conditional and will be executed only if high availability mode is enabled. +The REST API Healthcheck validates the connectivity to the Snyk REST API by performing a GET request to `{API_BASE_URL}/rest/openapi`. This check is conditional and runs only if high availability mode is enabled. If it is not specified, the `API_BASE_URL` is [https://api.snyk.io](https://api.snyk.io/). For additional URLs, see [Regional hosting and data residency](https://app.gitbook.com/s/ELvljsaLKPkSpffOkmsQ/regional-hosting-and-data-residency). @@ -23,5 +23,5 @@ If you are using TLS termination and you do not require a certificate+key in the There is no default. {% hint style="info" %} -You can use the environment variable PREFLIGHT\_CHECKS\_ENABLED=false to disable the Preflight Checks feature, so no checks will be executed when the Broker Client starts. +You can use the environment variable PREFLIGHT\_CHECKS\_ENABLED=false to disable the Preflight Checks feature, so no checks run when the Broker Client starts. {% endhint %} diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/snyk-broker-commit-signing.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/snyk-broker-commit-signing.md index 26a2a1456eb7..ddf3d18627ba 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/snyk-broker-commit-signing.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/snyk-broker-commit-signing.md @@ -18,8 +18,8 @@ As of version v4.151.0, the Snyk Broker Client supports commit signing for GitHu 1. To use commit signing, provide the following environment variables for the Broker Client: * `GPG_PRIVATE_KEY`: GPG private key exported as an ASCII armored version. Note that the value must start with `-----BEGIN PGP PRIVATE KEY BLOCK-----` and end with `-----END PGP PRIVATE KEY BLOCK-----`. * `GPG_PASSPHRASE`: Passphrase of the GPG private key. - * `GIT_COMMITTER_NAME`: will be used to set a committer name. - * `GIT_COMMITTER_EMAIL`: will be used to set a committer email. + * `GIT_COMMITTER_NAME`: sets a committer name. + * `GIT_COMMITTER_EMAIL`: sets a committer email. 2. Enable **Broker Client Commit Signing** in the Broker settings. ## Troubleshooting commit signing @@ -27,4 +27,4 @@ As of version v4.151.0, the Snyk Broker Client supports commit signing for GitHu If commits are shown as `Unverified` in GitHub, you must do the following: * Verify that the GPG public key is imported to the correct GitHub user and that the email address is the same in GitHub as in the environment variables. -* To ensure that the commit signing feature has been activated for the Broker Client in the Snyk Organization, check the logs and verify that the following message appears when the Broker Client starts up: ​​`loading commit signing rules (enabled=true, rulesCount=5)` +* To ensure that the commit signing feature is activated for the Broker Client in the Snyk Organization, check the logs and verify that the following message appears when the Broker Client starts up: ​​`loading commit signing rules (enabled=true, rulesCount=5)` diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/snyk-broker-container-registry-agent/README.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/snyk-broker-container-registry-agent/README.md index 136cec871ffd..251309e08046 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/snyk-broker-container-registry-agent/README.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/snyk-broker-container-registry-agent/README.md @@ -6,9 +6,9 @@ Snyk Broker Container Registry Agent is available only with Enterprise plans. For more information, see [plans and pricing](https://snyk.io/plans/). {% endhint %} -The Snyk Broker Container Registry Agent enables you to connect with network-restricted container registries so you can scan these registries using the Snyk service. +The Snyk Broker Container Registry Agent lets you connect with network-restricted container registries so you can scan these registries using the Snyk service. -When you use the Container Registry Agent, Snyk can integrate with private container registries that you host, and help you to better secure container images in those registries. Integration with private container registries allows you to: +When you use the Container Registry Agent, Snyk can integrate with private container registries that you host, and help you to better secure container images in those registries. Integration with private container registries lets you: * Keep sensitive data such as your access tokens inside your private network, never sharing that information with Snyk. * Provide controlled access to the network for Snyk, limiting Snyk access and the actions that Snyk can perform. @@ -79,12 +79,12 @@ With the listed configuration of 1 vCPU and 2GB RAM, scanning capacity would be ### Configuring and running the Container Registry Agent -Snyk recommends deploying the Container Registry Agent first as both Universal and Classic Broker requires configuration input from that deployment, namely the Container Registry Agent URL. You can pull the Container Registry Agent image from Docker Hub using the link provided in the [prerequisites](./#prerequisites-for-container-registry-agent). +Snyk recommends deploying the Container Registry Agent first, as both Universal and Classic Broker require configuration input from that deployment, namely the Container Registry Agent URL. You can pull the Container Registry Agent image from Docker Hub using the link provided in the [prerequisites](./#prerequisites-for-container-registry-agent). To configure the Container Registry Agent, the following environment variables are available: * `SNYK_PORT` - the local port at which the Container Registry Agent accepts connections (default value: 17500). -* `SNYK_MAX_IMAGE_SIZE_IN_BYTES` - the maximum size of an image that Snyk is able to scan (optional, default value: 2147483648). +* `SNYK_MAX_IMAGE_SIZE_IN_BYTES` - the maximum size of an image that Snyk can scan (optional, default value: 2147483648). Run the Container Registry Agent container with the relevant configuration: @@ -161,7 +161,7 @@ The following container registries require specific environment variables, setup ### **GCR and Google Artifact Registry** -All the preceding information applies to setting up the Broker Client for these container registries. The `CR_USERNAME` value is permanent and should be `_json_key`, and the `CR_PASSWORD` value should be the JSON key used to authenticate to Google. +All the preceding information applies to setting up the Broker Client for these container registries. The `CR_USERNAME` value is permanent and must be `_json_key`, and the `CR_PASSWORD` value must be the JSON key used to authenticate to Google. ### **JFrog Container Registry (Artifactory)** diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/snyk-broker-container-registry-agent/setting-up-the-container-registry-agent-for-a-brokered-ecr-integration.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/snyk-broker-container-registry-agent/setting-up-the-container-registry-agent-for-a-brokered-ecr-integration.md index 4c0954def6b6..352905216478 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/snyk-broker-container-registry-agent/setting-up-the-container-registry-agent-for-a-brokered-ecr-integration.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/snyk-broker-container-registry-agent/setting-up-the-container-registry-agent-for-a-brokered-ecr-integration.md @@ -6,7 +6,7 @@ In Elastic Container Registries the brokered communication is the same as in oth The Container Registry Agent IAM Role or IAM User is an IAM Role or IAM User is used by the Container Registry Agent to assume a role with access to ECR. -The Snyk ECR Service Role is an IAM Role with access to ECR and assumed by the Container Registry Agent IAM Role or IAM User to gain read-only access to ECR. The Snyk ECR Service Role ARN is provided to the Broker Client together with the region the ECR runs in, and is passed to the Container Registry Agent that will assume it. +The Snyk ECR Service Role is an IAM Role with access to ECR and assumed by the Container Registry Agent IAM Role or IAM User to gain read-only access to ECR. The Snyk ECR Service Role ARN is provided to the Broker Client together with the region the ECR runs in, and is passed to the Container Registry Agent that assumes it. If there are multiple ECRs in multiple accounts that need to communicate with the Container Registry Agent, you must set up a Broker Client for each ECR. @@ -25,7 +25,7 @@ Follow these steps to set up a single Container Registry Agent instance with acc ## **Step 1: Run the Container Registry Agent with a IAM User or IAM Role** -In this step, create an IAM Role or an IAM User for use by the Container Registry Agent. The IAM Role or IAM User could be provided to the Container Registry Agent via the methods described in the [AWS docs](https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/setting-credentials-node.html). +In this step, create an IAM Role or an IAM User for use by the Container Registry Agent. The IAM Role or IAM User could be provided to the Container Registry Agent using the methods described in the [AWS docs](https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/setting-credentials-node.html). The following examples explain how to provide the IAM Role or IAM User using one of the following methods. You can also provide a dedicated role in Amazon ECS tasks. For more information, see the [AWS docs](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html). @@ -51,7 +51,7 @@ The following examples explain how to provide the IAM Role or IAM User using one 1. In the newly created role page, in the **Permissions** tab, create an **Inline policy**. 2. In **Service** choose **STS**. 3. In **Actions** choose **Write** > **AssumeRole**. -4. In **Resources** choose **All resources** (you will harden the resources in a later step). +4. In **Resources** choose **All resources** (you harden the resources in a later step). 5. In the **JSON** tab verify that the policy contains the following: ``` @@ -90,7 +90,7 @@ When you are running the Container Registry Agent image on the EC2 machine, the 4. Select **Programmatic access** as the **Access type**. 5. Choose to go next with permission and tags. 6. Review and create the user. -7. Once the user is created, save its credentials (Access Key ID and Secret Access Key) for later use. +7. After the user is created, save its credentials (Access Key ID and Secret Access Key) for later use. 8. From the user's **Summary** page, copy the **User ARN** for later use.\ Example: `arn:aws:iam::aws-account:user` or `SnykCraUser` @@ -98,8 +98,8 @@ When you are running the Container Registry Agent image on the EC2 machine, the 1. In the newly created user page, in the **Permissions** tab create an **Inline policy**. 2. In **Service** choose **STS**. -3. In **Actions** choose **Write** >**AssumeRole**. -4. In **Resources** choose **All resources** (you will harden the resources in a later step). +3. In **Actions** choose **Write** > **AssumeRole**. +4. In **Resources** choose **All resources** (you harden the resources in a later step). 5. In the **JSON** tab verify that the policy contains the following statement: ``` @@ -127,7 +127,7 @@ When you are running the Container Registry Agent image, the credentials could b ## Step 2: Create Snyk ECR Service Role and enable cross-account access to ECR -In this step, you will create a Role in the account in which your ECR repositories reside. This Role will allow read-only access to your repositories and could be assumed by the Role created in the previous step. +In this step, you create a Role in the account in which your ECR repositories reside. This Role allows read-only access to your repositories and could be assumed by the Role created in the previous step. ### **1. Create a read-only ECR policy to be used by the Snyk ECR Service Role** @@ -209,7 +209,7 @@ This step hardens the usability of the Snyk ECR Service Role so that it can be a * In **Statement.Principal.AWS** enter the IAM Role or IAM User created in the Step 1 .\ Example: `arn:aws:iam::aws-account:user` or `SnykCraEc2Role`\ OR `arn:aws:iam::aws-account:role` or `SnykCraUser`, respectively - * In **Condition.StringEquals.sts:ExternalId** you may use an external ID of your choice, which will be used when the credentials object is provided to the Broker Client. + * In **Condition.StringEquals.sts:ExternalId** you can use an external ID of your choice, which is used when the credentials object is provided to the Broker Client. * To support multiple external IDs, enter a list of IDs in a square brackets.\ Example: `sts:ExternalId: [ 11111111-1111-1111-1111-111111111111, 22222222-2222-2222-2222-222222222222 ]` 5. Update the trust policy. @@ -253,7 +253,7 @@ If the Container Registry Agent needs to access multiple ECR registries found in ## **Step 4: Provide** Snyk ECR Service Role **ARN and external ID to the Broker Client** -In this step, the Role ARN of the SnykEcrServiceRole \_\*\*\_will be used by providing it to the Broker Client. The broker client will pass it to the Container Registry Agent, which will assume it to connect to ECR. +In this step, you use the Role ARN of the SnykEcrServiceRole \_\*\*\_by providing it to the Broker Client. The Broker Client passes it to the Container Registry Agent, which assumes it to connect to ECR. 1. Copy the **Role ARN** key that appears at the top of the **Summary** section of the[ SnykEcrServiceRole](https://console.aws.amazon.com/iam/home?#/roles/SnykEcrServiceRole). 2. When running the Broker Client, provide the following environment variables to allow the Container Registry Agent to access your ECR account. No username and password are needed. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/troubleshooting-broker.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/troubleshooting-broker.md index 8893e783c9c6..651c5259996b 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/troubleshooting-broker.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/troubleshooting-broker.md @@ -25,7 +25,7 @@ By default, the log level of the Broker is set to INFO. All SCM responses, regar To keep the logs concise in normal operation, Snyk produces minimal information on the INFO level, tracking the requests coming from Snyk into the client as well as the downstream request made to the targeted system, Github, Gitlab, JIRA, and so on, and logging the url hit and the response code received.\\ -When you set `LOG_INFO_VERBOSE="true"`, the environment variable will add the headers in these log lines without requiring that you use debug. +When you set `LOG_INFO_VERBOSE="true"`, the environment variable adds the headers in these log lines without requiring that you use debug. {% hint style="warning" %} If you override the default logging, some logs may be provided by other processes such as API requests, and may list credentials. Before you send any Broker logs with increased logging enabled, check for any passwords or tokens and redact them in bulk. @@ -49,7 +49,7 @@ ENV BROKER_HEALTHCHECK_PATH /path/to/healthcheck The Broker Client exposes an endpoint at `/systemcheck`, which can be used to validate the connectivity and credentials of the brokered service, Git or another SCM, or the brokered container registry . This endpoint causes the Broker Client to make a request to a preconfigured URL and report on the success of the request. The supported configuration is: -* `BROKER_CLIENT_VALIDATION_URL` - the URL to which the request will be made. +* `BROKER_CLIENT_VALIDATION_URL` - the URL to which the request is made. * `BROKER_CLIENT_VALIDATION_AUTHORIZATION_HEADER` - \[optional] the `Authorization` header value of the request. Mutually exclusive with `BROKER_CLIENT_VALIDATION_BASIC_AUTH`. * `BROKER_CLIENT_VALIDATION_BASIC_AUTH` - \[optional] the basic auth credentials (`username:password`) to be base64 encoded and placed in the `Authorization` header value of the request. Mutually exclusive with `BROKER_CLIENT_VALIDATION_AUTHORIZATION_HEADER`. * `BROKER_CLIENT_VALIDATION_METHOD` - \[optional] the HTTP method of the request (default is `GET`). @@ -83,7 +83,7 @@ If after running the Broker there is still an error connecting to the on-premise ### Common problems with Standalone Broker -* If there is no log after performing the preceding steps, ensure that the customer has the correct Broker token. If so, ensure that the websocket has been established. Some firewalls will block this +* If there is no log after performing the preceding steps, ensure that the customer has the correct Broker token. If so, ensure that the websocket is established. Some firewalls block this * Review the HTTP code in the request to the on-premise Git. * 404 - Not found - Ensure correct information in the Docker run command. * 401/403 - Check credentials. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/broker-client-url.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/broker-client-url.md index 3059ad64b18c..69d1c86bbfbe 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/broker-client-url.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/broker-client-url.md @@ -1,16 +1,16 @@ # Broker client URL -A webhook from an SCM to Snyk allows the SCM integration to communicate with Snyk. When code is updated, whether the update is to an open-source manifest file or to code files, and the developer creates a pull request, the SCM notifies Snyk through the webhook. +A webhook from an SCM to Snyk lets the SCM integration communicate with Snyk. When code is updated, whether the update is to an open-source manifest file or to code files, and the developer creates a pull request, the SCM notifies Snyk through the webhook. -The webhook can be set to reach out to Snyk directly to indicate that files have changed, and Snyk will request the files through Broker. The SCM then sends those files to Snyk, and Snyk scans for code, security, and license issues based on your integrations and the products you have, and returns a pass/fail determination for the SCM check. +The webhook can be set to reach out to Snyk directly to indicate that files have changed, and Snyk requests the files through Broker. The SCM then sends those files to Snyk, and Snyk scans for code, security, and license issues based on your integrations and the products you have, and returns a pass/fail determination for the SCM check. Sometimes the webhook cannot communicate directly with Snyk because the infrastructure prevents the repository from reaching outside of the private cloud or data center. Then the Broker facilitates the communication, sending notification of changes to the code, sending the request for files to the SCM, and conveying the files to Snyk, which returns the results of the scan. You can then continue work: review the status, ask for more information, see the issues in the PR if you are using the inline comments capability, and view the details in the Snyk portal. The same webhook mechanism is used to facilitate communication when Snyk creates a pull request, for example, when you see an issue in the Snyk interface and use the button to fix the vulnerability. -When you set up a connection, the webhook target endpoint is defined by the value of the `broker_client_url` value. The webhook can point directly to Snyk or to the Broker client container, which will relay the webhook to Snyk. +When you set up a connection, the webhook target endpoint is defined by the value of the `broker_client_url` value. The webhook can point directly to Snyk or to the Broker client container, which relays the webhook to Snyk. -By default, SCM integrations use the regional Snyk API endpoint. For the list of URLs, see [Broker client URLs](https://app.gitbook.com/s/ELvljsaLKPkSpffOkmsQ/regional-hosting-and-data-residency#broker-client-urls). Sometimes, however, your environment may prohibit SCM webhooks from leaving the private cloud or data center. In that case, the webhook and thus the SCM must point to the Snyk Broker container running in your environment. In these cases, the`broker_client_url` has to reflect the hostname and port of the Broker client. +By default, SCM integrations use the regional Snyk API endpoint. For the list of URLs, see [Broker client URLs](https://app.gitbook.com/s/ELvljsaLKPkSpffOkmsQ/regional-hosting-and-data-residency#broker-client-urls). Sometimes, however, your environment might prohibit SCM webhooks from leaving the private cloud or data center. In that case, the webhook and thus the SCM must point to the Snyk Broker container running in your environment. In these cases, the`broker_client_url` has to reflect the hostname and port of the Broker client. Non-SCM integrations, notably the container registries integrations, require the Broker client URL to be the Broker client address. Snyk recommends using a DNS host name, such as `http://my.broker.client`, but you can also use IP addresses (`http://192.168.0.1`). Ensure to append the port, for example, `http://my.broker.client:8000`. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/disconnect-and-clean-up.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/disconnect-and-clean-up.md index 7a190306bccf..14f8879d6357 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/disconnect-and-clean-up.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/disconnect-and-clean-up.md @@ -1,17 +1,17 @@ # Disconnect and clean up -The `snyk-broker-config workflows delete` command allows you to remove resources. +The `snyk-broker-config workflows delete` command lets you remove resources. Protections are in place to prevent invalid connection states, so you cannot delete connections that are integrated, and therefore relied upon, by Organizations. You must disconnect the integration before deleting the connection. The `snyk-broker-config workflows connections delete` command walks you through the disconnection steps. -For all resources, you must delete the child items before you can delete a parent, as illustrated in the diagram that follows. A deployment contains connections and credentials references. Connections use credentials references. Each connection may have an integration with one or more Organizations. +For all resources, you must delete the child items before you can delete a parent, as illustrated in the diagram that follows. A deployment contains connections and credentials references. Connections use credentials references. Each connection can have an integration with one or more Organizations. The `snyk-broker-config introduction` command walk you through this flow and indicates what needs to be done to achieve successful deletion. These commands implement and enforce the following rules: * Before you delete a connection, you must disconnect all integrations. -* Before you delete a credentials reference, you must delete the connection(s) using it. +* Before you delete a credentials reference, you must delete the connections using it. * Before you delete a deployment, you must delete all connections and credentials references.

Universal Broker resource data model illustrating child items to delete before parent items

diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/prerequisites-for-universal-broker.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/prerequisites-for-universal-broker.md index c1e6576cbe57..9e022a1ef6be 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/prerequisites-for-universal-broker.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/prerequisites-for-universal-broker.md @@ -9,11 +9,11 @@ Using the snyk-broker-config CLI tool is supported on Windows. Before installing the Universal Broker `snyk-broker-config` CLI tool, be sure you have met the following prerequisites. If you need help, contact your Snyk account team. * Minimum client machine system requirements: 1 CPU and 512 MB RAM.\ - Note: If you're performing a high-load import, we would recommend more RAM be allocated. This could be decreased after traffic is lowered. + Note: If you're performing a high-load import, Snyk recommends allocating more RAM. You can decrease this after traffic is lowered. * Network access that is allowed by any firewalls installed on your network: an outbound TLS (443) to `https://broker.snyk.io` AND `https://api.snyk.io` or your [regional Broker URL](https://app.gitbook.com/s/ELvljsaLKPkSpffOkmsQ/regional-hosting-and-data-residency#broker-server-urls). * A Snyk account and your personal Snyk API token; you cannot use a service account. * Snyk Tenant admin permissions. If you are not a Tenant admin, you can reach out to your team's Tenant admin [to add you](../../../../snyk-platform-administration/groups-and-organizations/tenant/manage-users-in-a-tenant.md). Otherwise, reach out to your support team member or [raise a support case](https://support.snyk.io/s/). -* A new/dedicated Snyk Organization. This will be used to administrate your Broker configurations, and a dedicated Organization will help prevent accidental removal. See [Create an Organization](../../../../snyk-platform-administration/groups-and-organizations/organizations/create-and-delete-organizations.md#create-an-organization) for details. +* A new/dedicated Snyk Organization. Snyk uses this to administrate your Broker configurations, and a dedicated Organization helps prevent accidental removal. See [Create an Organization](../../../../snyk-platform-administration/groups-and-organizations/organizations/create-and-delete-organizations.md#create-an-organization) for details. * An SCM token or password. Snyk Broker does not support authentication with the mTLS method. * Node 20 or higher installed. * Docker Compose or Kubernetes installed and configured to pull images from Docker Hub. @@ -30,10 +30,10 @@ Windows * `set SNYK_TOKEN=` * `set TENANT_ID=` -When running the Broker container, you may need to override the Broker server URL to the region where your data is hosted if you are using a region other than SNYK US-01. For the commands and URLs to use, see [Broker URLs](https://app.gitbook.com/s/ELvljsaLKPkSpffOkmsQ/regional-hosting-and-data-residency#broker-server-urls).\ +When running the Broker container, you might need to override the Broker server URL to the region where your data is hosted if you are using a region other than SNYK US-01. For the commands and URLs to use, see [Broker URLs](https://app.gitbook.com/s/ELvljsaLKPkSpffOkmsQ/regional-hosting-and-data-residency#broker-server-urls).\ Example: `-e BROKER_SERVER_URL=https://broker.eu.snyk.io`. -If you are using a different region than SNYK US-01 you should also export the relevant `SNYK_API_HOSTNAME` value into your terminal's environment variables after you install the `snyk-broker-config` CLI tool and before you create your first connection: +If you are using a different region than SNYK US-01, also export the relevant `SNYK_API_HOSTNAME` value into your terminal's environment variables after you install the `snyk-broker-config` CLI tool and before you create your first connection: * `export SNYK_API_HOSTNAME=https://api.REGION.snyk.io` (Linux/Mac) * `set SNYK_API_HOSTNAME=https://api.REGION.snyk.io` (Windows) diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/restart-your-broker-for-a-new-environment-variable.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/restart-your-broker-for-a-new-environment-variable.md index 13a0ee240a1a..b86743696de9 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/restart-your-broker-for-a-new-environment-variable.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/restart-your-broker-for-a-new-environment-variable.md @@ -16,10 +16,10 @@ docker run --restart=always \ snyk/broker:universal ``` -At this point, the Broker will display a message like the following: +At this point, the Broker displays a message like the following: ``` {"name":"my github connection","hostname":"ae7d64e0edac","pid":1,"level":30,"id":"12345678-1234-1234-1234-123456789012","msg":"Connection (my github connection) not in use by any orgs. Will check periodically and create connection when in use.","time":"2024-06-18T20:21:24.382Z","v":0} ``` -In Kubernetes deployments with hot-loaded secrets, when you edit a secret, typically using a vault system or something similar, the values in the secrets are automatically updated into the mounted secret file. This allows the Broker to trigger a reloading while running, hot-loading the new value without needing to restart the container. +In Kubernetes deployments with hot-loaded secrets, when you edit a secret, typically using a vault system or something similar, the values in the secrets are automatically updated into the mounted secret file. This lets the Broker trigger a reloading while running, hot-loading the new value without needing to restart the container. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/running-your-universal-broker-client.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/running-your-universal-broker-client.md index e09bb4b3a942..9d080286f5ee 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/running-your-universal-broker-client.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/running-your-universal-broker-client.md @@ -5,12 +5,12 @@ Ensure you have all of the [prerequisites](prerequisites-for-universal-broker.md * The DEPLOYMENT\_ID, CLIENT\_ID, CLIENT\_SECRET for your Broker Deployment * A credential reference associated with your deployment -* Valid integration credentials required by your connections such as MY\_GITHUB\_TOKEN If references are missing, the connection will not be established, and an error entry will be logged in the Broker client logs. +* Valid integration credentials required by your connections such as MY\_GITHUB\_TOKEN If references are missing, the connection is not established, and Snyk logs an error entry in the Broker client logs. {% endhint %} Run your Broker deployment on your container engine ([Docker Compose](running-your-universal-broker-client.md#docker-compose-example) or [Kubernetes cluster](running-your-universal-broker-client.md#helm)). -If you are not using `app.snyk.io` (for example, if you log into https://app.eu.snyk.io), you will need to target the Broker server for your region by using the following in your Docker run command `-e BROKER_SERVER_URL=https://broker.region.snyk.io \` . For details, visit [Broker URLs](https://app.gitbook.com/s/ELvljsaLKPkSpffOkmsQ/regional-hosting-and-data-residency#broker-server-urls). +If you are not using `app.snyk.io` (for example, if you log into https://app.eu.snyk.io), you must target the Broker server for your region by using the following in your Docker run command `-e BROKER_SERVER_URL=https://broker.region.snyk.io \` . For details, visit [Broker URLs](https://app.gitbook.com/s/ELvljsaLKPkSpffOkmsQ/regional-hosting-and-data-residency#broker-server-urls). ## Docker Compose example diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/setting-up-and-integrating-your-universal-broker-connections.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/setting-up-and-integrating-your-universal-broker-connections.md index 650fb93a97de..fac963a9f96d 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/setting-up-and-integrating-your-universal-broker-connections.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/setting-up-and-integrating-your-universal-broker-connections.md @@ -12,7 +12,7 @@ After you have installed the `snyk-broker-config` CLI tool: * Run `snyk-broker-config workflows connections create`. * Create a deployment if none exists, or select a deployment if more than one exists.\ - A single deployment setup will be selected automatically. + Snyk selects a single deployment setup automatically. If you want to create a new deployment: @@ -30,7 +30,7 @@ When you see the messages `Connection created` and `Ready to configure integrati Note that you can start the Broker client before the connection is integrated with any Organization. The Organization integration steps can be done in parallel with the Broker client container running. -If you are adding a connection to a running Broker deployment, the Broker client might take up to two minutes to pick up the new connection. +If you are adding a connection to a running Broker deployment, the Broker client can take up to two minutes to pick up the new connection. {% hint style="info" %} You can learn more about importing a code repository from an SCM into Snyk and creating connections, and more, with the [Universal Broker Snyk Learn ](https://learn.snyk.io/lesson/universal-broker/#3f799f7f-58a9-4225-53fb-9cc5b6913920)course. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/upgrade-an-organization-integration-from-classic-broker-to-universal-broker.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/upgrade-an-organization-integration-from-classic-broker-to-universal-broker.md index 5b72bce6e373..b9a553e4fbb0 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/upgrade-an-organization-integration-from-classic-broker-to-universal-broker.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/upgrade-an-organization-integration-from-classic-broker-to-universal-broker.md @@ -29,7 +29,7 @@ If you run into issues, you can roll back to the Classic Broker client as long a ## Migrate multiple Organizations -The bulk migration workflow allows you to migrate multiple Organizations at the same time. To do this: +The bulk migration workflow lets you migrate multiple Organizations at the same time. To do this: 1. Create a test connection and integrate it. See steps 1-3 from [Migrating a single Organization](upgrade-an-organization-integration-from-classic-broker-to-universal-broker.md#migrating-a-single-organization). 2. Run `snyk-broker-config workflows bulk-migration list` to see a list of all the Organizations that can be migrated. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/using-the-api-to-set-up-universal-broker/universal-broker-workflow-diagrams.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/using-the-api-to-set-up-universal-broker/universal-broker-workflow-diagrams.md index ea66bac0c9c2..6d5da73940a6 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/using-the-api-to-set-up-universal-broker/universal-broker-workflow-diagrams.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/using-the-api-to-set-up-universal-broker/universal-broker-workflow-diagrams.md @@ -18,4 +18,4 @@ You start the workflow and select a deployment. You create a new connection for You start the workflow and select a deployment. You select an existing connection to integrate with an Organization and enter the Org ID for that Organization. The connection is then integrated with the Organization by Org ID. The connection is ready. -

Integrate a connection with an Organizaton

+

Integrate a connection with an Organization

diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/update-the-snyk-broker-client.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/update-the-snyk-broker-client.md index 921f335cbd4b..86f25abe9849 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/update-the-snyk-broker-client.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/update-the-snyk-broker-client.md @@ -1,10 +1,10 @@ # Update the Snyk Broker client -Snyk regularly releases updated versions of the Broker client in order to provide new features, bug fixes, and more. Snyk recommends that you install the updated version of your Broker client regularly to take advantage of bug fixes and new features. +Snyk regularly releases updated versions of the Broker client to provide new features, bug fixes, and more. Snyk recommends that you install the updated version of your Broker client regularly to take advantage of bug fixes and new features. The full list of versions with release notes is available on [Snyk Broker GitHub](https://github.com/snyk/broker/releases). Snyk encourages you to [subscribe to the RSS feed](https://github.com/snyk/broker/releases.atom) for that page to receive information about versions as they are released. The Docker images are released more slowly than the GitHub releases. The `docker pull` command always pulls the most recent image. -Update the Broker client in the same way you installed it initially. Stopping and starting your Broker by itself will not update the version of Broker client that is used +Update the Broker client in the same way you installed it initially. Stopping and starting your Broker by itself does not update the version of Broker client that is used. ## Updating using the Docker method @@ -12,6 +12,6 @@ Run `docker pull snyk/broker:` to pull the latest version of t ## Updating using the Helm method -The specifics will be determined by how you initially installed and ran your Snyk Broker, but running a Helm upgrade\` instead of Helm install\` with the same arguments will pull the latest chart, unless you target a specific chart version. Ensure that you still supply the correct values for your Broker, either by using the `--set :` commands, or by using a YAML file. +The specifics depend on how you initially installed and ran your Snyk Broker, but running a Helm upgrade\` instead of Helm install\` with the same arguments pulls the latest chart, unless you target a specific chart version. Ensure that you still supply the correct values for your Broker, either by using the `--set :` commands, or by using a YAML file. -The Helm Chart targets the latest version of the applicable Broker client and has `imagePullPolicy: Always`, so upgrading to the latest chart will reinitialize the pod and pull the latest version of the client. +The Helm Chart targets the latest version of the applicable Broker client and has `imagePullPolicy: Always`, so upgrading to the latest chart reinitializes the pod and pulls the latest version of the client. diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/verifying-broker-image-signatures.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/verifying-broker-image-signatures.md index 0df5973c896c..df7187a98866 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/verifying-broker-image-signatures.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/verifying-broker-image-signatures.md @@ -2,9 +2,9 @@ Beginning with version 4.169.1, all Broker container images are signed using Cosign. -Cosign is the tool for signing and verifying containers. Cosign Includes storage in an Open Container Initiative (OCI) registry. +Cosign is the tool for signing and verifying containers. Cosign includes storage in an Open Container Initiative (OCI) registry. -Cosign is designed to enhance the security of container images by providing a simple and efficient way to sign and verify them. It leverages the concept of digital signatures, with which you sign the container image with your private key, and the recipient can verify your signature using the corresponding public key. +Cosign is designed to enhance the security of container images by providing a simple and efficient way to sign and verify them. It uses the concept of digital signatures, with which you sign the container image with your private key, and the recipient can verify your signature using the corresponding public key. ## Prerequisite for verifying Broker image signatures @@ -14,7 +14,7 @@ You must [install Cosign](https://docs.sigstore.dev/system_config/installation/) To verify the signed image, you must use the built-in `cosign verify` command. -It is not necessary to pull the Broker container image to perform the verification step +It is not necessary to pull the Broker container image to perform the verification step. ``` $ cosign verify --key cosign.pub snyk/broker:4.169.1-github-com diff --git a/platform-administration/snyk-platform-administration/groups-and-organizations/README.md b/platform-administration/snyk-platform-administration/groups-and-organizations/README.md index 6a7af4f79f97..3dac849125d2 100644 --- a/platform-administration/snyk-platform-administration/groups-and-organizations/README.md +++ b/platform-administration/snyk-platform-administration/groups-and-organizations/README.md @@ -2,13 +2,13 @@ ## The Snyk hierarchy -Snyk has a hierarchy that allows you to control access to Snyk scanning and features. +Snyk has a hierarchy that lets you control access to Snyk scanning and features.

The Snyk hierarchy for Enterprise plans

-* **Account:** Users must log in to their Snyk account to scan and view or modify any settings and scan +* **Account:** Users must log in to their Snyk account to scan and view or modify any settings and scan. * [**Tenants**](tenant/): A Tenant encompasses the entire Snyk workspace of your company, team, and individual users. You have one Tenant that encompasses all your Snyk work items: Groups, Organizations, Targets, Projects, and all their adjacent entities, for example, Snyk features, Tags, Collections, and so on. -* [**Groups**](groups/): A Group encompasses your entire base of Snyk users. You have at least one Snyk Group. Large companies may have multiple Groups with multiple Organizations. +* [**Groups**](groups/): A Group encompasses your entire base of Snyk users. You have at least one Snyk Group. Large companies can have multiple Groups with multiple Organizations. * [**Organizations**](organizations/): An Organization represents a specific area, such as a team, in your business. Organizations can contain multiple Projects. * [**Targets**:](https://app.gitbook.com/s/L7HyJj9FsK1W4pNt8Gzl/glossary#target) A Target represents the external resource that Snyk scans, like a repository. One Target can relate to multiple Projects. For example, a Target `https://github.com/examplesnyk/example` contains the Projects `package.json` and `Dockerfile.` * [**Projects**](https://app.gitbook.com/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-projects)**:** A Project is established based on the item that Snyk scans for issues, such as a manifest file. Each Project shows the results of scans. You can configure your Projects to define how to scan for issues in that Project. diff --git a/platform-administration/snyk-platform-administration/groups-and-organizations/group-and-organization-settings.md b/platform-administration/snyk-platform-administration/groups-and-organizations/group-and-organization-settings.md index c1d5704bb159..75814e10a8e3 100644 --- a/platform-administration/snyk-platform-administration/groups-and-organizations/group-and-organization-settings.md +++ b/platform-administration/snyk-platform-administration/groups-and-organizations/group-and-organization-settings.md @@ -24,7 +24,7 @@ At the Organization level, select **Settings** to manage Organization settings a * **Integrations**: Set up integrations and see a list of those configured for your Organization; click the name of the configured integration to see the details. See [Integrate with Snyk](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/integrations/integrate-with-snyk) for information about available Snyk integrations. * **Snyk Open Source**: Enable Reachable vulnerabilities analysis and edit language settings; see [Snyk Open Source - supported languages and package managers](https://app.gitbook.com/s/L7HyJj9FsK1W4pNt8Gzl/supported-languages/supported-languages-package-managers-and-frameworks) for details. * **Snyk Code**: Enable Snyk Code; see the [Snyk Code](https://app.gitbook.com/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-code) documentation for details. -* **Snyk IaC:** Enable Snyk Iac, detecting configuration files, and rules. Select severity levels for configurations scanned. See the [IaC ](https://app.gitbook.com/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-iac/scan-your-iac-source-code)documentation for details. +* **Snyk IaC:** Enable Snyk IaC, detecting configuration files, and rules. Select severity levels for configurations scanned. See the [IaC ](https://app.gitbook.com/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-iac/scan-your-iac-source-code)documentation for details. * **Usage**: See the [Usage settings](usage-settings.md) page for details. * **Notifications**: See the [Manage notifications](../manage-notifications.md) page for details. * **Snyk Preview**: See the [Snyk Preview page](../snyk-preview.md) for details. diff --git a/platform-administration/snyk-platform-administration/groups-and-organizations/groups/README.md b/platform-administration/snyk-platform-administration/groups-and-organizations/groups/README.md index 865927fea936..b915385d7cc8 100644 --- a/platform-administration/snyk-platform-administration/groups-and-organizations/groups/README.md +++ b/platform-administration/snyk-platform-administration/groups-and-organizations/groups/README.md @@ -40,7 +40,7 @@ You can [view dependencies](https://app.gitbook.com/s/BJO0IZx7zB6bOkotxQP2/preve ### Group Policies -With Policies, you can easily automate the process of adding business context and receiving notifications. +With Policies, you can automate the process of adding business context and receiving notifications. After a policy is created, it is run in a maximum of 3 hours after creation, then once every 3 hours. diff --git a/platform-administration/snyk-platform-administration/groups-and-organizations/groups/configure-session-length-for-a-snyk-group.md b/platform-administration/snyk-platform-administration/groups-and-organizations/groups/configure-session-length-for-a-snyk-group.md index 31e542d89794..18ec3dd0c0ee 100644 --- a/platform-administration/snyk-platform-administration/groups-and-organizations/groups/configure-session-length-for-a-snyk-group.md +++ b/platform-administration/snyk-platform-administration/groups-and-organizations/groups/configure-session-length-for-a-snyk-group.md @@ -2,7 +2,7 @@ By default, inactive logged-in users are automatically logged out after 24 hours to protect any account from being exposed inadvertently through user inactivity. -Group admins can change the default session length to any value from five minutes to 30 days. +Group admins can change the default session length to any value from 5 minutes to 30 days. {% hint style="info" %} Users who belong to multiple Groups are always logged out automatically after the shortest time configured for any of those Groups. diff --git a/platform-administration/snyk-platform-administration/groups-and-organizations/groups/group-general-settings.md b/platform-administration/snyk-platform-administration/groups-and-organizations/groups/group-general-settings.md index c2375b34536e..30f2a0f7bddd 100644 --- a/platform-administration/snyk-platform-administration/groups-and-organizations/groups/group-general-settings.md +++ b/platform-administration/snyk-platform-administration/groups-and-organizations/groups/group-general-settings.md @@ -6,12 +6,12 @@ To view and modify settings for your Group, navigate to **Settings** > **General In the Group general settings, you can view and modify the following: -* **Group name**: View or modify the name of the group as displayed in the Snyk Web UI. -* **Group ID**: View and copy the unique ID for this Group. You will need this ID when using the [Snyk API](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/snyk-api/snyk-api). +* **Group name**: View or modify the name of the Group as displayed in the Snyk Web UI. +* **Group ID**: View and copy the unique ID for this Group. You need this ID when using the [Snyk API](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/snyk-api/snyk-api). * **Session expiration**: By default, users are logged out of Snyk after 24 hours of inactivity. You can change the session expiration time for your Group. For details, see [Configure session length for a Snyk Group](configure-session-length-for-a-snyk-group.md) in the user management documentation. * **Requesting access**: Enable to allow users without access to a Snyk Organization to request access. * This is possible only for users who have registered with Snyk and are trying to reach the URL of a specific Project in the Organization, such as from a pull request. * This restriction reduces the risk of someone guessing the URL of your Organization. * The value set is used as the default for any new Organizations but does not override the **Requesting access** setting for existing Snyk Organizations. * For more details, see [Enable the Request Access setting](../organizations/requests-for-access-to-an-organization.md#enable-the-request-access-setting) in the documentation of requests for access to an Organization. -* **Project test frequency**: Set the default test frequency for any new Projects created in this Group. Note that Changing the **Project test frequency** setting will not affect the default test frequency of [Snyk Infrastructure as Code](https://app.gitbook.com/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-iac/scan-your-iac-source-code) or [Snyk Code](https://app.gitbook.com/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-code) Projects. The default for both of these is weekly. +* **Project test frequency**: Set the default test frequency for any new Projects created in this Group. Note that changing the **Project test frequency** setting does not affect the default test frequency of [Snyk Infrastructure as Code](https://app.gitbook.com/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-iac/scan-your-iac-source-code) or [Snyk Code](https://app.gitbook.com/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-code) Projects. The default for both of these is weekly. diff --git a/platform-administration/snyk-platform-administration/groups-and-organizations/groups/manage-users-in-a-group.md b/platform-administration/snyk-platform-administration/groups-and-organizations/groups/manage-users-in-a-group.md index 587f5c992e40..a87404a3e400 100644 --- a/platform-administration/snyk-platform-administration/groups-and-organizations/groups/manage-users-in-a-group.md +++ b/platform-administration/snyk-platform-administration/groups-and-organizations/groups/manage-users-in-a-group.md @@ -42,7 +42,7 @@ A Group Member can have different roles in different Organizations. You can filt

Group member details

-Users with the Group Admin role have access to all Organizations in that Group, with the same access level as the Organization Admin role in these Organizations. You cannot change the role of a Group admin in a specific Organization, or delete a Group admin from one or more Organizations. However, you can remove a Group Admin from the Group using the **Remove from group** option +Users with the Group Admin role have access to all Organizations in that Group, with the same access level as the Organization Admin role in these Organizations. You cannot change the role of a Group admin in a specific Organization, or delete a Group admin from one or more Organizations. However, you can remove a Group Admin from the Group using the **Remove from group** option. ## Promote a Group Member to a Group Admin diff --git a/platform-administration/snyk-platform-administration/groups-and-organizations/organizations/README.md b/platform-administration/snyk-platform-administration/groups-and-organizations/organizations/README.md index ab2c86c5df58..959e333711f3 100644 --- a/platform-administration/snyk-platform-administration/groups-and-organizations/organizations/README.md +++ b/platform-administration/snyk-platform-administration/groups-and-organizations/organizations/README.md @@ -8,6 +8,6 @@ When you sign up with Snyk, you have a default Organization in your Enterprise G You can create an Organization or join an Organization by invitation. On the **Free** and **Team** plans, you can create up to five Organizations in your Tenant. On the **Enterprise** plan, you can create an unlimited number of Organizations. -If you have more than one Organization, you can switch between Organizations in the Snyk WebUI or using the CLI. For more details, visit [Manage Organizations](create-and-delete-organizations.md)**.** +If you have more than one Organization, you can switch between Organizations in the Snyk Web UI or using the CLI. For more details, visit [Manage Organizations](create-and-delete-organizations.md)**.** -Snyk sends notifications about newly disclosed vulnerabilities by Organization, You can turn notifications on or off for each Organization. +Snyk sends notifications about newly disclosed vulnerabilities by Organization. You can turn notifications on or off for each Organization. diff --git a/platform-administration/snyk-platform-administration/groups-and-organizations/organizations/create-and-delete-organizations.md b/platform-administration/snyk-platform-administration/groups-and-organizations/organizations/create-and-delete-organizations.md index 231ff7c1f51a..4dd2a42d6fd0 100644 --- a/platform-administration/snyk-platform-administration/groups-and-organizations/organizations/create-and-delete-organizations.md +++ b/platform-administration/snyk-platform-administration/groups-and-organizations/organizations/create-and-delete-organizations.md @@ -19,7 +19,7 @@ Follow these steps to create an Organization: 2\. Enter a name for the new Organization. Consider using a structured naming convention to identify your Organizations. {% hint style="info" %} -It is highly recommended to enter a unique name for the new Organization. +Snyk recommends that you enter a unique name for the new Organization. {% endhint %} 3\. From the dropdown list, select an Organization from which to copy all settings and integrations. @@ -44,7 +44,7 @@ Follow these steps to delete an Organization: 2\. After the selected Organization appears, click **Org Settings** on the Group menu. -3\. On the **Settings** page, select **Genera**l on the menu. +3\. On the **Settings** page, select **General** on the menu. 4\. Scroll down to the **Delete organization** section and click **Delete organization**: diff --git a/platform-administration/snyk-platform-administration/groups-and-organizations/organizations/manage-users-in-organizations.md b/platform-administration/snyk-platform-administration/groups-and-organizations/organizations/manage-users-in-organizations.md index c2ef641d2c16..eaf7e2a856cf 100644 --- a/platform-administration/snyk-platform-administration/groups-and-organizations/organizations/manage-users-in-organizations.md +++ b/platform-administration/snyk-platform-administration/groups-and-organizations/organizations/manage-users-in-organizations.md @@ -3,7 +3,7 @@ In the **Organization** where you want to manage users, select the **Members** menu option. {% hint style="info" %} -You must have the permissions required to perform these tasks. For details, see [Pre-defined user roles](../../user-roles/pre-defined-roles.md) for a list of permissions. +You must have the required permissions to perform these tasks. For a list of permissions, see [Pre-defined user roles](../../user-roles/pre-defined-roles.md). {% endhint %} ## Add users @@ -17,7 +17,7 @@ You can do the following on the **Add members** screen: * Select **Invite new members** to send an email invitation to a new user. Enter the email addresses of users to invite, separated by commas, and click **Send invite**. * Select **Add existing members** to add existing members of your Group to the Organization. Select the users when prompted and click **Invite members.** * For Free plan users only:\ - Select **Invite by link** to send a link; click **Copy link** and send the link yourself. Note that an invite link expires after 48 hours. + Select **Invite by link** to send a link. Click **Copy link** and send the link yourself. Note that an invite link expires after 48 hours. * Use the **New members join as** dropdown to define the default role of a user when joining, such as **Org admin**. For details, see [Manage permissions](../../user-roles/pre-defined-roles.md). For a demonstration of adding users, view this video: @@ -43,7 +43,7 @@ To change the role of a user, click on the **Role** entry for the member and use

Select new role

{% hint style="warning" %} -For Enterprise plan customers who create custom roles, Snyk prevents users from assigning roles to other users who have more privileges. If you try to update a role, invite a new user, or add an existing user with a role that has more privileges than you have, you will see the error **Cannot assign higher privilege role**. +For Enterprise plan customers who create custom roles, Snyk prevents users from assigning roles to other users who have more privileges. If you try to update a role, invite a new user, or add an existing user with a role that has more privileges than you have, you see the error **Cannot assign higher privilege role**. {% endhint %} ## Delete Organization members diff --git a/platform-administration/snyk-platform-administration/groups-and-organizations/organizations/organization-general-settings.md b/platform-administration/snyk-platform-administration/groups-and-organizations/organizations/organization-general-settings.md index a73e29019b96..aab47a711d79 100644 --- a/platform-administration/snyk-platform-administration/groups-and-organizations/organizations/organization-general-settings.md +++ b/platform-administration/snyk-platform-administration/groups-and-organizations/organizations/organization-general-settings.md @@ -1,16 +1,16 @@ # Organization general settings -To view and modify settings for your Organization, be sure you are in your Organization and navigate to **Settings** > **General**: +To view and modify settings for your Organization, ensure you are in your Organization and navigate to **Settings** > **General**:

Organization general settings

In the Organization general settings, you can view and modify the following: -* **Organization name**: Set the display name for this Organization. For example, you may want to change the default initial Organization display name to reflect better the work that Organization relates to. Note that changing the Organization display name does not change the URL displayed in the browser bar or the internal name used by the CLI. To fully change the name, [create a new Organization](https://app.snyk.io/create-organisation) with the desired name. -* **Organization API key:** View or copy the Organization API key. [Service accounts](../../../implementation-and-setup/enterprise-setup/service-accounts/) require an API key (token) to substitute for standard user credentials. Click the **Manage Service accounts** button to set up details for service accounts. -* **Organization ID**: View or copy the Organization ID, which is the internal ID for the Organization, generated automatically when each Organization is created. This ID uniquely identifies this Organization and is required when you use the [Snyk API](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/snyk-api/snyk-api). These Organization identification details are generated automatically by Snyk for each Organization when it is created. +* **Organization name**: Set the display name for this Organization. For example, you might want to change the default initial Organization display name to reflect better the work that Organization relates to. Note that changing the Organization display name does not change the URL displayed in the browser bar or the internal name used by the CLI. To fully change the name, [create a new Organization](https://app.snyk.io/create-organisation) with the name you want. +* **Organization API key:** View or copy the Organization API key. [Service accounts](../../../implementation-and-setup/enterprise-setup/service-accounts/) require an API key (token) to substitute for standard user credentials. Click **Manage Service accounts** to set up details for service accounts. +* **Organization ID**: View or copy the Organization ID, which is the internal ID for the Organization. Snyk generates this ID automatically when each Organization is created. This ID uniquely identifies this Organization and is required when you use the [Snyk API](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/snyk-api/snyk-api). * **Ignores**: Define Organization-wide ignore settings. You can choose from the following options: - * **Ability to ignore an issue, or edit the ignore settings on an issue** **through the Snyk app or API** + * **Ability to ignore an issue, or edit the ignore settings on an issue** **through the Snyk Web UI or API** * `Admin users only` * `All users in any environment` * **Ability to ignore issues through the CLI or `.snyk` file** @@ -20,8 +20,8 @@ In the Organization general settings, you can view and modify the following: * `Required (only applies to ignores in the Snyk app, not the CLI or API)` * `Not required` * See [Configure Ignore settings](https://app.gitbook.com/s/BJO0IZx7zB6bOkotxQP2/fix/prioritize-issues-for-fixing/ignore-issues#configure-ignore-settings) in the Ignore issues documentation for more details. -* **Requesting access**: Enable to allow users without access to this Snyk Organization to request access. This includes external users. For more details, see [Enable the request for access setting](requests-for-access-to-an-organization.md#enable-the-request-access-setting) in the documentation of requests for access to an Organization. -* **Leave Organization**: Leave this Organization. You will lose access to the Projects and notifications for that Organization. +* **Requesting access**: Enable this setting to allow users without access to this Snyk Organization to request access. This includes external users. For more details, see [Enable the request for access setting](requests-for-access-to-an-organization.md#enable-the-request-access-setting) in the documentation of requests for access to an Organization. +* **Leave Organization**: Leave this Organization. You lose access to the Projects and notifications for that Organization. * **Delete Organization**: Delete this Organization to remove it entirely from Snyk, including all of its Projects and their historical data. See [Delete an Organization](create-and-delete-organizations.md#delete-an-organization) in the Manage Organizations documentation for details. For more information about Organization settings, see [Manage Organizations](create-and-delete-organizations.md). diff --git a/platform-administration/snyk-platform-administration/groups-and-organizations/organizations/set-your-preferred-organization.md b/platform-administration/snyk-platform-administration/groups-and-organizations/organizations/set-your-preferred-organization.md index daa8c3ff5939..26aeb088b517 100644 --- a/platform-administration/snyk-platform-administration/groups-and-organizations/organizations/set-your-preferred-organization.md +++ b/platform-administration/snyk-platform-administration/groups-and-organizations/organizations/set-your-preferred-organization.md @@ -18,6 +18,6 @@ Follow these steps to change your Preferred Organization:

Change your Preferred Organization

-3\. Click the **Update Preferred Org** button to save your new setting. +3\. Click **Update Preferred Org** to save your new setting. The Organization you selected as your **Preferred Organization** is displayed when you log in to your Snyk account and used by default for the test count when you scan using the CLI. diff --git a/platform-administration/snyk-platform-administration/groups-and-organizations/switch-between-groups-and-organizations.md b/platform-administration/snyk-platform-administration/groups-and-organizations/switch-between-groups-and-organizations.md index 430e4eb0019a..0d60a91342f6 100644 --- a/platform-administration/snyk-platform-administration/groups-and-organizations/switch-between-groups-and-organizations.md +++ b/platform-administration/snyk-platform-administration/groups-and-organizations/switch-between-groups-and-organizations.md @@ -1,6 +1,6 @@ # Switch between Groups and Organizations -Snyk shows your preferred Organization by default when you log into the Snyk Web UI. Snyk also uses the settings for your preferred Organization when you test a Project using the CLI. For more information, see [Manage Organizations](organizations/create-and-delete-organizations.md). +Snyk shows your preferred Organization by default when you log in to the Snyk Web UI. Snyk also uses the settings for your preferred Organization when you test a Project using the CLI. For more information, see [Manage Organizations](organizations/create-and-delete-organizations.md). ## Switch Group @@ -13,7 +13,7 @@ To view or add to your personal Organizations, select **Ungrouped**. ## Switch Organization in the Web UI {% hint style="warning" %} -If your SSO email is provided by Google, then logging in with that email through the Google social provider is not the same as logging in using SSO. Using the Google social option creates a separate free account with the standard free user privileges. You can not switch between Organizations that are in different accounts. +If your SSO email is provided by Google, then logging in with that email through the Google social provider is not the same as logging in using SSO. Using the Google social option creates a separate free account with the standard free user privileges. You cannot switch between Organizations that are in different accounts. {% endhint %} You must also be aware of the Organization you are viewing. Organizations contain different Projects. diff --git a/platform-administration/snyk-platform-administration/groups-and-organizations/tenant/README.md b/platform-administration/snyk-platform-administration/groups-and-organizations/tenant/README.md index 2e78267b3448..c2af1fbf648d 100644 --- a/platform-administration/snyk-platform-administration/groups-and-organizations/tenant/README.md +++ b/platform-administration/snyk-platform-administration/groups-and-organizations/tenant/README.md @@ -8,7 +8,7 @@ Some Tenant features, such as Snyk Analytics, are available only for Enterprise A Tenant is the top level of the Snyk hierarchy. It encompasses all your Groups and Organizations and all their corresponding Snyk work items. The Tenant is helpful in organizing access and reporting on the platform when you are a large Enterprise with multiple Groups. -At the Tenant level, you can manage access to features that work across your entire Snyk estate, such as [Snyk Analytics](https://app.gitbook.com/s/BJO0IZx7zB6bOkotxQP2/prevent/analytics) and Members, which allows you to manage users. +At the Tenant level, you can manage access to features that work across your entire Snyk estate, such as [Snyk Analytics](https://app.gitbook.com/s/BJO0IZx7zB6bOkotxQP2/prevent/analytics) and Members, which lets you manage users. Tenant-level roles include **Tenant Admin**, **Tenant Viewer**, and **Tenant Member**. For more information, see [Pre-defined roles](../../user-roles/pre-defined-roles.md#role-types). @@ -25,7 +25,7 @@ If you are a member of more than one Tenant, you can switch between them by sele In the Snyk 2.0 UI, you can navigate between different levels of your account (Tenant, Group, and Organization) using the scope selector at the top of the page. When you select a scope, the side menu automatically displays the relevant tools and data for that area. -Snyk 2.0 introduces UI enhancements to the platform navigation and is available in Early Access. This is being rolled out gradually, so not all users see the new navigation at the same time +Snyk 2.0 introduces UI enhancements to the platform navigation and is available in Early Access. Snyk is rolling this out gradually, so not all users see the new navigation at the same time. If you are an existing user, you can switch between the new and classic navigation at any time using the toggle in your user profile menu. For more information, visit [Snyk 2.0 platform improvements](https://app.gitbook.com/s/L7HyJj9FsK1W4pNt8Gzl/snyk-2.0-platform-improvements). {% endhint %} diff --git a/platform-administration/snyk-platform-administration/manage-notifications.md b/platform-administration/snyk-platform-administration/manage-notifications.md index e86525356b50..fa8ff7d874ff 100644 --- a/platform-administration/snyk-platform-administration/manage-notifications.md +++ b/platform-administration/snyk-platform-administration/manage-notifications.md @@ -1,6 +1,6 @@ # Manage notifications -Snyk notifies you automatically when new issues are found in the Projects you are monitoring to alert you to new possible new risks in these Projects. +Snyk notifies you automatically when it finds new issues in the Projects you are monitoring, to alert you to possible new risks in these Projects. ## How notifications are sent @@ -25,7 +25,7 @@ Setting a Project to inactive does not stop Snyk from sending notifications. You {% hint style="info" %} **FedRAMP environment notifications**\ -Both [issue alert emails](manage-notifications.md#group-defaults-for-issue-alert-emails) and [weekly report emails](manage-notifications.md#group-defaults-for-weekly-report-emails) are disabled for FedRAMP environments. Their notification settings may be hidden from the page. +Both [issue alert emails](manage-notifications.md#group-defaults-for-issue-alert-emails) and [weekly report emails](manage-notifications.md#group-defaults-for-weekly-report-emails) are disabled for FedRAMP environments. Their notification settings might be hidden from the page. {% endhint %} ## How to manage notifications @@ -62,8 +62,8 @@ To set the defaults for issue alert emails: 1. Check the **Vulnerabilities** box when users of new Organizations in this Group should receive alert emails by default for new issues or remediations for all Projects in a new Organization. 2. Check the **License Violations** box when users of new Organizations in this Group should receive alert emails for new license issues or remediations for all Projects in a new Organization. -3. If either the **Vulnerabilities** or **License Violations** boxes are checked, indicate the severity of issues for which Snyk should send alert emails by selecting **All severities** or **Critical and high severity** from the drop-down list. -4. To change the default for individual organizations, change the **Vulnerabilities**, **License Violations,** and **Severity** settings next to the Organization name. These settings apply for any individual user who has not updated personal notifications when you create new Organizations in this Group. +3. If either the **Vulnerabilities** or **License Violations** boxes are checked, indicate the severity of issues for which Snyk sends alert emails by selecting **All severities** or **Critical and high severity** from the dropdown list. +4. To change the default for individual Organizations, change the **Vulnerabilities**, **License Violations,** and **Severity** settings next to the Organization name. These settings apply for any individual user who has not updated personal notifications when you create new Organizations in this Group. #### Group defaults for weekly report emails @@ -72,7 +72,7 @@ Weekly report emails are notifications Snyk sends to provide a summary of the vu To set the defaults for weekly report emails: * Check the **Email notifications** box when users of new Organizations in this Group should receive a weekly summary email. -* To change the defaults for individual Organizations, clear or check the box next to the Organization name. The defaults will apply for new Organizations created in this Group. +* To change the defaults for individual Organizations, clear or check the box next to the Organization name. The defaults apply for new Organizations created in this Group. {% hint style="info" %} Individual Projects cannot be excluded from Weekly reports. They can be excluded only from Issue Alert emails, and new vulnerabilities or remediations. @@ -85,7 +85,7 @@ Usage alert emails are notifications Snyk sends to warn you when you are approac To set the defaults for usage alerts: * Check the **Email notifications** box when users of new Organizations in this Group should receive usage alert emails. -* To change the defaults for individual Organizations, clear or check the box next to the Organization name. The defaults will apply for new Organizations created in this Group. +* To change the defaults for individual Organizations, clear or check the box next to the Organization name. The defaults apply for new Organizations created in this Group. ### Define Organization notification defaults @@ -112,7 +112,7 @@ To set the defaults for issue alert emails: * Clear the **On** box to turn off issue alert emails for new Projects imported into this Organization. Check the box when new Projects in this Organization should receive the defined alerts. * Check the **Vulnerabilities** box to set the default for all Projects in this Organization to generate alert emails for new issues or remediations. * Check the **License violations** box to set the default for all Projects in this Organization to generate alert emails for new license issues or remediations. -* If either the **Vulnerabilities** or **License violations** boxes are checked, indicate the severity of issues for which Snyk should send alert emails by selecting **All severities** or **Critical and high severity** from the drop-down Projects list. +* If either the **Vulnerabilities** or **License violations** boxes are checked, indicate the severity of issues for which Snyk sends alert emails by selecting **All severities** or **Critical and high severity** from the dropdown Projects list. #### Organization defaults for weekly report emails @@ -137,17 +137,17 @@ To override these settings, change your notification preferences:

Notification settings at the Account level

-The Account Settings page allows you to change the types of notifications for each Organization to which you belong. You can also customize the notifications for individual Projects. +The Account Settings page lets you change the types of notifications for each Organization to which you belong. You can also customize the notifications for individual Projects. ### Preferences for issue alert emails -Issue alert emails are notifications Snyk sends the day it finds a new vulnerability license issue, or remediation. +Issue alert emails are notifications Snyk sends the day it finds a new vulnerability, license issue, or remediation. To customize your settings for issue alert emails for each Organization for which you are a member: * Check the **Vulnerabilities** box to receive alert emails for new issues or remediations for all Projects in the Organization. * Check the **Licenses** box for Open Source to receive alert emails for new license issues for all Projects in the Organization. -* If either the **Vulnerabilities** or **Licenses** boxes are checked, indicate the severity of issues for which Snyk should send alert emails by selecting **All severities** or **Critical and high severity** from the drop-down list. +* If either the **Vulnerabilities** or **Licenses** boxes are checked, indicate the severity of issues for which Snyk sends alert emails by selecting **All severities** or **Critical and high severity** from the dropdown list. To customize your settings for individual Projects: diff --git a/platform-administration/snyk-platform-administration/user-management-with-the-api/provision-users-to-organizations-using-the-api.md b/platform-administration/snyk-platform-administration/user-management-with-the-api/provision-users-to-organizations-using-the-api.md index ec4c6069f969..9c4a7175116c 100644 --- a/platform-administration/snyk-platform-administration/user-management-with-the-api/provision-users-to-organizations-using-the-api.md +++ b/platform-administration/snyk-platform-administration/user-management-with-the-api/provision-users-to-organizations-using-the-api.md @@ -1,8 +1,8 @@ # Provision users to Organizations using the API -The Provision user endpoints allow you to organize and grant permissions to your single sign-on users before the users log in to the Snyk platform. The endpoints are [Provision a user to the organizaton](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/snyk-api/reference/organizations-v1#org-orgid-provision), [List pending user provisions](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/snyk-api/reference/organizations-v1#org-orgid-provision-1), and [Delete pending user provision](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/snyk-api/reference/organizations-v1#org-orgid-provision-2). +The Provision user endpoints let you organize and grant permissions to your single sign-on users before the users log in to the Snyk platform. The endpoints are [Provision a user to the organizaton](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/snyk-api/reference/organizations-v1#org-orgid-provision), [List pending user provisions](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/snyk-api/reference/organizations-v1#org-orgid-provision-1), and [Delete pending user provision](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/snyk-api/reference/organizations-v1#org-orgid-provision-2). -Provisioned users do not need to accept invites. When provisioned users first log in to Snyk, they will have all their permissions. You can use the endpoint [Provision a user to the organization](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/snyk-api/reference/organizations-v1#org-orgid-provision) to add users to Organizations at scale before their first login. +Provisioned users do not need to accept invites. When provisioned users first log in to Snyk, they have all their permissions. You can use the endpoint [Provision a user to the organization](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/snyk-api/reference/organizations-v1#org-orgid-provision) to add users to Organizations at scale before their first login. ## Prerequisites for provisioning users using the API diff --git a/platform-administration/snyk-platform-administration/user-management-with-the-api/remove-members-from-groups-and-orgs-using-the-api.md b/platform-administration/snyk-platform-administration/user-management-with-the-api/remove-members-from-groups-and-orgs-using-the-api.md index b9936dfdad8b..e2b38050fef7 100644 --- a/platform-administration/snyk-platform-administration/user-management-with-the-api/remove-members-from-groups-and-orgs-using-the-api.md +++ b/platform-administration/snyk-platform-administration/user-management-with-the-api/remove-members-from-groups-and-orgs-using-the-api.md @@ -22,7 +22,7 @@ For each user, call the endpoint to remove that member from the Organization usi For a successful request, the response is `200 OK`. -Look at the Organization members page to verify that the member has been removed. +Look at the Organization members page to verify that Snyk removed the member. {% hint style="info" %} When a member is removed from an Organization, if the Organization is a part of a Group, the user continues to exist in the Group as a Group Member. To completely remove the user from the Group, follow the steps in the next section. @@ -62,7 +62,7 @@ For each user, to remove that member from the Group, call the endpoint using the For a successful request, the response is `200 OK`. -Look at the Group members page to verify the user has been removed. +Look at the Group members page to verify that Snyk removed the user. {% hint style="info" %} When a member is removed from a Group, the user continues to exist in Snyk. To completely delete all data associated with the user, follow the step in the next section. @@ -82,5 +82,5 @@ You can find the `{sso_id}` on the Snyk Web UI; navigate to **Group** > **Settin For a successful request, the response is `200 OK`. -Use the following request to verify the member has been deleted.\ +Use the following request to verify that Snyk deleted the member.\ `GET https://api.snyk.io/v1/user/userId` diff --git a/platform-administration/snyk-platform-administration/user-roles/README.md b/platform-administration/snyk-platform-administration/user-roles/README.md index b7fa6fda461e..cb9830a89f7f 100644 --- a/platform-administration/snyk-platform-administration/user-roles/README.md +++ b/platform-administration/snyk-platform-administration/user-roles/README.md @@ -3,7 +3,7 @@ {% hint style="info" %} **Feature availability** -The Snyk free subscription plan allows you to send up to 200 pending invitations every seven days and has only administrator roles. +The Snyk free subscription plan lets you send up to 200 pending invitations every seven days and has only administrator roles. Enterprise plans have administrators, viewers, collaborators, and custom roles. diff --git a/platform-administration/snyk-platform-administration/user-roles/custom-role-templates/README.md b/platform-administration/snyk-platform-administration/user-roles/custom-role-templates/README.md index 31e65a61844f..e5e6349b8b61 100644 --- a/platform-administration/snyk-platform-administration/user-roles/custom-role-templates/README.md +++ b/platform-administration/snyk-platform-administration/user-roles/custom-role-templates/README.md @@ -20,5 +20,5 @@ You can use these templates to create your own custom roles that fit into and re * [Snyk Learn - Learning Admin](snyk-learn-learning-admin.md) {% hint style="warning" %} -If you create a Group level custom role that enables creation of new Organizations, you must include the **Add Organizations** and **View Groups** permissions. When enabled, the user with that custom role will be able to see the **Create organization** button when switching Organizations in the Web UI. +If you create a Group level custom role that enables creation of new Organizations, you must include the **Add Organizations** and **View Groups** permissions. When enabled, the user with that custom role can see **Create organization** when switching Organizations in the Web UI. {% endhint %} diff --git a/platform-administration/snyk-platform-administration/user-roles/custom-role-templates/cli-tester-role-template.md b/platform-administration/snyk-platform-administration/user-roles/custom-role-templates/cli-tester-role-template.md index 5475f1e9fdf9..dc236c00f967 100644 --- a/platform-administration/snyk-platform-administration/user-roles/custom-role-templates/cli-tester-role-template.md +++ b/platform-administration/snyk-platform-administration/user-roles/custom-role-templates/cli-tester-role-template.md @@ -1,6 +1,6 @@ # CLI Tester role template -This Organization-level role allows service accounts in CI/CD pipelines to run basic Snyk CLI commands. The role grants permissions to run `snyk test` to check Projects for vulnerabilities and `snyk monitor` to send snapshots to the Snyk UI. +This Organization-level role lets service accounts in CI/CD pipelines run basic Snyk CLI commands. The role grants permissions to run `snyk test` to check Projects for vulnerabilities and `snyk monitor` to send snapshots to the Snyk UI. This role does not include permissions to manage pull requests. If your CI/CD pipeline updates pull request (PR) statuses or interacts with source control manager (SCM) checks, use the Developer role template. diff --git a/platform-administration/snyk-platform-administration/user-roles/custom-role-templates/developer-role-template.md b/platform-administration/snyk-platform-administration/user-roles/custom-role-templates/developer-role-template.md index 0c2f24d71e88..1eb748ef7c10 100644 --- a/platform-administration/snyk-platform-administration/user-roles/custom-role-templates/developer-role-template.md +++ b/platform-administration/snyk-platform-administration/user-roles/custom-role-templates/developer-role-template.md @@ -1,8 +1,8 @@ # Developer role template -This Organization-level role enables review of scan results, fixing issues, and initiating Project tests. Users with this role can view Organizations and Projects. +With this Organization-level role, users can review scan results, fix issues, and start Project tests. Users with this role can view Organizations and Projects. -Often, when deploying Snyk, developers may have the ability to override Snyk PR checks, but this permission can be revoked after developers are comfortable using the Snyk IDE extensions and start fixing issues earlier in the SDLC. Similarly, you may start by allowing developers to add Projects and then limit that permission to a Team Lead. +Often, when deploying Snyk, developers can override Snyk PR checks, but you can revoke this permission after developers are comfortable using the Snyk IDE extensions and start fixing issues earlier in the SDLC. Similarly, you can start by allowing developers to add Projects and then limit that permission to a Team Lead. ## Group-level permissions diff --git a/platform-administration/snyk-platform-administration/user-roles/pre-defined-roles.md b/platform-administration/snyk-platform-administration/user-roles/pre-defined-roles.md index 9e6a0465211c..ef11b99f2807 100644 --- a/platform-administration/snyk-platform-administration/user-roles/pre-defined-roles.md +++ b/platform-administration/snyk-platform-administration/user-roles/pre-defined-roles.md @@ -6,7 +6,7 @@ The pre-defined roles Snyk provides are as follows: * **Organization Admin:** the standard role equivalent for Team Leads. Users with this role can add and delete Projects, override Snyk checks, and provision Group members with an Organization-level role. This role and the associated permissions supersede Group Member role restrictions. * **Organization Collaborator:** the standard role equivalent for Developers. This role is ideal for small teams or a developer-first organizational approach. -* **Group Admin:** the standard role equivalent for the person in your company who oversees Snyk use at a high level, providing a full set of permissions at the Group and Organization level. This also means that a Group Admin is automatically an Organization Admin to all Organizations that sit under the Group, although they will not be visible in an Organization level list. +* **Group Admin:** the standard role equivalent for the person in your company who oversees Snyk use at a high level, providing a full set of permissions at the Group and Organization level. This also means that a Group Admin is automatically an Organization Admin to all Organizations that sit under the Group, although they are not visible in an Organization level list. * **Group Viewer:** a user who can access the Group level but requires Organization-level permissions to take actions in Snyk. This is normally used as a starting point during onboarding with Snyk to understand functions tied to Group permissions and design a custom Group role for post-deployment use. * **Group Member:** a non-functional user role added to your environment as a transition from Group Viewer if you do not yet wish to create a custom role after onboarding with Snyk. This means the permissions granted can vary depending on your requirements, as discussed with your Snyk contacts. Select the named role from the list under Manage Members in the Snyk Web UI to check the permissions assigned to your Group Member role. * **Tenant Admin**: a user who can access all Tenant products and settings. This role is reserved for account owners and admins only. diff --git a/platform-administration/snyk-platform-administration/user-roles/user-role-management.md b/platform-administration/snyk-platform-administration/user-roles/user-role-management.md index d4230a1e6064..4c18f2eadfc7 100644 --- a/platform-administration/snyk-platform-administration/user-roles/user-role-management.md +++ b/platform-administration/snyk-platform-administration/user-roles/user-role-management.md @@ -6,7 +6,7 @@ Managing user roles is available only with Enterprise plans. For more information, see [plans and pricing](https://snyk.io/plans/). {% endhint %} -Snyk Manage roles functionality enables you to manage pre-defined and custom roles, allowing you to create and enforce set permissions for roles that reflect the users and functions in your Organization. +The Manage roles functionality in Snyk lets you manage pre-defined and custom roles, so you can create and enforce set permissions for roles that reflect the users and functions in your Organization. Under **Manage roles**, you can: @@ -35,7 +35,7 @@ For more information, see [User management with the API](../user-management-with You can create, edit, duplicate, and delete custom roles, granting your users the exact permissions they need to do their jobs across the Snyk platform. This ensures the right people have the right access to the right resources at the right time, maximizing transparency and reducing risk. -You will find [pre-defined roles](pre-defined-roles.md) such as **Organization Admin** and **Organization Collaborator** listed under your Group. These roles can be selected to view their associated permissions, but permissions cannot be added, edited, or removed. Pre-defined role permissions can be duplicated to act as a starting point for any custom role creation. +You can find [pre-defined roles](pre-defined-roles.md) such as **Organization Admin** and **Organization Collaborator** listed under your Group. You can select these roles to view their associated permissions, but you cannot add, edit, or remove permissions. Pre-defined role permissions can be duplicated to act as a starting point for any custom role creation. ## Create a custom role @@ -45,7 +45,7 @@ Click the **Create new role** button and enter the **New role name**, **Role Typ

Create a custom Organization-level role

-If you would like to continue, you can click the **Create role** button. Basic details about the role are visible in the top section of the **Role details** screen. +To continue, click **Create role**. Basic details about the role are visible in the top section of the **Role details** screen.

Role Details for a custom role

@@ -85,7 +85,7 @@ To copy a role, use the **Duplicate** button next to each role in the Member Rol

Duplicate a role using the Duplicate role button under Role Details

-A Duplicate role pop-up will appear, prompting you to enter a unique name and description. You can select the option to use the description from the role you copied from, but this can be edited later. Click the **Duplicate Role** button to proceed with creation. A **Group Admin** or a custom role with **Role management** permissions can edit this role to assign new permissions to it or remove any permissions already assigned. +A Duplicate role pop-up appears, prompting you to enter a unique name and description. You can select the option to use the description from the role you copied from, but this can be edited later. Click the **Duplicate Role** button to proceed with creation. A **Group Admin** or a custom role with **Role management** permissions can edit this role to assign new permissions to it or remove any permissions already assigned.

Duplicate role creation

@@ -127,7 +127,7 @@ Click **Add members** > **Invite new members** and select the role to assign fro Click the **Add members** button > **Add existing members** to promote current Group Members to an Organization-specific role. {% hint style="warning" %} -Snyk prevents users from assigning roles to others with more privileges than those the user who is assigning roles already has. If you try to update the role of a member, invite a new member, or add an existing member with a role that has more privileges than you have, you will see the error **Cannot assign higher privilege role**. +Snyk prevents users from assigning roles to others with more privileges than those the user who is assigning roles already has. If you try to update the role of a member, invite a new member, or add an existing member with a role that has more privileges than you have, you see the error **Cannot assign higher privilege role**. {% endhint %} ### Assign roles to service accounts From 9e30f239a50bac865c40dce9cedeb41b363140c1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9CNatasha?= <“natasha.baker@snyk.io”> Date: Thu, 18 Jun 2026 11:32:56 +0100 Subject: [PATCH 03/12] docs: apply Snyk writing-style skill to Developer tools pages Apply the Snyk documentation writing-style rules across the developer-tools section (297 files updated). Consistent changes: - Passive to active voice; present tense over future "will" - Capability phrasing ("allows/enables you to" -> "lets you"); "is able to" -> "can" - once -> after; in order to -> to; via -> through/using; make sure -> ensure; go to -> navigate to; remove filler (just, simply, easily, currently) - Bold UI labels without element-type nouns; check box "select/clear" - Casing: Node.js, GitHub, Bitbucket, Azure DevOps, IaC, AI-BOM; Snyk Web UI; Projects/Organizations/Groups; AI buzzwords removed - Fix copy-paste/product-name slips and obvious prose typos Frontmatter, GitBook/OpenAPI components, code, links, and technical literals unchanged. Co-Authored-By: Claude Opus 4.8 (1M context) --- ...nfigure-snyk-cli-to-connect-to-snyk-api.md | 4 +- .../authentication-for-third-party-tools.md | 2 +- .../integrations/event-forwarding/README.md | 4 +- .../event-forwarding/amazon-eventbridge.md | 20 +++--- .../event-forwarding/aws-cloudtrail-lake.md | 28 ++++---- .../event-forwarding/aws-security-hub.md | 12 ++-- .../crowdstrike-falcon-next-gen-siem.md | 12 ++-- .../google-security-command-center.md | 10 +-- .../integrations/integrate-with-snyk.md | 16 ++--- .../jira-integration.md | 14 ++-- .../jira-and-slack-integrations/slack-app.md | 18 ++--- .../slack-integration.md | 8 +-- ...snyk-security-in-jira-cloud-integration.md | 26 ++++---- .../integrations/partner-integrations.md | 4 +- .../scan-with-snyk/snyk-tools/README.md | 4 +- ...on-code-to-extract-issues-from-snyk-api.md | 2 +- .../tool-jira-tickets-for-new-vulns.md | 8 +-- .../snyk-tools/tool-snyk-api-import/README.md | 12 ++-- .../contributing-to-snyk-api-import.md | 10 +-- ...-import-targets-data-for-import-command.md | 10 +-- .../creating-organizations-in-snyk.md | 6 +- .../kicking-off-an-import.md | 18 ++--- ...t-cloud-organizations-and-repos-in-snyk.md | 2 +- ...-server-organizations-and-repos-in-snyk.md | 4 +- ...-gitlab-organizations-and-repos-in-snyk.md | 2 +- developer-tools/scm-integrations/README.md | 14 ++-- .../README.md | 24 +++---- ...kstage-file-in-asset-inventory-use-case.md | 2 +- .../deployment-recommendations.md | 14 ++-- .../group-level-integrations/README.md | 16 ++--- .../azure-devops-for-snyk-essentials.md | 2 +- .../github-for-snyk-essentials.md | 14 ++-- .../gitlab-for-snyk-essentials.md | 10 +-- .../organization-level-integrations/README.md | 4 +- .../azure-repositories-tfs.md | 6 +- .../bitbucket-cloud-app.md | 12 ++-- .../bitbucket-cloud.md | 6 +- .../bitbucket-data-center-server.md | 12 ++-- .../github-cloud-app.md | 4 +- .../github-enterprise.md | 10 +-- .../github-read-only-projects.md | 10 +-- .../github-server-app.md | 24 +++---- .../organization-level-integrations/github.md | 66 +++++++++---------- .../organization-level-integrations/gitlab.md | 30 ++++----- .../scm-integrations-and-snyk-broker.md | 24 +++---- .../user-permissions-and-access-scopes.md | 10 +-- .../scm-integrations/workspaces.md | 24 +++---- .../README.md | 24 +++---- .../api-eol-endpoints-and-key-dates.md | 4 +- ...s-for-upcoming-api-end-of-life-cadences.md | 4 +- ...api-migration-guide-completed-migration.md | 4 +- ...erimental-api-to-ga-api-migration-guide.md | 8 +-- ...-ga-rest-audit-logs-api-migration-guide.md | 10 +-- ...ting-apis-to-export-api-migration-guide.md | 12 ++-- ...apis-to-rest-issues-api-migration-guide.md | 4 +- .../api-endpoints-index-and-tips/README.md | 18 ++--- .../project-issue-paths-api-endpoints.md | 4 +- .../project-type-responses-from-the-api.md | 2 +- .../scenarios-for-using-the-snyk-api.md | 4 +- .../snyk-api/authentication-for-api/README.md | 8 +-- .../personal-access-tokens-pats.md | 20 +++--- .../revoke-and-regenerate-a-snyk-api-token.md | 4 +- ...api-token-permissions-users-can-control.md | 4 +- developer-tools/snyk-api/reference/aibom.md | 2 +- .../snyk-api/reference/dependencies-v1.md | 2 +- .../snyk-api/reference/entitlements-v1.md | 2 +- .../snyk-api/reference/import-projects-v1.md | 2 +- .../snyk-api/reference/licenses-v1.md | 2 +- .../snyk-api/reference/reporting-api-v1.md | 2 +- .../snyk-api/rest-api/about-the-rest-api.md | 24 +++---- developer-tools/snyk-api/snyk-api.md | 10 +-- ...-api-specifications-columns-and-filters.md | 8 +-- .../issues-list-issues-for-a-package.md | 12 ++-- .../sbom-apis/README.md | 2 +- ...st-an-sbom-document-for-vulnerabilities.md | 10 +-- .../rest-api-get-a-projects-sbom-document.md | 14 ++-- .../snyk-apps-apis/README.md | 2 +- .../snyk-apps-apis/about-snyk-apps.md | 18 ++--- .../create-a-snyk-app-using-the-snyk-api.md | 4 +- .../create-a-snyk-app-using-the-snyk-cli.md | 6 +- .../snyk-apps-apis/manage-app-details.md | 10 +-- .../prerequisites-for-snyk-apps.md | 2 +- .../snyk-apps-apis/scopes-to-request.md | 6 +- .../quick-setup.md | 4 +- .../retrieve-the-app-org-ids.md | 2 +- .../revoke-compromised-refresh-tokens.md | 6 +- .../set-up-the-authorization-code-exchange.md | 6 +- .../set-up-the-refresh-token-exchange.md | 4 +- .../set-up-to-authorize-users.md | 4 +- .../tutorial-create-a-snyk-app/README.md | 8 +-- .../configuring-express.js.md | 38 +++++------ ...he-app-and-configure-user-authorization.md | 64 +++++++++--------- .../render-content-for-users.md | 20 +++--- .../webhooks-apis/about-webhooks.md | 20 +++--- .../README.md | 4 +- ...ecurity-through-an-environment-variable.md | 2 +- ...ambda-function-to-connect-snyk-to-slack.md | 8 +-- .../README.md | 2 +- .../with-a-lambda-function-url/README.md | 2 +- .../modify-the-lambda-function.md | 2 +- .../with-api-gateway/README.md | 2 +- ...he-post-method-to-connect-snyk-to-slack.md | 6 +- .../aws-api-gateway-deploy-the-post-method.md | 6 +- .../aws-lambda-setup-set-up-the-trigger.md | 2 +- .../configure-the-aws-lambda-script.md | 2 +- .../set-up-the-snyk-webhook.md | 2 +- ...k-setup-to-connect-snyk-with-aws-lambda.md | 4 +- .../test-the-snyk-webhook-connection.md | 8 +-- .../README.md | 6 +- ...re-azure-function-environment-variables.md | 2 +- .../copy-the-azure-function-url.md | 2 +- .../create-a-snyk-webhook.md | 2 +- ...ic-curated-ui-and-snyk-custom-dashboard.md | 4 +- .../validation-and-versioning-of-payloads.md | 4 +- .../webhooks-apis/webhooks.md | 4 +- developer-tools/snyk-api/v1-api.md | 10 +-- .../snyk-ci-cd-integrations/README.md | 6 +- ...integration-by-adding-a-snyk-scan-stage.md | 4 +- .../azure-pipelines-integration/README.md | 4 +- ...he-snyk-security-task-to-your-pipelines.md | 8 +-- ...nyk-task-for-a-container-image-pipeline.md | 2 +- ...to-test-a-node.js-npm-based-application.md | 2 +- ...of-a-snyk-task-to-test-application-code.md | 2 +- ...snyk-extension-for-your-azure-pipelines.md | 2 +- .../regional-api-endpoints.md | 2 +- ...ecurity-scan-task-parameters-and-values.md | 12 ++-- .../README.md | 4 +- ...migrating-to-bitbucket-pipelines-v1.0.0.md | 4 +- ...e-parameters-and-values-bitbucket-cloud.md | 2 +- .../circleci-integration-using-a-snyk-orb.md | 6 +- .../README.md | 6 +- .../snyk-docker-action.md | 4 +- .../snyk-dotnet-action.md | 2 +- .../snyk-golang-action.md | 2 +- .../snyk-gradle-jdk14-action.md | 2 +- .../snyk-infrastructure-as-code-action.md | 4 +- .../snyk-maven-3-jdk-11-action.md | 2 +- .../snyk-maven-action.md | 2 +- .../snyk-python-3.6-action.md | 4 +- .../snyk-python-3.7-action.md | 4 +- .../snyk-python-3.8-action.md | 2 +- .../snyk-python-action.md | 4 +- .../snyk-scala-action.md | 2 +- .../jenkins-plugin-integration-with-snyk.md | 2 +- .../maven-plugin-integration-with-snyk.md | 6 +- .../README.md | 4 +- .../ci-cd-adoption-and-deployment.md | 6 +- .../ci-cd-setup.md | 4 +- ...nyk-container-specific-ci-cd-strategies.md | 2 +- ...k-open-source-specific-ci-cd-strategies.md | 4 +- ...t-and-snyk-monitor-in-ci-cd-integration.md | 4 +- .../snyk-images-and-eol-image-policy.md | 14 ++-- .../snyk-images-guides-to-migration/README.md | 8 +-- .../bitbucket-pipelines-migration.md | 14 ++-- .../circleci-migration.md | 4 +- .../github-actions-migration.md | 8 +-- .../snyk-images-migration.md | 32 ++++----- .../README.md | 2 +- .../how-teamcity-integration-works.md | 4 +- .../teamcity-configuration-parameters.md | 6 +- ...ity-integration-install-the-snyk-plugin.md | 2 +- .../README.md | 6 +- ...the-terraform-cloud-integration-for-iac.md | 6 +- ...the-terraform-cloud-integration-for-iac.md | 4 +- ...orm-enterprise-integration-for-snyk-iac.md | 4 +- .../use-snyk-code-in-the-ci-cd-pipeline.md | 2 +- .../user-defined-custom-images-for-cli.md | 10 +-- developer-tools/snyk-cli/README.md | 4 +- .../snyk-cli/authenticate-to-use-the-cli.md | 8 +-- .../code-execution-warning-for-snyk-cli.md | 6 +- developer-tools/snyk-cli/commands/README.md | 2 +- developer-tools/snyk-cli/commands/aibom.md | 8 +-- developer-tools/snyk-cli/commands/auth.md | 6 +- .../snyk-cli/commands/code-test.md | 2 +- developer-tools/snyk-cli/commands/code.md | 2 +- .../snyk-cli/commands/config-environment.md | 4 +- developer-tools/snyk-cli/commands/config.md | 2 +- .../snyk-cli/commands/container-monitor.md | 4 +- .../snyk-cli/commands/container-sbom.md | 10 +-- .../snyk-cli/commands/container-test.md | 4 +- developer-tools/snyk-cli/commands/iac-test.md | 4 +- .../commands/iac-update-exclude-policy.md | 2 +- developer-tools/snyk-cli/commands/ignore.md | 8 +-- developer-tools/snyk-cli/commands/monitor.md | 16 ++--- developer-tools/snyk-cli/commands/sbom.md | 8 +-- developer-tools/snyk-cli/commands/test.md | 18 ++--- .../environment-variables-for-snyk-cli.md | 6 +- .../proxy-configuration-for-snyk-cli.md | 4 +- .../snyk-cli/debugging-the-snyk-cli.md | 2 +- .../getting-started-with-the-snyk-cli.md | 6 +- .../snyk-cli/install-the-snyk-cli/README.md | 8 +-- ...ersion-of-node.js-required-for-snyk-cli.md | 6 +- ...n-1.1230.0-on-an-apple-m1-or-m2-machine.md | 4 +- .../releases-and-channels-for-the-snyk-cli.md | 12 ++-- .../README.md | 2 +- ...ferent-directory-from-the-manifest-file.md | 2 +- .../cli-test-results.md | 4 +- .../cli-tools/README.md | 2 +- .../cli-tools/snyk-delta.md | 8 +-- .../cli-tools/snyk-filter.md | 2 +- .../snyk-scm-contributors-count/README.md | 8 +-- ...imit-control-for-scm-contributors-count.md | 6 +- .../consolidate-results.md | 6 +- .../creating-and-using-the-import-file.md | 14 ++-- .../snyk-scm-contributors-count/output.md | 2 +- .../README.md | 2 +- .../azure-devops/azure-examples.md | 12 ++-- .../azure-devops/azure-flow-and-tech.md | 2 +- .../bitbucket-cloud-examples.md | 6 +- .../bitbucket-cloud-flow-and-tech.md | 2 +- .../bitbucket-server-examples.md | 16 ++--- .../bitbucket-server-flow-and-tech.md | 2 +- .../github-enterprise-examples.md | 8 +-- .../github/github-examples.md | 10 +-- .../gitlab-examples.md | 4 +- .../gitlab-flow-and-tech.md | 2 +- .../snyk-scm-contributors-count/usage.md | 12 ++-- .../cli-tools/snyk-to-html.md | 10 +-- .../failing-of-builds-in-snyk-cli.md | 12 ++-- ...cts-by-branch-or-version-for-monitoring.md | 4 +- ...lect-the-organization-to-use-in-the-cli.md | 4 +- ...nore-vulnerabilities-using-the-snyk-cli.md | 4 +- ...ing-length-error-when-scanning-projects.md | 2 +- .../log4shell-command-use.md | 2 +- ...itor-your-projects-at-regular-intervals.md | 2 +- .../scan-all-unmanaged-jar-files.md | 4 +- .../snyk-cli-for-iac/README.md | 4 +- .../iac-exclusions-using-the-command-line.md | 8 +-- ...iac-ignores-using-the-.snyk-policy-file.md | 8 +-- .../share-cli-results-with-the-snyk-web-ui.md | 6 +- .../test-your-iac-files/README.md | 2 +- .../test-your-iac-files/helm-charts.md | 2 +- .../test-your-iac-files/serverless-files.md | 4 +- .../test-your-iac-files/terraform-files.md | 8 +-- ...c-cli-test-results-v.-1.939.0-and-later.md | 2 +- ...e-snyk-into-your-workflow-using-the-cli.md | 4 +- ...-built-before-testing-with-the-snyk-cli.md | 2 +- ...review-the-snyk-open-source-cli-results.md | 4 +- ...ions-to-customize-the-snyk-test-command.md | 4 +- .../snyk-cli-for-snyk-code/README.md | 6 +- ...ries-and-files-from-snyk-code-cli-tests.md | 2 +- ...ource-code-with-snyk-code-using-the-cli.md | 14 ++-- ...the-snyk-organization-for-the-cli-tests.md | 14 ++-- .../view-snyk-code-cli-results.md | 8 +-- .../scan-and-monitor-images.md | 6 +- .../understand-snyk-container-cli-results.md | 2 +- .../README.md | 4 +- .../access-requirements.md | 4 +- .../securing-data-at-rest.md | 6 +- .../using-fips-validated-cryptography.md | 16 ++--- .../snyk-cli/snyk-cli-analytics.md | 2 +- .../snyk-cli/snyk-cli/upgrade-the-snyk-cli.md | 2 +- .../snyk-ide-plugins-and-extensions/README.md | 6 +- .../compatibility-matrix.md | 2 +- .../eclipse-plugin/README.md | 8 +-- .../authentication-for-the-eclipse-plugin.md | 8 +-- .../configuration-of-the-eclipse-plugin.md | 6 +- .../eclipse-plugin-folder-trust.md | 4 +- ...onment-variables-for-the-eclipse-plugin.md | 6 +- ...ing-results-snyk-infrastructure-as-code.md | 2 +- .../sast-scanning-results-sast-snyk-code.md | 2 +- ...ependency-scanning-sca-snyk-open-source.md | 4 +- .../troubleshooting-for-the-eclipse-plugin.md | 10 +-- ...-plugin-to-secure-your-eclipse-projects.md | 10 +-- .../jetbrains-plugin/README.md | 8 +-- ...uthentication-for-the-jetbrains-plugins.md | 6 +- ...the-snyk-jetbrains-plugin-and-ide-proxy.md | 6 +- .../jetbrains-plugin-folder-trust.md | 4 +- ...n-an-analysis-with-the-jetbrains-plugin.md | 16 ++--- ...roubleshooting-for-the-jetbrains-plugin.md | 14 ++-- ...and-support-policy-for-snyk-ide-plugins.md | 4 +- .../snyk-language-server/README.md | 18 +++-- ...configurations-for-snyk-language-server.md | 4 +- ...ary-because-of-corporate-policy-windows.md | 2 +- ...force-use-of-the-latest-language-server.md | 6 +- ...es-by-operating-system-for-ides-and-cli.md | 2 +- ...ows-systems-with-.exe-download-blocking.md | 2 +- .../maven-scans-with-private-repositories.md | 4 +- ...ssing-or-differing-results-in-snyk-code.md | 2 +- ...t-new-issues-delta-scan-troubleshooting.md | 2 +- ...returned-http-response-code-403-for-url.md | 4 +- .../troubleshoot-certificate-errors.md | 4 +- ...d-ide-configuration-dialog-experimental.md | 2 +- .../visual-studio-code-extension/README.md | 10 +-- ...cation-for-visual-studio-code-extension.md | 8 +-- ...lysis-with-visual-studio-code-extension.md | 2 +- .../README.md | 8 +-- .../analysis-results-snyk-code.md | 2 +- ...uration-environment-variables-and-proxy.md | 8 +-- .../visual-studio-code-workspace-trust.md | 4 +- .../visual-studio-extension/README.md | 8 +-- ...hentication-for-visual-studio-extension.md | 8 +-- ...n-analysis-with-visual-studio-extension.md | 2 +- ...own-issues-with-visual-studio-extension.md | 4 +- ...is-results-from-visual-studio-extension.md | 4 +- ...uration-environment-variables-and-proxy.md | 12 ++-- .../visual-studio-workspace-trust.md | 2 +- 297 files changed, 1064 insertions(+), 1072 deletions(-) diff --git a/developer-tools/cli-ide-and-ci-cd-integrations/snyk-cli/configure-the-snyk-cli/configure-snyk-cli-to-connect-to-snyk-api.md b/developer-tools/cli-ide-and-ci-cd-integrations/snyk-cli/configure-the-snyk-cli/configure-snyk-cli-to-connect-to-snyk-api.md index e44b0a0648fb..72ffa931de8e 100644 --- a/developer-tools/cli-ide-and-ci-cd-integrations/snyk-cli/configure-the-snyk-cli/configure-snyk-cli-to-connect-to-snyk-api.md +++ b/developer-tools/cli-ide-and-ci-cd-integrations/snyk-cli/configure-the-snyk-cli/configure-snyk-cli-to-connect-to-snyk-api.md @@ -6,7 +6,7 @@ By default, the Snyk CLI connects to `https://api.snyk.io/`. You can use the fol `SNYK_API` -Specifying this variable sets the API host that will be used for Snyk requests. This is useful for [regional hosting](https://app.gitbook.com/s/ELvljsaLKPkSpffOkmsQ/regional-hosting-and-data-residency#cli-and-ci-pipeline-urls), on-premise instances, or when you are using a proxy server. If this variable is set with the `http` protocol, the CLI upgrades the requests to `https` unless `SNYK_HTTP_PROTOCOL_UPGRADE` is set to `0`. +Specifying this variable sets the API host used for Snyk requests. This is useful for [regional hosting](https://app.gitbook.com/s/ELvljsaLKPkSpffOkmsQ/regional-hosting-and-data-residency#cli-and-ci-pipeline-urls), on-premise instances, or when you are using a proxy server. If this variable is set with the `http` protocol, the CLI upgrades the requests to `https` unless `SNYK_HTTP_PROTOCOL_UPGRADE` is set to `0`. `SNYK_HTTP_PROTOCOL_UPGRADE=0` @@ -24,7 +24,7 @@ Specifying this variable disables all Snyk CLI analytics. `SNYK_TOKEN` -Specifying this variable allows you to override the token that may be available in your Snyk configuration settings (`~/.config/configstore/snyk.json`). Use `SNYK_TOKEN` in a CI/CD environment. After setting `SNYK_TOKEN` you can [get started](../../../snyk-cli/getting-started-with-the-snyk-cli.md) using the CLI. +Specifying this variable lets you override the token available in your Snyk configuration settings (`~/.config/configstore/snyk.json`). Use `SNYK_TOKEN` in a CI/CD environment. After setting `SNYK_TOKEN` you can [get started](../../../snyk-cli/getting-started-with-the-snyk-cli.md) using the CLI. For information on how to get your account token see [Authenticate the CLI with your account](../../../snyk-cli/authenticate-to-use-the-cli.md). You can also use a service account to authenticate; for more information see [Service accounts](https://app.gitbook.com/s/IgtgtomLQ2TUgSKOMSAm/service-accounts/service-accounts). For additional information, see [Authentication for third-party tools](../../../implementation-and-setup/enterprise-setup/authentication-for-third-party-tools.md). diff --git a/developer-tools/implementation-and-setup/enterprise-setup/authentication-for-third-party-tools.md b/developer-tools/implementation-and-setup/enterprise-setup/authentication-for-third-party-tools.md index 726c843d9feb..6b025e427507 100644 --- a/developer-tools/implementation-and-setup/enterprise-setup/authentication-for-third-party-tools.md +++ b/developer-tools/implementation-and-setup/enterprise-setup/authentication-for-third-party-tools.md @@ -1,6 +1,6 @@ # Authentication for third-party tools -When you work with Snyk from within any third-party tool, Snyk requires authentication in order to initiate its processes. +When you work with Snyk from within any third-party tool, Snyk requires authentication to initiate its processes. Snyk offers API tokens to enable integrations with third-party developer tools. You can authenticate through your personal account using your personal token or through a [service account](https://app.gitbook.com/s/IgtgtomLQ2TUgSKOMSAm/service-accounts/service-accounts) using the token associated with that account. When you authenticate through a service account, you do not use any personal token. diff --git a/developer-tools/integrations/event-forwarding/README.md b/developer-tools/integrations/event-forwarding/README.md index 9fe1f29189b2..4e278976d68d 100644 --- a/developer-tools/integrations/event-forwarding/README.md +++ b/developer-tools/integrations/event-forwarding/README.md @@ -1,13 +1,13 @@ # Event forwarding -Snyk event forwarding integrations allow you to push Snyk platform events directly to certain products on other platforms, enabling you to set up custom alerting, build your own reporting, trigger automation, and more. +Snyk event forwarding integrations let you push Snyk platform events directly to certain products on other platforms, so you can set up custom alerting, build your own reporting, trigger automation, and more. ## Event types Snyk supports sending two different types of events: 1. **Snyk issue events** - these events are sent when new issues are discovered in a Snyk Project, or when an issue is updated. Each event contains information about the vulnerability or other problem found, including whether a remediation is available. -2. **Snyk platform audit events** - these events are sent every time a Snyk user performs an action within the Snyk platform. For more information, see [Audit logs](https://app.gitbook.com/s/IgtgtomLQ2TUgSKOMSAm/user-management/user-management-with-the-api/retrieve-audit-logs-of-user-initiated-activity-by-api-for-an-org-or-group). +2. **Snyk platform audit events** - these events are sent every time a Snyk user performs an action in the Snyk platform. For more information, see [Audit logs](https://app.gitbook.com/s/IgtgtomLQ2TUgSKOMSAm/user-management/user-management-with-the-api/retrieve-audit-logs-of-user-initiated-activity-by-api-for-an-org-or-group). {% hint style="info" %} The **Snyk issue** event type does not include Snyk Cloud issues. diff --git a/developer-tools/integrations/event-forwarding/amazon-eventbridge.md b/developer-tools/integrations/event-forwarding/amazon-eventbridge.md index 44d944c1d5bb..4a9b2153c3ac 100644 --- a/developer-tools/integrations/event-forwarding/amazon-eventbridge.md +++ b/developer-tools/integrations/event-forwarding/amazon-eventbridge.md @@ -1,13 +1,13 @@ # Amazon EventBridge -The [Amazon EventBridge](https://aws.amazon.com/eventbridge/) integration sends Snyk platform events to EventBridge, allowing you to integrate Snyk events into your existing AWS environments. The integration can be configured to send two different types of events: +The [Amazon EventBridge](https://aws.amazon.com/eventbridge/) integration sends Snyk platform events to EventBridge, so you can integrate Snyk events into your existing AWS environments. You can configure the integration to send two different types of events: * **Snyk issue events**: These events are sent when new issues are discovered in a Snyk Project, or when an issue is updated. Each event contains information about the vulnerability or other problem found, including whether a remediation is available. -* **Snyk platform audit events**: These events are sent every time a Snyk user performs an action within the Snyk platform. For more information, see [Retrieve audit logs of user-initiated activity by API for an Org or Group](https://app.gitbook.com/s/IgtgtomLQ2TUgSKOMSAm/user-management/user-management-with-the-api/retrieve-audit-logs-of-user-initiated-activity-by-api-for-an-org-or-group). This event type is available with Snyk Enterprise plans. For more information, see this page about [trials](https://app.gitbook.com/s/L7HyJj9FsK1W4pNt8Gzl/implementation-guides/enterprise-implementation-guide/trial-limitations) and [Plans and pricing](https://snyk.io/plans/). +* **Snyk platform audit events**: These events are sent every time a Snyk user performs an action in the Snyk platform. For more information, see [Retrieve audit logs of user-initiated activity by API for an Org or Group](https://app.gitbook.com/s/IgtgtomLQ2TUgSKOMSAm/user-management/user-management-with-the-api/retrieve-audit-logs-of-user-initiated-activity-by-api-for-an-org-or-group). This event type is available with Snyk Enterprise plans. For more information, see this page about [trials](https://app.gitbook.com/s/L7HyJj9FsK1W4pNt8Gzl/implementation-guides/enterprise-implementation-guide/trial-limitations) and [Plans and pricing](https://snyk.io/plans/). To set up the integration, there are two steps: -1. Configure an EventBridge integration in the Snyk dashboard. This will create a Snyk **Partner Event Source** in your AWS account, which you can see in the EventBridge dashboard. +1. Configure an EventBridge integration in the Snyk dashboard. This creates a Snyk **Partner Event Source** in your AWS account, which you can see in the EventBridge dashboard. 2. Configure the Snyk integration in Amazon EventBridge. This step involves associating the Snyk event source created in step one with an EventBridge **Event Bus**. After you complete these steps, Snyk immediately starts sending events to the configured event bus. @@ -26,19 +26,19 @@ When the form is completed, click **Add integration**. After this step is done, ## Snyk App authorization -If this is the first time you have set up an Amazon EventBridge integration for your Organization, you will be prompted to complete the Snyk App authorization flow. +If this is the first time you have set up an Amazon EventBridge integration for your Organization, Snyk prompts you to complete the Snyk App authorization flow.
-After completing the authorization flow, you will be redirected to the settings page for the integration. +After completing the authorization flow, Snyk redirects you to the settings page for the integration. ## Configure the integration in Amazon EventBridge -After configuring the EventBridge integration on the Snyk side, you should see a new **Partner Event Source** in the EventBridge console. Navigate to the EventBridge console and navigate to the **Partner event sources** page under the **Integration** section. +After configuring the EventBridge integration on the Snyk side, a new **Partner Event Source** appears in the EventBridge console. Navigate to the EventBridge console and navigate to the **Partner event sources** page under the **Integration** section.
Partner event sources

Partner event sources

-Snyk-generated event sources will have a naming pattern like this: +Snyk-generated event sources have a naming pattern like this: `aws.partner/snyk.io/org_/`\ \ @@ -53,14 +53,14 @@ Navigate to the [EventBridge integration settings page](https://app.snyk.io/mana Clicking on the name of the integration opens the integration settings page, which displays configuration information for the integration. {% hint style="info" %} -Because EventBridge integrations create an external resource that depends on the configured AWS Account ID, Region, and event type, it is not possible to edit these configuration fields. If you need to change one of these fields, delete the integration and create a new one. This deletes the existing **partner event source** in AWS and creates a new one, which you will need to associate with an **event bus** as described above. +Because EventBridge integrations create an external resource that depends on the configured AWS Account ID, Region, and event type, it is not possible to edit these configuration fields. If you need to change one of these fields, delete the integration and create a new one. This deletes the existing **partner event source** in AWS and creates a new one, which you must associate with an **event bus** as described in the preceding steps. {% endhint %} -To delete an integration, scroll to the bottom of the page and click the **Remove integration** button, then confirm the deletion. +To delete an integration, scroll to the bottom of the page and click **Remove integration**, then confirm the deletion.
Remove integration

Remove integration

-This deletes the integration configuration on the Snyk side and the **Partner Event Source** associated with this integration in AWS. You can verify that the event source has been deleted in the EventBridge console. +This deletes the integration configuration on the Snyk side and the **Partner Event Source** associated with this integration in AWS. You can verify that Snyk deleted the event source in the EventBridge console. ## Understanding event data diff --git a/developer-tools/integrations/event-forwarding/aws-cloudtrail-lake.md b/developer-tools/integrations/event-forwarding/aws-cloudtrail-lake.md index fdc94afe065f..227742da5055 100644 --- a/developer-tools/integrations/event-forwarding/aws-cloudtrail-lake.md +++ b/developer-tools/integrations/event-forwarding/aws-cloudtrail-lake.md @@ -5,7 +5,7 @@ The AWS CloudTrail Lake integration is available only with Snyk Enterprise plans. For more information, see [plans and pricing](https://snyk.io/plans/). {% endhint %} -The AWS CloudTrail Lake integration allows you to forward [Snyk audit logs](https://app.gitbook.com/s/IgtgtomLQ2TUgSKOMSAm/user-management/user-management-with-the-api/retrieve-audit-logs-of-user-initiated-activity-by-api-for-an-org-or-group) to AWS CloudTrail Lake, which lets you run SQL-based queries on your logs and retain them for up to seven (7) years. +The AWS CloudTrail Lake integration lets you forward [Snyk audit logs](https://app.gitbook.com/s/IgtgtomLQ2TUgSKOMSAm/user-management/user-management-with-the-api/retrieve-audit-logs-of-user-initiated-activity-by-api-for-an-org-or-group) to AWS CloudTrail Lake, which lets you run SQL-based queries on your logs and retain them for up to seven years. This integration can be configured to forward audit logs for a single Snyk Organization, or for a Snyk Group and all of its child Organizations. In either case, there are two steps required to set up the integration: @@ -20,18 +20,18 @@ This integration sends logs beginning when you enable it. Logs generated before Audit logs are captured when Snyk users perform actions on the Snyk platform, such as making changes to settings, adding other users, or accessing protected APIs. When you are setting up this integration, it is important to understand how audit logs are captured, based on how a customer's Snyk account is set up: -* For customers using Snyk with a single Snyk Organization (or with multiple disconnected Organizations), all audit logs are captured within the scope of the single Organization. +* For customers using Snyk with a single Snyk Organization (or with multiple disconnected Organizations), all audit logs are captured in the scope of the single Organization. * For customers who have a Snyk Group with child Organizations, actions such as adding new Organizations to the group or adding users to the group are audited at the Group level, and are not typically associated with an Organization. This integration supports both use cases: 1. Integrate CloudTrail Lake with a single Snyk Organization - 1. All audit logs associated directly with that Organization will be sent to CloudTrail Lake. + 1. All audit logs associated directly with that Organization are sent to CloudTrail Lake. 2. If the Organization has a parent Group, actions taken on that Group **a**re not sent to CloudTrail Lake. - 3. If the Organization has members who are also members of other Organizations and Groups, actions taken by those members will only be sent to CloudTrail Lake if they are directly associated with the Organization. + 3. If the Organization has members who are also members of other Organizations and Groups, actions taken by those members are sent to CloudTrail Lake only if they are directly associated with the Organization. 2. Integrate CloudTrail Lake with a Snyk Group and all of its child Organizations - 1. All audit logs associated with the Group or any of its child Organizations will be sent to CloudTrail Lake. - 2. When new Organizations are added to the Group, audit logs for those Organizations will be sent automatically to CloudTrail Lake. + 1. All audit logs associated with the Group or any of its child Organizations are sent to CloudTrail Lake. + 2. When new Organizations are added to the Group, audit logs for those Organizations are sent automatically to CloudTrail Lake. ## Add a Snyk integration in AWS CloudTrail Lake @@ -43,7 +43,7 @@ During the setup, you must supply an **External ID** for the integration. The va ### External ID for a Single Snyk Organization -If you are creating this integration for a single Snyk Organization, you will use your Snyk **Organization ID** as the **External ID.** You can find your Organization ID under Snyk **Organization Settings**. +If you are creating this integration for a single Snyk Organization, use your Snyk **Organization ID** as the **External ID.** You can find your Organization ID under Snyk **Organization Settings**.
Organization ID on Snyk Organization Settings page

Organization ID on Snyk Organization settings page

@@ -51,7 +51,7 @@ Copy the value in the **Organization ID** field to the **External ID** field in ### External ID for a Snyk group -If you are setting up this Organization for a Snyk Group, which will automatically include all child organizations, you will use your **Snyk Group ID** as the **External ID**. You can find your Group ID by clicking on the name of your Snyk group in the Snyk dashboard, and then navigating to the **Settings** page. +If you are setting up this Organization for a Snyk Group, which automatically includes all child Organizations, use your **Snyk Group ID** as the **External ID**. You can find your Group ID by clicking on the name of your Snyk group in the Snyk dashboard, and then navigating to the **Settings** page.
Group settings page

Group settings page

@@ -59,7 +59,7 @@ Copy the value in the **Group ID** field to the **External ID** field in the AWS ### CloudTrail Lake Channel ARN -When you are finished creating the Snyk integration in AWS CloudTrail Lake, copy the **Channel ARN** that is displayed on the integration page. You will need this for the next step. +When you are finished creating the Snyk integration in AWS CloudTrail Lake, copy the **Channel ARN** displayed on the integration page. You need this for the next step. ## Configure the integration in Snyk (single Organization) @@ -77,11 +77,11 @@ After this step is complete, Snyk immediately begins forwarding audit logs to AW ## Snyk App authorization -If this is the first time you have set up an AWS CloudTrail Lake integration for your Organization, you will be prompted to complete the Snyk App authorization flow. +If this is the first time you have set up an AWS CloudTrail Lake integration for your Organization, Snyk prompts you to complete the Snyk App authorization flow.
Snyk App authorization

Snyk App authorization

-After completing the authorization flow you will be redirected to the settings page for the integration. +After completing the authorization flow, Snyk redirects you to the settings page for the integration. ## Configure the integration in Snyk (Snyk Group and child Organizations) @@ -132,7 +132,7 @@ Select **Remove integration** and confirm that you want to remove the integratio
Remove integration button

Remove integration button

-This action removes Snyk’s configuration for this integration, which will prevent any further audit logs from being sent to AWS CloudTrail Lake. This does not remove the Snyk integration in AWS CloudTrail Lake. To do this, navigate to AWS CloudTrail Lake and delete the Snyk integration from the **Integration** list. +This action removes the Snyk configuration for this integration, which prevents any further audit logs from being sent to AWS CloudTrail Lake. This does not remove the Snyk integration in AWS CloudTrail Lake. To do this, navigate to AWS CloudTrail Lake and delete the Snyk integration from the **Integration** list. ## Remove an AWS CloudTrail Lake integration (Snyk Group and child Organizations) @@ -161,7 +161,7 @@ Replace `` with the ID of the event data store that is asso ## Understanding the log data -There are three (3) key fields to note when using the Snyk audit log data in AWS CloudTrail Lake. +There are three key fields to note when using the Snyk audit log data in AWS CloudTrail Lake. `eventdata.useridentity` @@ -173,4 +173,4 @@ This represents the type of audit event, for example, `api.access` or `org.cloud `eventdata.additionaleventdata` -This field contains a raw JSON payload with more detailed information about the audit event. The content of the payload depends on the type of the event. For example, an API access event will include the accessed URL, while a settings change event will include before and after values for the changed setting. +This field contains a raw JSON payload with more detailed information about the audit event. The content of the payload depends on the type of the event. For example, an API access event includes the accessed URL, while a settings change event includes before and after values for the changed setting. diff --git a/developer-tools/integrations/event-forwarding/aws-security-hub.md b/developer-tools/integrations/event-forwarding/aws-security-hub.md index e5e28ae17d88..92a0557a5987 100644 --- a/developer-tools/integrations/event-forwarding/aws-security-hub.md +++ b/developer-tools/integrations/event-forwarding/aws-security-hub.md @@ -1,6 +1,6 @@ # AWS Security Hub -The [AWS Security Hub](https://aws.amazon.com/security-hub/) integration sends Snyk issues to Security Hub, allowing you to centralize your security reporting, build custom alerting, and trigger automation. After it is configured, the integration automatically uploads Snyk issues to Security Hub as security findings. When issues are updated or new remediations become available, the corresponding Security Hub findings are automatically updated. +The [AWS Security Hub](https://aws.amazon.com/security-hub/) integration sends Snyk issues to Security Hub, so you can centralize your security reporting, build custom alerting, and trigger automation. After it is configured, the integration automatically uploads Snyk issues to Security Hub as security findings. When issues are updated or new remediations become available, the corresponding Security Hub findings are automatically updated. There are two steps required to configure the integration: @@ -28,16 +28,16 @@ Enter a **name** for the integration, along with the **AWS Account ID** and **AW After this step is complete, Snyk begins sending new issue events to Security Hub. {% hint style="info" %} -Issues on existing Projects will not be sent to Security Hub unless those issues are updated. To backfill issues from existing projects, you can delete and re-import them. +Issues on existing Projects are not sent to Security Hub unless those issues are updated. To backfill issues from existing Projects, you can delete and re-import them. {% endhint %} ## Snyk App authorization -If this is the first time you have set up an AWS Security Hub integration for your Organization, you will be prompted to complete the Snyk App authorization flow. +If this is the first time you have set up an AWS Security Hub integration for your Organization, Snyk prompts you to complete the Snyk App authorization flow.
Snyk App authorization

Snyk App authorization

-After completing the authorization flow you will be redirected to the settings page for the integration. +After completing the authorization flow, Snyk redirects you to the settings page for the integration. ## Managing and deleting a Security Hub integration @@ -47,8 +47,8 @@ Navigate to the [Security Hub integration settings page](https://app.snyk.io/man Clicking on the name of an integration opens the settings page for that integration, where you can view and update configuration information for the integration. -To delete an integration, scroll to the bottom of the integration settings page and click the **Remove integration** button. +To delete an integration, scroll to the bottom of the integration settings page and click **Remove integration**.
Remove integration

Remove integration

-After the integration is deleted, Snyk will no longer send issues to Security Hub. Issues that have already been sent to Security Hub will remain there until they are archived. +After the integration is deleted, Snyk no longer sends issues to Security Hub. Issues already sent to Security Hub remain there until they are archived. diff --git a/developer-tools/integrations/event-forwarding/crowdstrike-falcon-next-gen-siem.md b/developer-tools/integrations/event-forwarding/crowdstrike-falcon-next-gen-siem.md index 507b9eb4a0fe..7bec740b70dc 100644 --- a/developer-tools/integrations/event-forwarding/crowdstrike-falcon-next-gen-siem.md +++ b/developer-tools/integrations/event-forwarding/crowdstrike-falcon-next-gen-siem.md @@ -24,21 +24,21 @@ The process for setting up this integration consists of: To use the CrowdStrike NG-SIEM destination, you need to set up a Snyk Data Connector in your CrowdStrike NG-SIEM environment. To learn more, visit the [Snyk](https://falcon.us-2.crowdstrike.com/documentation/page/c7182a06/snyk) page in the CrowdStrike documentation. Select the **snyk-platform (Snyk Platform)** parser while configuring the data connector. -When setting up the data connector, you receive an API key and URL, which you will use later to configure the Snyk Issue Forwarder. +When setting up the data connector, you receive an API key and URL, which you use later to configure the Snyk Issue Forwarder. ## Configure Snyk Issue Forwarder -This section configures Snyk to send issue data to the CrowdStrike connector you just created. +This section configures Snyk to send issue data to the CrowdStrike connector you created. * Open the **Integrations** menu. -* Select the **Add integration** option. +* Select **Add integration**. * Select the **Issue Forwardin**g tag and search for CrowdStrike Issue Forwarding. -* Click the **Add** button. +* Click **Add**. * Add the profile name for this integration. * Add the **API URL** you copied earlier from your CrowdStrike Issue Forwarding account. * Add the **API key** you copied earlier from your CrowdStrike Issue Forwarding account. -* Click the **Done** button. -* When the connection is established, the status of the CrowdStrike Issue Forwarding integration is changed to **Connected**. +* Click **Done**. +* When the connection is established, the status of the CrowdStrike Issue Forwarding integration changes to **Connected**. ## Verify the integration connection diff --git a/developer-tools/integrations/event-forwarding/google-security-command-center.md b/developer-tools/integrations/event-forwarding/google-security-command-center.md index e9b6243e6e7e..f6c732c160c4 100644 --- a/developer-tools/integrations/event-forwarding/google-security-command-center.md +++ b/developer-tools/integrations/event-forwarding/google-security-command-center.md @@ -6,7 +6,7 @@ The Google Cloud Security Command Center integration is in [Early Access](https://app.gitbook.com/s/L7HyJj9FsK1W4pNt8Gzl/snyk-release-process#early-access-features), and is available only with Snyk Enterprise plans. For more information, see [Plans and pricing](https://snyk.io/plans/). {% endhint %} -The Google Cloud Security Command Center (SCC) integration sends Snyk issues to SCC, enabling you to view and manage Snyk issues alongside cloud security findings from Google Cloud in a single viewpoint. Snyk issues are represented in SCC as code security findings. When Snyk issues are updated, corresponding SCC findings are automatically updated as well. All details are available at the Organization level in the Google Cloud Security Command Center (SCC) integration. +The Google Cloud Security Command Center (SCC) integration sends Snyk issues to SCC, so you can view and manage Snyk issues alongside cloud security findings from Google Cloud in a single viewpoint. Snyk issues are represented in SCC as code security findings. When Snyk issues are updated, corresponding SCC findings are automatically updated as well. All details are available at the Organization level in the Google Cloud Security Command Center (SCC) integration. Use the following instructions to set up the integration: @@ -28,12 +28,12 @@ Service Accounts are not available at the Organization level in Google Cloud IAM ## Create the findings source using the Google Cloud SCC console * In the SCC console, navigate to **Marketplace** and search for Snyk. Alternatively, navigate directly to the [Snyk for SCC marketplace listing](https://console.cloud.google.com/marketplace/product/snyk-marketplace/snyk-google-scc). -* Click **SIGN UP WITH PARTNER** to install the Snyk for SCC integration. During this process, you will create a **Findings Source** for Snyk and a **Service Account** with [Security Center Findings Editor](https://cloud.google.com/security-command-center/docs/access-control-org#securitycenter.findingsEditor) permissions. +* Click **SIGN UP WITH PARTNER** to install the Snyk for SCC integration. During this process, you create a **Findings Source** for Snyk and a **Service Account** with [Security Center Findings Editor](https://cloud.google.com/security-command-center/docs/access-control-org#securitycenter.findingsEditor) permissions. {% hint style="warning" %} **Important Identity and Access Management (IAM) Configuration for Security Command Center** -The setup process will grant the Snyk Service Account the `Security Center Findings Editor` role on the Project you select. However, how you use Security Command Center determines if an additional step is needed. +The setup process grants the Snyk Service Account the `Security Center Findings Editor` role on the Project you select. However, how you use Security Command Center determines if an additional step is needed. * **If you use Google SCC at the Organization level** (most common for businesses): * You must also add an IAM policy binding at the Organization level. @@ -42,7 +42,7 @@ The setup process will grant the Snyk Service Account the `Security Center Findi {% endhint %} * Navigate to Google Cloud IAM and locate the **Service Accoun**t you created in the previous step, then [create a service account key](https://cloud.google.com/iam/docs/keys-create-delete#creating) in JSON format. -* Make a note of the **Source ID** (Findings Source name) and the **Service Account Key**, as you will need to provide them to the Snyk Web UI. +* Make a note of the **Source ID** (Findings Source name) and the **Service Account Key**, as you must provide them to the Snyk Web UI. You can then set up the integration in Snyk using the Snyk Web UI. @@ -60,7 +60,7 @@ You can then set up the integration in Snyk using the Snyk Web UI. 3. Enter the following information: * Profile name for the integration -* The **Org ID** for the for the Google Cloud project that holds the Kubernetes cluster +* The **Org ID** for the Google Cloud project that holds the Kubernetes cluster * The JSON Service Account Key File * The **Source ID** (Findings Source Name) diff --git a/developer-tools/integrations/integrate-with-snyk.md b/developer-tools/integrations/integrate-with-snyk.md index 9eec5f1d5b6c..4e104cefa8d5 100644 --- a/developer-tools/integrations/integrate-with-snyk.md +++ b/developer-tools/integrations/integrate-with-snyk.md @@ -4,7 +4,7 @@ Agentic workflows transform software development by using AI assistants to automate tasks and write code, boosting productivity. But this speed poses security risks, as AI-generated code may have vulnerabilities. -Snyk offers security guardrails through Snyk Studio, including its integration with the Model Context Protocol (MCP), an open standard enabling AI tools to communicate with the Snyk security platform. This allows AI assistants to run scans and check for vulnerabilities during code generation, embedding security early in AI-powered development for both human and AI-generated code. +Snyk offers security guardrails through Snyk Studio, including its integration with the Model Context Protocol (MCP), an open standard enabling AI tools to communicate with the Snyk security platform. This lets AI assistants run scans and check for vulnerabilities during code generation, embedding security early in AI-powered development for both human and AI-generated code. Snyk provides information about: @@ -23,7 +23,7 @@ The Snyk MCP Server is designed as a local MCP server, running on your system us ## Integrations for Snyk -Many integrations are available for using third-party functionality within Snyk and using Snyk with other tools. See [SCM, IDE, and CI/CD workflow and integrations](../scm-integrations/) for information on integrations and other methods of accomplishing that workflow. +Many integrations are available for using third-party functionality in Snyk and using Snyk with other tools. See [SCM, IDE, and CI/CD workflow and integrations](../scm-integrations/) for information on integrations and other methods of accomplishing that workflow. This page identifies additional Snyk integrations and where to find them. @@ -34,7 +34,7 @@ Snyk provides plugins for repository gatekeepers and integrations to connect wit There are integrations that support [Snyk Container](https://app.gitbook.com/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-container/container-registry-integrations). -Integrations for [event forwarding](event-forwarding/) allow you to push Snyk platform events directly to certain products on other platforms, enabling you to set up custom alerting, build your own reporting, trigger automation, and more. +Integrations for [event forwarding](event-forwarding/) let you push Snyk platform events directly to certain products on other platforms, so you can set up custom alerting, build your own reporting, trigger automation, and more. [Notification and ticketing systems integrations](jira-and-slack-integrations/) help you work with Snyk in Jira and Slack. @@ -48,7 +48,7 @@ The **Integrations** page shows all active integrations, including any data auto The following supported Snyk data are automatically synced: Snyk Open Source, Snyk Code, Snyk IaC, Snyk Container. -Each connected integration enables you to pause data syncing, modify integration profiles and configurations, delete the integration, or check when the integration was last synced and when the next sync is scheduled. +Each connected integration lets you pause data syncing, modify integration profiles and configurations, delete the integration, or check when the integration was last synced and when the next sync is scheduled. ### Integrations syncing time @@ -67,9 +67,9 @@ After you finish setting up an integration, you can see the following connection * Setup in progress * Connected * Connection failed -* x profile(s) connected -* x/y profile(s) connected -* x profile(s) failed +* x profiles connected +* x/y profiles connected +* x profiles failed If you encounter any of the failed statuses, check the Connection failure details list available on the integration card. @@ -115,7 +115,7 @@ You can add an integration by following these steps: See the [Group-level integrations](../scm-integrations/group-level-integrations/) page for step-by-step details about how to set up an integration. -After the integration is validated, a card is displayed on the Integrations page, allowing you to enable or disable the connection, edit the settings, or remove the connection from your configuration. +After the integration is validated, a card is displayed on the Integrations page, so you can enable or disable the connection, edit the settings, or remove the connection from your configuration. ### Using Snyk Broker diff --git a/developer-tools/integrations/jira-and-slack-integrations/jira-integration.md b/developer-tools/integrations/jira-and-slack-integrations/jira-integration.md index b4c9b05780ac..b9b92be86693 100644 --- a/developer-tools/integrations/jira-and-slack-integrations/jira-integration.md +++ b/developer-tools/integrations/jira-and-slack-integrations/jira-integration.md @@ -6,7 +6,7 @@ For Snyk Infrastructure as Code, see [Jira Integration for IaC](https://app.gitb ## Set up your Jira integration -Snyk Jira integration allows you to manually raise Jira issues in the Snyk UI for vulnerabilities or license issues. The Jira integration also includes the API endpoints [Create jira issue](../../snyk-api/reference/jira-v1.md#org-orgid-project-projectid-issue-issueid-jira-issue) and [List all jira issues](../../snyk-api/reference/jira-v1.md#org-orgid-project-projectid-jira-issues). +The Snyk Jira integration lets you manually raise Jira issues in the Snyk UI for vulnerabilities or license issues. The Jira integration also includes the API endpoints [Create jira issue](../../snyk-api/reference/jira-v1.md#org-orgid-project-projectid-issue-issueid-jira-issue) and [List all jira issues](../../snyk-api/reference/jira-v1.md#org-orgid-project-projectid-jira-issues). {% hint style="info" %} If your Jira instance is private, use [the Snyk Broker deployment method](https://app.gitbook.com/s/IgtgtomLQ2TUgSKOMSAm/snyk-broker/classic-broker/install-and-configure-snyk-broker/jira-prerequisites-and-steps-to-install-and-configure-broker/jira-install-and-configure-using-docker). @@ -15,7 +15,7 @@ If your Jira instance is private, use [the Snyk Broker deployment method](https: ## Prerequisites for Jira integration with Snyk * Snyk supports Jira from version 5 to version 10. -* The following [Jira permissions](https://confluence.atlassian.com/adminjiraserver073/managing-project-permissions-861253293.html) are required: **Browse Projects** and **Create Issues.** +* You need the following [Jira permissions](https://confluence.atlassian.com/adminjiraserver073/managing-project-permissions-861253293.html): **Browse Projects** and **Create Issues.** ## How to set up your Jira integration @@ -35,17 +35,17 @@ After entering the details into the integration, click **Save and continue**. If the connection is not successful, check that the Base URL starts with exactly `https://` It must not have capitals or be http. {% endhint %} -If the connection is successful, you will see the connection details in orange at the top of the page. +If the connection is successful, the connection details appear at the top of the page. Fill in the following fields: * Default Project (required) - Select a Jira Project from the list. * Default Issue Type (required) - Select an issue type from the list. The list is populated from available issue types in your Project. -* Ignored Fields (optional) - Specified fields will be excluded from the prompt users see when creating Jira issues in Snyk. For custom fields, use the [custom field id](https://confluence.atlassian.com/jirakb/find-my-custom-field-id-number-in-jira-744522503.html) in the format `customfield_XXXXXX`. +* Ignored Fields (optional) - Snyk excludes the specified fields from the prompt users see when creating Jira issues in Snyk. For custom fields, use the [custom field id](https://confluence.atlassian.com/jirakb/find-my-custom-field-id-number-in-jira-744522503.html) in the format `customfield_XXXXXX`. ## Create a Jira issue -After you set up the Jira integration connection, open one of your Snyk Projects in the Snyk Web UI. A new button, **Create an issue**, appears at the bottom of each vulnerability and license issue card. This button allows you to create a Jira issue. +After you set up the Jira integration connection, open one of your Snyk Projects in the Snyk Web UI. A new button, **Create an issue**, appears at the bottom of each vulnerability and license issue card. This button lets you create a Jira issue.
Create an issue button

Create an issue button

@@ -53,9 +53,9 @@ If the **Create an issue** button is not visible in the UI, ensure that **Group When you select **Create an issue**, a Jira issue creation form appears. This form includes the Snyk issue details, which are copied into the associated fields. You can review and edit this form before creating the issue. -Select the Jira project to which you want to send the issue. The fields in the example that follows are based on the fields that the specific Project has, so switching between Projects may show different options. +Select the Jira project to which you want to send the issue. The fields in the example that follows are based on the fields that the specific Project has, so switching between Projects might show different options. -
Crate a Jira issue

Create a Jira issue

+
Create a Jira issue

Create a Jira issue

After you create a Jira issue, the Jira key with a link is displayed on the issue card. If you are using the Jira API, you can generate multiple Jira issues for the same issue in Snyk. diff --git a/developer-tools/integrations/jira-and-slack-integrations/slack-app.md b/developer-tools/integrations/jira-and-slack-integrations/slack-app.md index a3568905f250..963406760d65 100644 --- a/developer-tools/integrations/jira-and-slack-integrations/slack-app.md +++ b/developer-tools/integrations/jira-and-slack-integrations/slack-app.md @@ -38,23 +38,23 @@ To enable the Snyk app for Slack, you must do the following: 1. Authorize the app with Snyk to get new issues data that can be forwarded to your Slack workspace. 2. Authorize the app with your Slack workspace to allow Snyk to send notifications to your channels in the workspace. -3. Configure the default notification settings in Snyk for all Projects in your Organization and add [Project-level notification overrides](slack-app.md#manage-project-level-notification-overrides) if you would like. +3. Configure the default notification settings in Snyk for all Projects in your Organization and add [Project-level notification overrides](slack-app.md#manage-project-level-notification-overrides) if you want. ## Configure the Snyk app for Slack Ensure the user performing this installation has the permission **Snyk Apps Management - Install Apps** before continuing. See [documentation for member roles](https://app.gitbook.com/s/IgtgtomLQ2TUgSKOMSAm/user-management/user-role-management). 1. Open the [Snyk integrations page](https://app.snyk.io/integrations), navigate to **Notifications**, and click the **Slack App** tile. -2. You must give authorization for Snyk to access data from Slack by selecting **Authorize with Snyk**. -3. Additional authorization is requested for Snyk to access the Snyk Slack workspace. This involves content and info about channels and conversations, as well as enabling Snyk to perform action in those channels and conversations. To proceed, select **Allow**. +2. Authorize Snyk to access data from Slack by selecting **Authorize with Snyk**. +3. Snyk requests additional authorization to access the Snyk Slack workspace. This involves content and info about channels and conversations, as well as enabling Snyk to perform actions in those channels and conversations. To proceed, select **Allow**. {% hint style="info" %} -If multiple Slack workspaces are available, a dropdown will be visible at the top right of the page. Select the desired Slack workspace. +If multiple Slack workspaces are available, a dropdown appears at the top right of the page. Select the desired Slack workspace. {% endhint %} You can configure the integration to provide a Slack channel ID for the channel where issue notifications for the Organization are sent, and also filter by severity level. -To find the channel ID of a Slack Channel, open Slack, right-click on the channel name, select **View channel details**, then scroll down to the bottom of the window where you will see the channel ID, for example, C2TB2222N. +To find the channel ID of a Slack Channel, open Slack, right-click on the channel name, select **View channel details**, then scroll down to the bottom of the window where the channel ID appears, for example, C2TB2222N. To add the Snyk for Slack app to a private channel, you must first add the app manually to the channel from within Slack and then select the channel within the Snyk integration. In the Private channel, select **Channel settings - Integrations**, and then **Add an app**. Search for **Snyk for Slack** and select **add**. After you have done this, the channel is displayed on the **Settings** page for the integration. @@ -62,8 +62,8 @@ If you are a Slack Admin, you can manually add the Snyk for Slack app to a priva ## Issue notifications -After the Slack app has been configured, new issue notifications are forwarded to the selected Slack channel according to the desired severity level threshold.\ -New issue notifications may take up to an hour to start propagating to your Slack workspace after it is configured. +After you configure the Slack app, new issue notifications are forwarded to the selected Slack channel according to the desired severity level threshold.\ +New issue notifications can take up to an hour to start propagating to your Slack workspace after it is configured.
Example of a new critical vulnerability notification received in Slack

Example of a new critical vulnerability notification received in Slack

@@ -114,7 +114,7 @@ To interact with the Project-level notification customization endpoints, you mus `GET /orgs/{org_id}/app_bots` {% hint style="info" %} -Ensure you apply the `expand=app` query string on your request. This enables you to find the Bot for the related Snyk App named **Slack App**. +Ensure you apply the `expand=app` query string on your request. This lets you find the Bot for the related Snyk App named **Slack App**. {% endhint %} #### Find your Project ID @@ -145,6 +145,6 @@ After retrieving the `org_id`, `bot_id`, and `project_id` values, you can use th ## Remove the Snyk app for Slack -To remove the Snyk app for Slack, navigate to the settings page, locate **Remove Slack Snyk app** at the bottom of the page, and click the **Disconnect Slack** button: +To remove the Snyk app for Slack, navigate to the settings page, locate **Remove Slack Snyk app** at the bottom of the page, and click **Disconnect Slack**:
Remove Slack App integration

Remove Slack App integration

diff --git a/developer-tools/integrations/jira-and-slack-integrations/slack-integration.md b/developer-tools/integrations/jira-and-slack-integrations/slack-integration.md index 73a4e4efe0db..f8cf22db4493 100644 --- a/developer-tools/integrations/jira-and-slack-integrations/slack-integration.md +++ b/developer-tools/integrations/jira-and-slack-integrations/slack-integration.md @@ -4,10 +4,10 @@ Snyk recommends that all customers use the [Slack App](slack-app.md), as the Slack integration is outdated. {% endhint %} -You can set up Slack to receive Snyk’s alerts about new vulnerabilities that affect your Projects and new upgrades or patches that have become available. +You can set up Slack to receive Snyk alerts about new vulnerabilities that affect your Projects and new upgrades or patches that have become available. {% hint style="info" %} -Vulnerabilities detected on initial import of projects are not sent to Slack immediately. +Vulnerabilities detected on initial import of Projects are not sent to Slack immediately. {% endhint %} ## Slack notification types @@ -22,9 +22,9 @@ A new upgrade or patch is available for a vulnerability that you previously igno ## Set up the Slack integration -To set up the integration, you must generate a Slack webhook. You can do this either via the [Incoming WebHooks app](https://slack.com/apps/A0F7XDUAZ-incoming-webhooks) or by [creating your own Slack app](https://api.slack.com/incoming-webhooks). +To set up the integration, you must generate a Slack webhook. You can do this either using the [Incoming WebHooks app](https://slack.com/apps/A0F7XDUAZ-incoming-webhooks) or by [creating your own Slack app](https://api.slack.com/incoming-webhooks). -Once you have generated your Slack Webhook URL, go to your **Manage Organization** settings and enter the URL. +After you generate your Slack Webhook URL, navigate to your **Manage Organization** settings and enter the URL.
Enter URL of the Slack webhook

Enter URL of the Slack webhook

diff --git a/developer-tools/integrations/jira-and-slack-integrations/snyk-security-in-jira-cloud-integration.md b/developer-tools/integrations/jira-and-slack-integrations/snyk-security-in-jira-cloud-integration.md index e592ca382bd7..89f512e97f85 100644 --- a/developer-tools/integrations/jira-and-slack-integrations/snyk-security-in-jira-cloud-integration.md +++ b/developer-tools/integrations/jira-and-slack-integrations/snyk-security-in-jira-cloud-integration.md @@ -22,7 +22,7 @@ To connect the Jira app to Snyk, you must be a [Snyk Organization administrator] To activate Security in Jira Cloud in Jira, navigate to **Project Settings > Features > Development > Security** and toggle **Security** **ON**. -Ensure you have the following permission scopes in Jira, which are required for the integration to operate. +Ensure you have the following permission scopes in Jira, which the integration needs to operate.
Required scope in JiraPurpose
Write data to the host applicationSynchronize vulnerabilities in Snyk with Jira so they appear in the Security tab in Jira.
Read data from the host applicationRead vulnerabilities from Jira to optimize the issues synchronization process.
Delete data from the host applicationRemove vulnerabilities from Jira when a Snyk Organization is removed from Jira.
@@ -59,8 +59,8 @@ Typically research and development engineering managers do this task because the {% endhint %} 1. In Jira, navigate to your **Project** and select the **Security** tab. -2. Click the **Connect security containers** button. -3. Click on the Snyk application and then select **Connect security containers**. +2. Click **Connect security containers**. +3. Click the Snyk application and then select **Connect security containers**.
Connect security containers in Jira via the Security tab and panels

Connect security containers in Jira via the Security tab and panels

4. Select your Snyk Organization from the list, and choose the Snyk Targets to connect to Jira. @@ -70,11 +70,11 @@ Typically research and development engineering managers do this task because the Developers can now use the security feature to view recent vulnerabilities found in the linked code repositories and start [creating Jira issues](snyk-security-in-jira-cloud-integration.md#create-a-jira-issue-from-a-vulnerability) from those vulnerabilities or [linking them to existing Jira issues](snyk-security-in-jira-cloud-integration.md#link-an-existing-jira-issue-to-a-vulnerability). {% hint style="info" %} -Issue syncing between Snyk and Jira happens asynchronously, meaning there may be a delay before issues appear in Jira. +Issue syncing between Snyk and Jira happens asynchronously, meaning there might be a delay before issues appear in Jira. {% endhint %} {% hint style="info" %} -Only **security vulnerabilities** will be shown on the Jira Security tab. +Only **security vulnerabilities** are shown on the Jira Security tab. {% endhint %} ### Deleting a target or repository @@ -82,15 +82,15 @@ Only **security vulnerabilities** will be shown on the Jira Security tab. To delete a target or repository from Snyk that you have connected to Jira, you must first delete the container code repository in Jira, through the **Security** panel in each Jira Project. Then you can remove the target or repository from Snyk: 1. In Jira, navigate to your **Project** and select the **Security** tab. -2. Click on the **Connect security containers** button. -3. Click on the Snyk application +2. Click **Connect security containers**. +3. Click the Snyk application 4. Select the security container you want to remove from the list using the **Remove connection** option
Remove connected security containers in the Jira Security panel

Remove connected security containers in the Jira Security panel

## Automate ticket creation in Jira -The following steps describe how to use Jira automation to automatically create tickets for Snyk Vulnerabilities: +The following steps describe how to use Jira automation to automatically create tickets for Snyk vulnerabilities: 1. In Jira, in your project, navigate to **Project Settings** and then **Automation**. 2. Click **Create Rule**. @@ -126,7 +126,7 @@ Select the title of a column in the table to sort all vulnerabilities by that at When triaging issues, you can add a Jira issue to the sprint or backlog to ensure the required work for resolving the vulnerability is planned and tracked. -Snyk provides vulnerability information to Jira, enabling users to have comprehensive data for resolving issues. +Snyk provides vulnerability information to Jira, giving users comprehensive data for resolving issues. To add a Jira issue, navigate to the Snyk Security tab, find a vulnerability, and click **Create issue**. @@ -141,7 +141,7 @@ If the vulnerability already has a Jira issue, you can link the vulnerability to These steps describe how to use Jira automation and JQL to automatically close or change the status of tickets for vulnerabilities that are now in a closed state. 1. In Jira on your Project, navigate to **Project Settings** and then **Automation.** -2. Click he **Create Rule** button. +2. Click **Create Rule**. 3. Click **Scheduled** and then **Scheduled**.
Add Scheduled trigger

Add Scheduled trigger

@@ -160,16 +160,16 @@ These steps describe how to use Jira automation and JQL to automatically close o 6. Now that the setup is complete, give it a name and click on **Turn on rule.** -Now, according to your schedule, Jira will search for any issues for which the vulnerability is closed, but the issues are not closed, and close each Jira issue. +Now, according to your schedule, Jira searches for any issues for which the vulnerability is closed but the issues are not closed, and closes each Jira issue. ## Uninstall Snyk Security in Jira Cloud {% hint style="warning" %} -Uninstalling Snyk Security in Jira Cloud will disconnect Snyk vulnerabilities from their associated Jira issues.\ +Uninstalling Snyk Security in Jira Cloud disconnects Snyk vulnerabilities from their associated Jira issues.\ \ To uninstall a Jira app, you must be an administrator in the site-admins, administrators, or jira-administrators groups. {% endhint %} 1. In Jira, navigate to **Apps** in the main menu and select **Manage your apps.** 2. Select **Snyk Security in Jira.** -3. Click the **Uninstall** button. +3. Click **Uninstall**. diff --git a/developer-tools/integrations/partner-integrations.md b/developer-tools/integrations/partner-integrations.md index da31fdb3464b..62e7766d884f 100644 --- a/developer-tools/integrations/partner-integrations.md +++ b/developer-tools/integrations/partner-integrations.md @@ -129,7 +129,7 @@ To see the documentation for each integration, click on the integration name in ## Identity correlation -Tracking SLDC workflows and vulnerabilities per developer/user. +Tracking SDLC workflows and vulnerabilities per developer/user. To see the documentation for each integration, click on the integration name in the table. @@ -206,7 +206,7 @@ To see the documentation for each integration, click on the integration name in | Integration | Description | | ------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| [ServiceNow: Snyk Vulnerbility Intelligence for SBOM](https://store.servicenow.com/store/app/994d67e21b646a50a85b16db234bcb56) | Vulnerability Intelligence for ServiceNow SBOM allows you to efficiently prioritize and remediate vulnerabilities in the components identified in your SBOMs. | +| [ServiceNow: Snyk Vulnerability Intelligence for SBOM](https://store.servicenow.com/store/app/994d67e21b646a50a85b16db234bcb56) | Vulnerability Intelligence for ServiceNow SBOM allows you to efficiently prioritize and remediate vulnerabilities in the components identified in your SBOMs. | ## Ticketing and workflow diff --git a/developer-tools/scan-with-snyk/snyk-tools/README.md b/developer-tools/scan-with-snyk/snyk-tools/README.md index 3363ba1734d3..ef25f0555700 100644 --- a/developer-tools/scan-with-snyk/snyk-tools/README.md +++ b/developer-tools/scan-with-snyk/snyk-tools/README.md @@ -2,7 +2,7 @@ ## Scope of Snyk Tools -Snyk Tools help with specific pain points that may not be addressed by Snyk product functionality, regardless of whether you use Snyk through the Web UI, CLI, API, or an integration. Snyk Tools extend the functions of the Snyk API and the Snyk CLI. +Snyk Tools help with specific pain points that Snyk product functionality might not address, regardless of whether you use Snyk through the Web UI, CLI, API, or an integration. Snyk Tools extend the functions of the Snyk API and the Snyk CLI. {% hint style="info" %} You must have a [Snyk Account](https://snyk.io/login?cta=sign-up\&loc=nav\&page=support_docs_page) with populated Projects to use Snyk Tools. @@ -32,7 +32,7 @@ Refer to the repositories for instructions on how to use the following additiona * [snyk-user-sync-tool](https://github.com/snyk-tech-services/snyk-user-sync-tool): Add, remove, and sync user memberships. * [snyk-licenses-texts](https://github.com/snyk-tech-services/snyk-licenses-texts): Provides Organization-level licenses used, copyrights (until January 8, 2024), and dependencies data. * [snyk-request-manager](https://github.com/snyk-tech-services/snyk-request-manager): Rate-controlled and retry-enabled request manager to interact with Snyk APIs. -* [snyk-repo-issue-tracker](https://github.com/snyk-tech-services/snyk-repo-issue-tracker): A python script/module that allows for generating a changeset of issues between runs against the Snyk Project issues API. +* [snyk-repo-issue-tracker](https://github.com/snyk-tech-services/snyk-repo-issue-tracker): A python script/module that generates a changeset of issues between runs against the Snyk Project issues API. * [snyk-repo-diff:](https://github.com/snyk-tech-services/snyk-repo-diff) Helps determine which repositories are not monitored by Snyk. This works by retrieving a list of all Projects in a given Snyk Group, that is, all Projects in all Organizations belonging to the same Snyk Group, and associating them with a list of repositories found in a given GitHub Organization. diff --git a/developer-tools/scan-with-snyk/snyk-tools/python-code-to-extract-issues-from-snyk-api.md b/developer-tools/scan-with-snyk/snyk-tools/python-code-to-extract-issues-from-snyk-api.md index 0d80d8eb9e56..d34723e400ff 100644 --- a/developer-tools/scan-with-snyk/snyk-tools/python-code-to-extract-issues-from-snyk-api.md +++ b/developer-tools/scan-with-snyk/snyk-tools/python-code-to-extract-issues-from-snyk-api.md @@ -1,3 +1,3 @@ # Python code to extract issues from Snyk API -Snyk has an unsupported Python client that can be used to get issues using the V1 API: [https://github.com/snyk-labs/pysnyk](https://github.com/snyk-labs/pysnyk). +Snyk has an unsupported Python client you can use to get issues using the V1 API: [https://github.com/snyk-labs/pysnyk](https://github.com/snyk-labs/pysnyk). diff --git a/developer-tools/scan-with-snyk/snyk-tools/tool-jira-tickets-for-new-vulns.md b/developer-tools/scan-with-snyk/snyk-tools/tool-jira-tickets-for-new-vulns.md index f0115337eda1..2220d2479bdc 100644 --- a/developer-tools/scan-with-snyk/snyk-tools/tool-jira-tickets-for-new-vulns.md +++ b/developer-tools/scan-with-snyk/snyk-tools/tool-jira-tickets-for-new-vulns.md @@ -1,6 +1,6 @@ # Tool: jira-tickets-for-new-vulns -`jira-tickets-for-new-vulns` provides the means to sync your Snyk-monitored projects and automatically open Jira tickets for new issues and existing issue(s) without ticket(s) already created. +`jira-tickets-for-new-vulns` provides the means to sync your Snyk-monitored Projects and automatically open Jira tickets for new issues and existing issues without tickets already created. Cron it every X minutes/hours and fix the issues. This tool is aimed to be executed at regular intervals or with a trigger of your choice (webhooks). @@ -45,7 +45,7 @@ Use the binaries from [the release page](https://github.com/snyk-tech-services/j ## Restrictions -The tool does not support infrastructure as code projects. It opens an issue only for code and open source projects and ignores all other project types. +The tool does not support infrastructure as code Projects. It opens an issue only for code and open source Projects and ignores all other Project types. **Priority is severity** @@ -70,7 +70,7 @@ git clone the repo, build: > `go run main.go jira.go jira_utils.go vulns.go snyk.go snyk_utils.go` -Please report issues. +Report issues. ## Dependencies @@ -143,4 +143,4 @@ jira: * The token is not expected to be present in the config file. * Command line arguments override the config file. Example: Using the config file above, running `./snyk-jira-sync-macOs --Org=1234 --configFile=./path/to/folder --token=123` the org ID used by the tool will be 1234 and not a1b2c3de-99b1-4f3f-bfdb-6ee4b4990513. * See 'Extended options' for default values. -* Ensure you use the same issue type that is configured in your Jira. Default is Bug. Verify the type is use (or default) exists in your Jira configuration. +* Ensure you use the same issue type that is configured in your Jira. Default is Bug. Verify the type in use (or default) exists in your Jira configuration. diff --git a/developer-tools/scan-with-snyk/snyk-tools/tool-snyk-api-import/README.md b/developer-tools/scan-with-snyk/snyk-tools/tool-snyk-api-import/README.md index e41fb3a5192f..3cfb59f35ea9 100644 --- a/developer-tools/scan-with-snyk/snyk-tools/tool-snyk-api-import/README.md +++ b/developer-tools/scan-with-snyk/snyk-tools/tool-snyk-api-import/README.md @@ -8,10 +8,10 @@ The Snyk API Project importer, `snyk-api-import`, is a script intended to help i If you need to adjust concurrency, you can stop the script, change the concurrency variable, and start again. The tool skips previous repositories (Targets) that have been requested for import. -To use `snyk-api-import` you must do the following in advance: +To use `snyk-api-import` you must do the following first: * Set up your Snyk Organizations (Orgs) before running an import. -* Configure your Snyk Organizations with some connection to an SCM (GitHub, GitLab, Bitbucket, other) as you will need the `integrationId` to generate the import files. +* Configure your Snyk Organizations with some connection to an SCM (GitHub, GitLab, Bitbucket, other) as you need the `integrationId` to generate the import files. * Use the [Set notification settings](../../../snyk-api/reference/organizations-v1.md#org-orgid-notification-settings) API endpoint to disable notifications for emails and so on, to avoid receiving import notifications (recommended). * Use the [Update](../../../snyk-api/reference/integrations-v1.md#org-orgid-integrations-integrationid-settings) (integration settings) endpoint to disable the fix PRs and PR checks until import is complete to avoid sending extra requests to SCMs (GitHub, GitLab, Bitbucket, and so on). @@ -39,7 +39,7 @@ yarn global add snyk-api-import ## Usage -By default the `import` command will run if no command is specified. +By default the `import` command runs if no command is specified. * `import` - kick off an API-powered import of repos (Targets) into existing Snyk Organizations defined in the import configuration file. All support available for all Project types is provided through the [Import](../../../snyk-api/reference/import-projects-v1.md) API endpoints, [Import targets](../../../snyk-api/reference/import-projects-v1.md#org-orgid-integrations-integrationid-import) and [Get Import job details](../../../snyk-api/reference/import-projects-v1.md#org-orgid-integrations-integrationid-import-jobid). * `help` - show help and all available commands and their options. @@ -70,9 +70,9 @@ The logs can be explored using the [Bunyan CLI](http://trentm.com/node-bunyan/bu Error: ENFILE: file table overflow, open or Error: EMFILE, too many open files -If you see these errors, you may need to bump **ulimit** to allow more open file operations. In order to keep the operations performing well, the tool logs as soon as it is convenient rather than waiting until the very end of a loop and logging a huge data structure. This means that depending on the number of concurrent imports set, the tool may exceed the system default **ulimit**. +If you see these errors, you might need to bump **ulimit** to allow more open file operations. To keep the operations performing well, the tool logs as soon as it is convenient rather than waiting until the end of a loop and logging a huge data structure. This means that depending on the number of concurrent imports set, the tool might exceed the system default **ulimit**. -Some of these resources may help you bump the **ulimit**: +Some of these resources can help you bump the **ulimit**: * [ss64.com](https://ss64.com/bash/ulimit.html) * [StackOverflow](https://stackoverflow.com/questions/45004352/error-enfile-file-table-overflow-scandir-while-run-reaction-on-mac) @@ -94,7 +94,7 @@ If your GitHub, GitLab, Bitbucket, or Azure instance is using a self-signed cert Does this work with brokered integrations? -Yes. Because Snyk reuses the existing integration with your SCM (Git) repository to perform the imports, the brokered connection will be used when configured. +Yes. Because Snyk reuses the existing integration with your SCM (Git) repository to perform the imports, the brokered connection is used when configured. diff --git a/developer-tools/scan-with-snyk/snyk-tools/tool-snyk-api-import/contributing-to-snyk-api-import.md b/developer-tools/scan-with-snyk/snyk-tools/tool-snyk-api-import/contributing-to-snyk-api-import.md index a8912c47be52..6bfc65493008 100644 --- a/developer-tools/scan-with-snyk/snyk-tools/tool-snyk-api-import/contributing-to-snyk-api-import.md +++ b/developer-tools/scan-with-snyk/snyk-tools/tool-snyk-api-import/contributing-to-snyk-api-import.md @@ -2,7 +2,7 @@ ## Contributor Agreement -A pull-request will only be considered for merging into the upstream codebase after you have signed Snyk's contributor agreement, assigning to Snyk the rights to the contributed code and granting you a license to use it in return. If you submit a pull request, you will be prompted to review and sign the agreement with one click (Snyk uses [CLA assistant](https://cla-assistant.io/)). +Snyk considers a pull request for merging into the upstream codebase only after you have signed the Snyk contributor agreement, assigning to Snyk the rights to the contributed code and granting you a license to use it in return. If you submit a pull request, Snyk prompts you to review and sign the agreement with one click (Snyk uses [CLA assistant](https://cla-assistant.io/)). ## Pull requests @@ -16,7 +16,7 @@ fix: minified scripts being removed Also includes tests ``` -This allows for the automatic change log to generate correctly. +This lets the automatic change log generate correctly. Commit types must be one of the following: @@ -40,10 +40,10 @@ Ensure that your code adheres to the included `.eslintrc` config by running `npm * New command line options are generally discouraged unless there's a _really_ good reason. * Add tests for newly added code (and try to mirror directory and file structure if possible). * Spell check. -* PRs will not be code reviewed unless all tests are passing. +* PRs are not code reviewed unless all tests are passing. {% hint style="info" %} -When fixing a bug, commit a failing test first so that CircleCI (or the approver) can show the code failing. Once that commit is in place, then commit the bug fix so that Snyk can test before and after. +When fixing a bug, commit a failing test first so that CircleCI (or the approver) can show the code failing. After that commit is in place, commit the bug fix so that Snyk can test before and after. {% endhint %} -Remember that you're developing for multiple platforms and versions of Node.js, so if the tests pass on your Mac or Linux or Windows machine, the tests may not pass elsewhere. +Remember that you're developing for multiple platforms and versions of Node.js, so if the tests pass on your Mac or Linux or Windows machine, the tests might not pass elsewhere. diff --git a/developer-tools/scan-with-snyk/snyk-tools/tool-snyk-api-import/creating-import-targets-data-for-import-command.md b/developer-tools/scan-with-snyk/snyk-tools/tool-snyk-api-import/creating-import-targets-data-for-import-command.md index d0b064dcbd1d..0fe42bcd213d 100644 --- a/developer-tools/scan-with-snyk/snyk-tools/tool-snyk-api-import/creating-import-targets-data-for-import-command.md +++ b/developer-tools/scan-with-snyk/snyk-tools/tool-snyk-api-import/creating-import-targets-data-for-import-command.md @@ -34,7 +34,7 @@ You need the organizations data in JSON as an input to this command to help map } ``` -Note: the `"name`" of the GitHub or GitHub Enterprise Organization is required in order to list all repos belonging to that Organization using the GitHub API. The Snyk-specific data accompanying that Organization name will be used as the information to generate import data, assuming all repos in that Organization will be imported into a given Snyk Organization. This utility is opinionated. If you want to customize the import data, create it manually as described on [Kicking off an import](kicking-off-an-import.md). +Note: the `"name`" of the GitHub or GitHub Enterprise Organization is required to list all repos belonging to that Organization using the GitHub API. Snyk uses the Snyk-specific data accompanying that Organization name to generate import data, assuming all repos in that Organization are imported into a given Snyk Organization. This utility is opinionated. If you want to customize the import data, create it manually as described on [Kicking off an import](kicking-off-an-import.md). * You can list GitHub and GitHub Enterprise organizations using the GitHub [/orgs API](https://docs.github.com/en/free-pro-team@latest/rest/reference/orgs). * You can list integrations using the Snyk API endpoint [List](../../../snyk-api/reference/integrations-v1.md#org-orgid-integrations-1) (integrations). @@ -68,7 +68,7 @@ You need the organization's data in JSON as an input to this command to help map } ``` -Note: the "name" of the GitLab Group is required in order to list all projects belonging to that group using the GitLab API. The Snyk-specific data accompanying that Group name will be used as the information to generate import data assuming all projects in that group will be imported into a given Snyk Organization. This utility is opinionated. If you want to customize the import data, create it manually as described on [Kicking off an import](kicking-off-an-import.md). +Note: the "name" of the GitLab Group is required to list all projects belonging to that group using the GitLab API. Snyk uses the Snyk-specific data accompanying that Group name to generate import data, assuming all projects in that group are imported into a given Snyk Organization. This utility is opinionated. If you want to customize the import data, create it manually as described on [Kicking off an import](kicking-off-an-import.md). * GitLab Groups can be listed using the GitLab [/groups API](https://docs.gitlab.com/ee/api/groups.html) * You can list integrations using the Snyk API endpoint [List](../../../snyk-api/reference/integrations-v1.md#org-orgid-integrations-1) (integrations). @@ -104,7 +104,7 @@ You need the organizations data in JSON as an input to this command to help map } ``` -Note: the "name" of the Azure organization is required in order to list all projects and repos belonging to that organization using the Azure API. The Snyk-specific data accompanying that organization name will be used as the information to generate import data assuming all projects in that organization will be imported into a given Snyk Organization. This utility is opinionated. If you want to customize the import data, create it manually as described on [Kicking off an import](kicking-off-an-import.md). +Note: the "name" of the Azure organization is required to list all projects and repos belonging to that organization using the Azure API. Snyk uses the Snyk-specific data accompanying that organization name to generate import data, assuming all projects in that organization are imported into a given Snyk Organization. This utility is opinionated. If you want to customize the import data, create it manually as described on [Kicking off an import](kicking-off-an-import.md). * Your Org name in Azure is listed on the left pane in the [Azure-Devops-site](https://dev.azure.com/) * You can list integrations using the Snyk API endpoint [List](../../../snyk-api/reference/integrations-v1.md#org-orgid-integrations-1) (integrations). @@ -140,7 +140,7 @@ You need the organizations data in JSON as an input to this command to help map } ``` -Note: the "name" of the Bitbucket server project is required in order to list all repos belonging to that project using the Bitbucket server API. The Snyk-specific data accompanying that project name will be used as the information to generate import data, assuming all repos in that project will be imported into a given Snyk Organization. If you want to customize the import data, create it manually as described on [Kicking off an import](kicking-off-an-import.md). +Note: the "name" of the Bitbucket server project is required to list all repos belonging to that project using the Bitbucket server API. Snyk uses the Snyk-specific data accompanying that project name to generate import data, assuming all repos in that project are imported into a given Snyk Organization. If you want to customize the import data, create it manually as described on [Kicking off an import](kicking-off-an-import.md). * Bitbucket Server Projects can be listed using the BitBucket [/projects API](https://docs.atlassian.com/bitbucket-server/rest/7.19.2/bitbucket-rest.html). * You can list integrations using the Snyk API endpoint [List](../../../snyk-api/reference/integrations-v1.md#org-orgid-integrations-1) (integrations). @@ -175,7 +175,7 @@ You need the organizations data in JSON as an input to this command to help map } ``` -Note: the "name" of the Bitbucket Cloud workspace is required in order to list all repositories belonging to that workspace using the Bitbucket Cloud API. The Snyk-specific data accompanying that workspace name will be used as the information to generate import data assuming all repositories in that workspace will be imported into a given Snyk Organization. This utility is opinionated. If you want to customize the import data, create it manually as described on [Kicking off an import](kicking-off-an-import.md). +Note: the "name" of the Bitbucket Cloud workspace is required to list all repositories belonging to that workspace using the Bitbucket Cloud API. Snyk uses the Snyk-specific data accompanying that workspace name to generate import data, assuming all repositories in that workspace are imported into a given Snyk Organization. This utility is opinionated. If you want to customize the import data, create it manually as described on [Kicking off an import](kicking-off-an-import.md). * Bitbucket Cloud workspaces can be listed using the BItBucket [/workspaces API](https://developer.atlassian.com/cloud/bitbucket/rest/api-group-workspaces/#api-group-workspaces). * You can list integrations using the Snyk API endpoint [List](../../../snyk-api/reference/integrations-v1.md#org-orgid-integrations-1) (integrations). diff --git a/developer-tools/scan-with-snyk/snyk-tools/tool-snyk-api-import/creating-organizations-in-snyk.md b/developer-tools/scan-with-snyk/snyk-tools/tool-snyk-api-import/creating-organizations-in-snyk.md index ad83639f9b7e..04603018acee 100644 --- a/developer-tools/scan-with-snyk/snyk-tools/tool-snyk-api-import/creating-organizations-in-snyk.md +++ b/developer-tools/scan-with-snyk/snyk-tools/tool-snyk-api-import/creating-organizations-in-snyk.md @@ -13,13 +13,13 @@ This page has instructions for creating Organizations (Orgs) in Snyk: * [Using the `orgs:create` utility](creating-organizations-in-snyk.md#using-the-orgs-create-utility) * [Recommendations](creating-organizations-in-snyk.md#recommendations) -Before an import can begin you must set up Snyk with the Organizations you will populate with Projects. +Before an import can begin, you must set up Snyk with the Organizations you populate with Projects. -Snyk recommends that you have as many Organizations in Snyk as you have in the source you are importing from. For GitHub, this means mirroring the GitHub organizations in Snyk. The `snyk-api-import` tool provides a utility to use to make this simpler when using Groups and Organizations in Snyk. +Snyk recommends that you have as many Organizations in Snyk as you have in the source you are importing from. For GitHub, this means mirroring the GitHub organizations in Snyk. The `snyk-api-import` tool provides a utility to make this simpler when using Groups and Organizations in Snyk. ## Generating the data required to create Organizations in Snyk with the `orgs:data` utility -This utility helps generate data needed to mirror the GitHub.com, GitHub Enterprise, GitLab, Bitbucket Server, or Bitbucket Cloud organization structure in Snyk. This opinionated utility will assume every organization in GitHub.com, GitHub Enterprise, GitLab, Bitbucket Server, or Bitbucket Cloud should become an Organization in Snyk. If this is not what you are looking for, consider using the API endpoint [Create a new organization](../../../snyk-api/reference/organizations-v1.md#org) directly to create the structure you need. +This utility helps generate data needed to mirror the GitHub.com, GitHub Enterprise, GitLab, Bitbucket Server, or Bitbucket Cloud organization structure in Snyk. This opinionated utility assumes every organization in GitHub.com, GitHub Enterprise, GitLab, Bitbucket Server, or Bitbucket Cloud should become an Organization in Snyk. If this is not what you are looking for, consider using the API endpoint [Create a new organization](../../../snyk-api/reference/organizations-v1.md#org) directly to create the structure you need. ### Options diff --git a/developer-tools/scan-with-snyk/snyk-tools/tool-snyk-api-import/kicking-off-an-import.md b/developer-tools/scan-with-snyk/snyk-tools/tool-snyk-api-import/kicking-off-an-import.md index 0e280b498ca5..9ae4af1265ad 100644 --- a/developer-tools/scan-with-snyk/snyk-tools/tool-snyk-api-import/kicking-off-an-import.md +++ b/developer-tools/scan-with-snyk/snyk-tools/tool-snyk-api-import/kicking-off-an-import.md @@ -1,8 +1,8 @@ # Kicking off an import -`snyk-api-import` supports the same Project sources that you can import using the Snyk API: Git repositories, Docker images, containers, configuration files and much more. You can configure integrations using the Integrations settings on your Snyk Organization settings page. For more information, see the definition of [Target](https://app.gitbook.com/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-projects#target) on the Snyk Projects documentation page. +`snyk-api-import` supports the same Project sources that you can import using the Snyk API: Git repositories, Docker images, containers, configuration files, and much more. You can configure integrations using the Integrations settings on your Snyk Organization settings page. For more information, see the definition of [Target](https://app.gitbook.com/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-projects#target) on the Snyk Projects documentation page. -Note that any logs will be generated at `SNYK_LOG_PATH` directory. +Note that Snyk generates any logs in the `SNYK_LOG_PATH` directory. The steps to start an import follow. @@ -40,9 +40,9 @@ Each **import target** has the following keys: * `exclusionGlobs` - Comma-separated list of up to ten folder names to exclude from scanning (each folder name must not exceed 100 characters). If not specified, defaults to "fixtures, tests, tests, node\_modules". If an empty string is provided, no folders will be excluded. * `files` - An object array. Each path must be the full relative path to the file from the root of the Target. Only those files found at that location will be imported. -Note that for a repository that may have 200+ manifest files, Snyk recommends that you split the import into multiple imports by targeting specific files. Importing hundreds of files at once from one repository can cause the import to result in some errors or failures. +Note that for a repository that has 200+ manifest files, Snyk recommends that you split the import into multiple imports by targeting specific files. Importing hundreds of files at once from one repository can cause the import to result in some errors or failures. -Splitting the import to import some files or some folders only will benefit from the re-tries and produce a smaller load on the source control management system being used. Populate the `files` property to accomplish this in the import JSON. +Splitting the import to import some files or some folders only benefits from the re-tries and produces a smaller load on the source control management system being used. Populate the `files` property to accomplish this in the import JSON. If you have any tests or fixtures that should be ignored, set the `exclusionGLobs` property: @@ -168,20 +168,20 @@ Download a binary from the [releases page](https://github.com/snyk/snyk-api-impo ### **Skip all previously imported targets** -This utility can be used to skip previously imported Targets (repos), so only remaining Targets will be imported. +You can use this utility to skip previously imported Targets (repos), so Snyk imports only the remaining Targets. -The utility helps generate the `imported-targets.log` file by analyzing the Projects already in a given Snyk Group. When present in the logging path, this file is used to look up Targets that should be skipped during the import. +The utility helps generate the `imported-targets.log` file by analyzing the Projects already in a given Snyk Group. When present in the logging path, this file looks up Targets to skip during the import. ### Example -* All GitHub repositories have been imported into Snyk into their respective Organizations during initial onboarding. +* All GitHub repositories are imported into Snyk into their respective Organizations during initial onboarding. * New GitHub repositories have since been added and now need to be added to Snyk. * To avoid importing everything again, you can use this utility and run `import` again to import only "new" GitHub repositories. This is much faster and removes unnecessary calls to Snyk and GitHub to fetch files and do the import for everything again. ### Importing the same Target -* The same Target imported into a different Organization can be imported. -* The same Target from a different source can be imported; for example, the same repository that is present in GitHub can now be imported through GitHub Enterprise into the same Organization. +* You can import the same Target into a different Organization. +* You can import the same Target from a different source. For example, you can now import the same repository that is present in GitHub through GitHub Enterprise into the same Organization. ### Command to run diff --git a/developer-tools/scan-with-snyk/snyk-tools/tool-snyk-api-import/mirroring-bitbucket-cloud-organizations-and-repos-in-snyk.md b/developer-tools/scan-with-snyk/snyk-tools/tool-snyk-api-import/mirroring-bitbucket-cloud-organizations-and-repos-in-snyk.md index 3ab074636f3b..b8b3a3d27304 100644 --- a/developer-tools/scan-with-snyk/snyk-tools/tool-snyk-api-import/mirroring-bitbucket-cloud-organizations-and-repos-in-snyk.md +++ b/developer-tools/scan-with-snyk/snyk-tools/tool-snyk-api-import/mirroring-bitbucket-cloud-organizations-and-repos-in-snyk.md @@ -14,7 +14,7 @@ Refer to individual documentation pages for detailed information. The general st ## Re-importing new repos and Orgs only while mirroring -Once initial import is complete you can periodically check for new repos and make sure they are added into Snyk by following these steps, which are similar to the preceding steps to import repos. +After the initial import is complete, you can periodically check for new repos and ensure they are added to Snyk by following these steps, which are similar to the preceding steps to import repos. 1. `export BITBUCKET_CLOUD_USERNAME=***`, `export BITBUCKET_CLOUD_PASSWORD=***` and `export SNYK_TOKEN=***` 2. Generate organization data in Snyk and skip any that do not have any repos by using `--skipEmptyOrg` `snyk-api-import orgs:data --source=bitbucket-cloud --groupId= --skipEmptyOrg` Full instructions: [Creating organizations in Snyk](creating-organizations-in-snyk.md) diff --git a/developer-tools/scan-with-snyk/snyk-tools/tool-snyk-api-import/mirroring-bitbucket-server-organizations-and-repos-in-snyk.md b/developer-tools/scan-with-snyk/snyk-tools/tool-snyk-api-import/mirroring-bitbucket-server-organizations-and-repos-in-snyk.md index 69bec2f95be7..645e31719757 100644 --- a/developer-tools/scan-with-snyk/snyk-tools/tool-snyk-api-import/mirroring-bitbucket-server-organizations-and-repos-in-snyk.md +++ b/developer-tools/scan-with-snyk/snyk-tools/tool-snyk-api-import/mirroring-bitbucket-server-organizations-and-repos-in-snyk.md @@ -1,6 +1,6 @@ # Mirroring Bitbucket Server organizations and repos in Snyk -You can use four commands in the available utils to import the entirety of Bitbucket Server repos into Snyk. You must configure both the both the Bitbucket Server token and Snyk token as environment variables to proceed. +You can use four commands in the available utils to import the entirety of Bitbucket Server repos into Snyk. You must configure both the Bitbucket Server token and Snyk token as environment variables to proceed. ## General steps to import Bitbucket Server repos @@ -14,7 +14,7 @@ Refer to individual documentation pages for detailed information. The general st ## Re-importing new repos and Orgs only while mirroring -Once initial import is complete you can periodically check for new repos and make sure they are added into Snyk by following these steps, which are similar to the preceding steps to import repos. +After the initial import is complete, you can periodically check for new repos and ensure they are added to Snyk by following these steps, which are similar to the preceding steps to import repos. 1. `export BITBUCKET_SERVER_TOKEN=***` and `export SNYK_TOKEN=***` 2. Generate organization data in Snyk and skip any that do not have any repos by using `--skipEmptyOrg` `snyk-api-import orgs:data --source=bitbucket-server --groupId= --skipEmptyOrg` Full instructions: [Creating organizations in Snyk](creating-organizations-in-snyk.md) diff --git a/developer-tools/scan-with-snyk/snyk-tools/tool-snyk-api-import/mirroring-gitlab-organizations-and-repos-in-snyk.md b/developer-tools/scan-with-snyk/snyk-tools/tool-snyk-api-import/mirroring-gitlab-organizations-and-repos-in-snyk.md index d6a0a4b936d8..5962ad1feb38 100644 --- a/developer-tools/scan-with-snyk/snyk-tools/tool-snyk-api-import/mirroring-gitlab-organizations-and-repos-in-snyk.md +++ b/developer-tools/scan-with-snyk/snyk-tools/tool-snyk-api-import/mirroring-gitlab-organizations-and-repos-in-snyk.md @@ -14,7 +14,7 @@ Refer to individual documentation pages for detailed information. The general st ## Re-importing new repos and Orgs only while mirroring -Once initial import is complete you can periodically check for new repos and make sure they are added into Snyk by following these steps, which are similar to the preceding steps to import repos. +After the initial import is complete, you can periodically check for new repos and ensure they are added to Snyk by following these steps, which are similar to the preceding steps to import repos. 1. `export GITLAB_TOKEN=***` and `export SNYK_TOKEN=***` 2. Generate organization data in Snyk and skip any that do not have any repos by using `--skipEmptyOrg` `snyk-api-import orgs:data --source=gitlab --groupId= --skipEmptyOrg` Full instructions: [Creating organizations in Snyk](creating-organizations-in-snyk.md) diff --git a/developer-tools/scm-integrations/README.md b/developer-tools/scm-integrations/README.md index 12f857da9b6b..744691b1e415 100644 --- a/developer-tools/scm-integrations/README.md +++ b/developer-tools/scm-integrations/README.md @@ -1,8 +1,8 @@ # SCMs -Snyk supports SCM integrations that allow you to implement security at each point in your workflow: importing a Project, writing your code, and building and deployment. Snyk can also [automatically create pull requests (PRs)](https://app.gitbook.com/s/BJO0IZx7zB6bOkotxQP2/fix/snyk-pull-or-merge-requests/enable-automatic-upgrade-prs-for-new-dependency-upgrades) on your behalf to upgrade your dependencies based on scan results, compatible with a variety of SCM integrations. +Snyk supports SCM integrations that let you implement security at each point in your workflow: importing a Project, writing your code, and building and deployment. Snyk can also [automatically create pull requests (PRs)](https://app.gitbook.com/s/BJO0IZx7zB6bOkotxQP2/fix/snyk-pull-or-merge-requests/enable-automatic-upgrade-prs-for-new-dependency-upgrades) on your behalf to upgrade your dependencies based on scan results, compatible with a variety of SCM integrations. -Snyk Source Control Manager (SCM) integrations allow you to: +Snyk Source Control Manager (SCM) integrations let you: * Continuously perform security scanning across all integrated repositories * Detect vulnerabilities in your open-source components @@ -25,7 +25,7 @@ If you have added the GitHub integration at Organizational and/or Group levels a This feature is available for GitHub, GitHub Enterprise, GitHub Cloud App, GitLab, Bitbucket Server, Bitbucket Cloud App, Bitbucket Cloud (Legacy), and Azure Repos (TFS) integrations. {% endhint %} -The Workspaces feature enables Snyk to ingest a temporary snapshot of repository contents, and all commit metadata through your configured SCM integrations. +The Workspaces feature enables Snyk to ingest a temporary snapshot of repository contents and all commit metadata through your configured SCM integrations. For detailed information on this feature, including enablement steps, see [Workspaces for SCM integrations](workspaces.md). @@ -35,7 +35,7 @@ If you are an Enterprise customer, see [Choose rollout integrations](https://app ### GitHub vs GitHub Enterprise -As an Enterprise plan user, Snyk recommends using the GitHub Enterprise integration as it enables you to use a single GitHub service account personal access token (PAT) across your Snyk Organization rather than depending on a PAT for an individual user account. You can use this integration whether or not you have a GitHub Enterprise (GHE) license or subscription. +As an Enterprise plan user, Snyk recommends using the GitHub Enterprise integration as it lets you use a single GitHub service account personal access token (PAT) across your Snyk Organization rather than depending on a PAT for an individual user account. You can use this integration whether or not you have a GitHub Enterprise (GHE) license or subscription. Another benefit to using the GitHub Enterprise integration is that you can choose to clone integration settings when you are creating new Snyk Organizations. This means you can use one GitHub Enterprise integration for all Organizations in your Snyk Group. @@ -55,9 +55,9 @@ See [Migrate to the Snyk Bitbucket Cloud App](organization-level-integrations/bi #### Main capabilities unlocked by the new app integration -* Allows using Snyk with Bitbucket's [allowlisting IP addresses](https://support.atlassian.com/bitbucket-cloud/docs/control-access-to-your-private-content/) premium tier feature. +* Lets you use Snyk with the [allowlisting IP addresses](https://support.atlassian.com/bitbucket-cloud/docs/control-access-to-your-private-content/) premium tier feature in Bitbucket. * Helps handle rate-limiting issues for companies who spread their repos across multiple workspaces in Bitbucket Cloud. -* Supports the first-party interface in Bitbucket Cloud (Snyk's Security tab) out-of-the-box, meaning you need not install and maintain the first-party extension app to consume Snyk's security insights from Bitbucket Cloud. +* Supports the first-party interface in Bitbucket Cloud (the Security tab in Snyk) out-of-the-box, meaning you need not install and maintain the first-party extension app to consume Snyk security insights from Bitbucket Cloud. #### Limitations of the new app integration @@ -67,6 +67,6 @@ See [Migrate to the Snyk Bitbucket Cloud App](organization-level-integrations/bi #### Are there any plans for end-of-life for the Personal Access Token (PAT) integration? -To improve security, the use of app passwords in Bitbucket Cloud is transitioning to API tokens. Existing integrations that use app passwords will continue to function temporarily until 9 June, 2026: +To improve security, the use of app passwords in Bitbucket Cloud is transitioning to API tokens. Existing integrations that use app passwords continue to function temporarily until 9 June 2026. To ensure continued support and functionality, update your Bitbucket Cloud integration in Snyk to use an API token. diff --git a/developer-tools/scm-integrations/application-context-for-scm-integrations/README.md b/developer-tools/scm-integrations/application-context-for-scm-integrations/README.md index 66b7cee69f96..ecf9f6e84655 100644 --- a/developer-tools/scm-integrations/application-context-for-scm-integrations/README.md +++ b/developer-tools/scm-integrations/application-context-for-scm-integrations/README.md @@ -4,7 +4,7 @@ The application context for SCM integrations provides a comprehensive and interconnected overview of application assets. This context is crucial for assessing security risks and their potential implications, as it outlines the entire structure and components of the applications involved. -Use Application Context to integrate with Internal Developer Portals (IDPs) and service catalogs such as ServiceNow CMDB, Atlassian Compass, and others. These platforms allow Snyk to automate the collection of essential context, including asset type, ownership, and lifecycle. +Use Application Context to integrate with Internal Developer Portals (IDPs) and service catalogs such as ServiceNow CMDB, Atlassian Compass, and others. These platforms let Snyk automate the collection of essential context, including asset type, ownership, and lifecycle. The application context provides broader access to resources and services in an application. You can use it to: @@ -12,7 +12,7 @@ The application context provides broader access to resources and services in an * Gather relevant information to effectively assess and manage application security vulnerabilities and identify potential risks. * Create a streamlined data flow by working cohesively with assets identified through Snyk Essentials SCM integrations -By leveraging Application context, you can achieve a deeper understanding of your application's security posture. After the integration is set, use the application context that can be leveraged across Snyk to classify repositories, set Asset policies, or filter reports. +By using Application context, you can achieve a deeper understanding of your application's security posture. After the integration is set, use the application context across Snyk to classify repositories, set Asset policies, or filter reports. These are the available integrations that you can set up for the application context: @@ -24,7 +24,7 @@ These are the available integrations that you can set up for the application con * [Datadog Service Catalog](./#datadog-service-catalog) {% hint style="info" %} -The Application Context integrations on this page work in conjunction with assets found through Snyk Essentials SCM integrations. If there is no Snyk Essentials SCM integration configured at the Group level on the Integrations page, then data will not populate from these integrations. +The Application Context integrations on this page work in conjunction with assets found through Snyk Essentials SCM integrations. If there is no Snyk Essentials SCM integration configured at the Group level on the Integrations page, then data does not populate from these integrations. {% endhint %} ## Backstage file for SCM integrations @@ -32,10 +32,10 @@ The Application Context integrations on this page work in conjunction with asset {% hint style="info" %} **Release status** -The ackstage file integration is in Early Access and available with Snyk Enterprise plans. +The Backstage file integration is in Early Access and available with Snyk Enterprise plans. {% endhint %} -Backstage is a service catalog that allows users to add metadata or annotations to their repositories, helping to organize and categorize the available resources for easier navigation and understanding. You can leverage your SCM integration to pull metadata associated with backstage catalog files into Snyk Essentials. +Backstage is a service catalog that lets users add metadata or annotations to their repositories, helping to organize and categorize the available resources for easier navigation and understanding. You can use your SCM integration to pull metadata associated with backstage catalog files into Snyk Essentials. You can use the backstage catalog file for GitHub, GitLab, Azure DevOps, BitBucket Cloud, and BitBucket on-prem SCM integrations. @@ -88,7 +88,7 @@ The ServiceNow CMDB integration is in Early Access and available with Snyk Enter 5. Add the **CMDB field to map Repo URL** - Add the URL of the repository. {% hint style="info" %} -* The data gathered by Snyk from ServiceNow CMDB will be correlated with the Repository Assets. +* Snyk correlates the data gathered from ServiceNow CMDB with the Repository Assets. * The ServiceNow CMDB integration uses basic authentication and suggests enabling the "Web service access only" option for Service Accounts. {% endhint %} @@ -106,7 +106,7 @@ The ServiceNow CMDB integration is in Early Access and available with Snyk Enter * Category: application\_type * Owner: business\_unit * Click **Done**. -* When the connection is established, the status of the ServiceNow CMDB integration is changed to **Connected**. +* When the connection is established, the status of the ServiceNow CMDB integration changes to **Connected**. {% hint style="warning" %} When you set up the catalog attributes, you can customize the name of the attribute but must ensure that the same name is used in the catalog and in the Integration setup. @@ -138,7 +138,7 @@ The Atlassian Compass integration is in Early Access and available with Snyk Ent 4. Add your Atlassian Compass instance **Token**. Navigate to the [Manage API tokens for your Atlassian account](https://support.atlassian.com/atlassian-account/docs/manage-api-tokens-for-your-atlassian-account/) page for more details about creating an Atlassian API token. {% hint style="info" %} -The gathered data from Atlassian Compass will be correlated with the Repository Assets. +Snyk correlates the gathered data from Atlassian Compass with the Repository Assets. This feature is available only for the integration with Atlassian Compass. {% endhint %} @@ -159,7 +159,7 @@ This feature is available only for the integration with Atlassian Compass. * **Owner** - the `ownerId` (finding owner name from ownerId). * **Application** - the `typeId` (all component types, Application, Service, Library, and so on receive an ID). 9. Click **Done**. -10. When the connection is established, the status of the Atlassian Compass integration is changed to **Connected**, and Snyk Essentials will start enriching repository assets with the data found in Atlassian Compass. +10. When the connection is established, the status of the Atlassian Compass integration changes to **Connected**, and Snyk Essentials starts enriching repository assets with the data found in Atlassian Compass. {% hint style="warning" %} When you set up the catalog attributes, you must use the specific service-level attributes, for example `attribute.name.` @@ -199,7 +199,7 @@ This integration is focused on [Harness’s](https://developer.harness.io/docs/i * Owner - If you select this metadata, it is mandatory to add the **Owner key**. * Application - If you select this metadata, it is mandatory to add the **Application key**. 8. Click **Done**. -9. When the connection is established, the status of the Harness integration is changed to **Connected**, and Snyk Essentials will start enriching repository assets with the data found in Harness. +9. When the connection is established, the status of the Harness integration changes to **Connected**, and Snyk Essentials starts enriching repository assets with the data found in Harness. {% hint style="warning" %} When you set up the catalog attributes, you can customize the name of the attribute but must ensure that the same name is used in the catalog and in the Integration setup. @@ -234,7 +234,7 @@ The OpsLevel integration is in Early Access and available with Snyk Enterprise p * Owner - Identified with `owner.name` in OpsLevel. * Application - Identified with `product` in OpsLevel. 8. Click **Done**. -9. When the connection is established, the status of the OpsLevel integration is changed to **Connected**, and Snyk Essentials will start enriching repository assets with the data found in OpsLevel. +9. When the connection is established, the status of the OpsLevel integration changes to **Connected**, and Snyk Essentials starts enriching repository assets with the data found in OpsLevel. {% hint style="warning" %} When you set up the catalog attributes, you must use the specific service-level attributes, for example `attribute.name.` @@ -271,7 +271,7 @@ The Datadog Service Catalog integration is in Early Access and available with Sn * Owner - If you select this metadata, it is mandatory to add the **Owner key**. * Application - If you select this metadata, it is mandatory to add the **Application key**. 9. Click **Done**. -10. When the connection is established, the status of the Datadog Service Catalog integration is changed to **Connected**, and Snyk Essentials will start enriching repository assets collected by a Snyk Essentials SCM Integration with the data found in Datadog Service Catalog. +10. When the connection is established, the status of the Datadog Service Catalog integration changes to **Connected**, and Snyk Essentials starts enriching repository assets collected by a Snyk Essentials SCM Integration with the data found in Datadog Service Catalog. {% hint style="warning" %} When you set up the catalog attributes, you can customize the name of the attribute but must ensure that the same name is used in the catalog and in the Integration setup. diff --git a/developer-tools/scm-integrations/application-context-for-scm-integrations/backstage-file-in-asset-inventory-use-case.md b/developer-tools/scm-integrations/application-context-for-scm-integrations/backstage-file-in-asset-inventory-use-case.md index c93c4ec60749..782466dcedb7 100644 --- a/developer-tools/scm-integrations/application-context-for-scm-integrations/backstage-file-in-asset-inventory-use-case.md +++ b/developer-tools/scm-integrations/application-context-for-scm-integrations/backstage-file-in-asset-inventory-use-case.md @@ -13,7 +13,7 @@ Components have several attributes and most of them are optional: * `Metadata.name` (mandatory) - represents the name of the component. * `Metadata.title` (optional) - represents the name of the component. -The backstage data is dynamic and may change over time: +The backstage data is dynamic and can change over time: * If new commits or updates are made to the `catalog-info.yaml` file, then Snyk Essentials updates the asset attribute for that specific repository asset. * If the`catalog-info.yaml` file is removed from the repository, then Snyk Essentials deletes the asset attribute from that specific repository assets. diff --git a/developer-tools/scm-integrations/deployment-recommendations.md b/developer-tools/scm-integrations/deployment-recommendations.md index fe3f679fab62..5f475a29f396 100644 --- a/developer-tools/scm-integrations/deployment-recommendations.md +++ b/developer-tools/scm-integrations/deployment-recommendations.md @@ -1,6 +1,6 @@ # Deployment recommendations -If you try to implement all the SCM integration features at the same time, you risk causing friction in your software development life cycle ([SDLC](https://snyk.io/learn/secure-sdlc/)), which in turn leads to a poor developer experience. +If you try to implement all the SCM integration features at the same time, you risk causing friction in your software development lifecycle ([SDLC](https://snyk.io/learn/secure-sdlc/)), which in turn leads to a poor developer experience. To ensure a smooth rollout of Snyk across your organization, Snyk provides a suggested deployment timeline consisting of deployment stages, configuration steps, and the desired outcome for each stage. @@ -8,7 +8,7 @@ To ensure a smooth rollout of Snyk across your organization, Snyk provides a sug | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | |

Stage 1:
Set up an Organization-level SCM integration in your first Snyk Organization.

Set up a Group-level SCM integration in Snyk Essentials.

|

See the setup documentation for the applicable SCM integration, and read the User permissions and access scope requirements section to ensure accessibility for the right users in your Snyk hierarchy.

See the setup documentation for the applicable Essentials SCM integration.

|

A configured integration, ready to import Projects.

Essentials will detect your Git repositories so you can track your progress in rolling out Snyk scanning.

| |

Stage 2:
Import all of the relevant projects from your integrated SCM.

|

• Test both public and private repos

• Disable all user notifications

• Disable Snyk PR status checks

• Disable Automatic fix pull requests

• Disable Automatic dependency upgrade pull requests

• Disable Update Dockerfile base images

|

Snyk will scan your imported repositories to detect all supported files and create them as Projects where you can view the vulnerabilities detected.

Disabling these features removes potential blockers for your initial setup and use of Snyk. This way, you have scheduled scans and high visibility of reporting without blocking deployments.

| -|

Stage 3:
Build a fix plan using Snyk prioritization reporting capabilities.

| Learn more about [Snyk Priority Score](https://app.gitbook.com/s/BJO0IZx7zB6bOkotxQP2/fix/prioritize-issues-for-fixing/priority-score) and [Snyk Risk Score](https://app.gitbook.com/s/BJO0IZx7zB6bOkotxQP2/fix/prioritize-issues-for-fixing/risk-score) to understand how you can leverage these features to help prioritize which issues to fix. | Alignment between Developers and Security on what should be fixed and when to streamline the fix process. | +|

Stage 3:
Build a fix plan using Snyk prioritization reporting capabilities.

| Learn more about [Snyk Priority Score](https://app.gitbook.com/s/BJO0IZx7zB6bOkotxQP2/fix/prioritize-issues-for-fixing/priority-score) and [Snyk Risk Score](https://app.gitbook.com/s/BJO0IZx7zB6bOkotxQP2/fix/prioritize-issues-for-fixing/risk-score) to understand how you can use these features to help prioritize which issues to fix. | Alignment between Developers and Security on what should be fixed and when to streamline the fix process. | |

Stage 4:
Configure Snyk PR Checks and auto-fix PRs to alert developers to issues in real-time, with available fixes.

| Enable [Snyk PR status checks](https://app.gitbook.com/s/BJO0IZx7zB6bOkotxQP2/fix/pull-requests) so developers know whether their PR contains high-severity issues with available fixes. | Make it easy for your developers to see new issues before they are merged into the repository, decreasing the number of new vulnerabilities added and enabling them to make decisions on blocking a merge. | |

Stage 5:
Prevent developers from introducing any new vulnerabilities.

| Enable branch protection in your SCM tool so that PRs with failing Snyk PR status checks cannot be merged. | This change will prevent PRs from being merged into your repository if Snyk detects new vulnerabilities. Over time, you can adjust the sensitivity of the check to include all high or critical severity issues, regardless of whether a fix is available. | |

Stage 6:
Enable Snyk automated features to fix issues and keep dependencies up-to-date to reduce technical security debt.

|

Enable Automatic fix pull requests.
Enable Automatic dependency upgrades.

| Snyk will automatically raise PRs to fix issues with the highest severity. Keeping your dependencies up to date helps to reduce future design headaches and hot fixes, which can be time consuming to research and address. | @@ -27,11 +27,11 @@ For details on these permissions, see [User permissions and access scope require ### Change notification settings -By default, Snyk emails every Org user when a new issue or fix in a Project’s dependencies is found, and provides each user with a weekly update of the security status across the Organization. If you plan to import many Projects to an Organization, to avoid sending multiple email notifications sent to users, consider disabling all the notifications for that Organization. +By default, Snyk emails every Org user when it finds a new issue or fix in a Project’s dependencies, and provides each user with a weekly update of the security status across the Organization. If you plan to import many Projects to an Organization, to avoid sending multiple email notifications to users, consider disabling all the notifications for that Organization. -To customize the emails your Org users receive, go to **Settings** > **Notifications** > **Notification Settings**. The changes you make here will affect all of your Organization’s members, although Org users can override these default settings in their user-level account settings. +To customize the emails your Org users receive, navigate to **Settings** > **Notifications** > **Notification Settings**. The changes you make here affect all of your Organization’s members, although Org users can override these default settings in their user-level account settings. -To disable notifications for all the users in an Org ahead of your import, deselect the appropriate notification boxes. See [Manage notifications](https://app.gitbook.com/s/IgtgtomLQ2TUgSKOMSAm/snyk-hierarchy/manage-notifications) for more details. +To disable notifications for all the users in an Org before your import, deselect the appropriate notification boxes. See [Manage notifications](https://app.gitbook.com/s/IgtgtomLQ2TUgSKOMSAm/snyk-hierarchy/manage-notifications) for more details. ## Stage 2: Import Projects @@ -44,7 +44,7 @@ Navigate to the **Projects** page in the Snyk UI, select **Add projects**, selec After a Project is imported, it is continuously checked for vulnerabilities. {% hint style="info" %} -To confirm that a Project was imported, go to the **Add project** import page for the integration. Imported Projects are indicated by a checkmark next to the repository name. +To confirm that a Project was imported, navigate to the **Add project** import page for the integration. A checkmark next to the repository name indicates imported Projects. {% endhint %} For details, see [Import a Project](https://app.gitbook.com/s/L7HyJj9FsK1W4pNt8Gzl/getting-started-guides/getting-started#import-a-project-to-scan-and-identify-issues). @@ -89,7 +89,7 @@ When you first roll out your SCM integration, Snyk recommends that you start wit ## Stage 4: Enable Blocking PRs -After you have embedded Snyk into your software development life cycle (SDLC), and have built good developer awareness, you can start to apply stricter policies to improve your overall security posture, for example: +After you have embedded Snyk into your software development lifecycle (SDLC), and have built good developer awareness, you can start to apply stricter policies to improve your overall security posture, for example: * Low-priority Projects: you can fail the PR only for new high-severity issues that are fixable. * Medium-priority Projects: fail the PR only for high-severity issues. diff --git a/developer-tools/scm-integrations/group-level-integrations/README.md b/developer-tools/scm-integrations/group-level-integrations/README.md index 4b6ec19a0f59..35d754c34ebd 100644 --- a/developer-tools/scm-integrations/group-level-integrations/README.md +++ b/developer-tools/scm-integrations/group-level-integrations/README.md @@ -1,6 +1,6 @@ # Group-level integrations -Group-level SCM integrations provide broader visibility into all the application assets for a given customer and pull in the additional application context and, or metadata, for example, information on developers, commits, and so on. +Group-level SCM integrations provide broader visibility into all the application assets for a given customer and pull in the additional application context and metadata, for example, information on developers, commits, and so on. At the Group level, you can set up and customize your Snyk Essentials integrations from the **Integrations** page, where the following SCMs are available: @@ -18,7 +18,7 @@ The Integrations page at the Group-level shows all active integrations, includin {% hint style="warning" %} The SCM integrations use an incremental approach to retrieve repositories. This means that when a sync is initiated, it checks the last update time of the repository and only transfers the repositories that have been modified since then. -If there have been changes to the scope of the user or PAT used for the integration, any repositories that are newly within scope will only be identified after either a change to trigger the incremental collection or a change to the integration configuration itself. +If there have been changes to the scope of the user or PAT used for the integration, Snyk identifies any repositories that are newly in scope only after either a change to trigger the incremental collection or a change to the integration configuration itself. {% endhint %} The following supported Snyk data are automatically synced: @@ -28,12 +28,12 @@ The following supported Snyk data are automatically synced: * Snyk IaC * Snyk Container -Each connected integration enables you to: +Each connected integration lets you: * Pause data syncing * Modify integration profiles and configurations * Delete the integration -* Check when the integration was last synced and when the next sync is scheduled. +* Check when the integration was last synced and when the next sync is scheduled See the [Integration syncing time](../../integrations/integrate-with-snyk.md#integrations-syncing-time) for more details about the time required to sync for each action. @@ -43,7 +43,7 @@ To configure a Group-level integration, you must be a Group Admin or have a cust ### Wildcard SCM integration -The wildcard integration allows you to use a special character to detect and integrate multiple SCM organizations simultaneously. +The wildcard integration lets you use a special character to detect and integrate multiple SCM organizations simultaneously. {% hint style="info" %} The wildcard integration applies to the GitHub integration and offers support when you set it up using [Snyk Broker](https://app.gitbook.com/s/IgtgtomLQ2TUgSKOMSAm/snyk-broker/using-snyk-essentials-with-snyk-broker). @@ -53,12 +53,12 @@ You can use the wildcards while setting up your integration using the **Integrat * Navigate to **Integrations**. * Select the **SCM** tag and search for GitHub or Azure DevOps. -* Click the **Add** button. +* Click **Add**. * In the **Organizations** field, add the Organization details by using the `*` symbol. For example, using `*snyk` integrates all SCM Organizations that have Snyk in their name. -* All the Organizations that match with the wildcard, `*` symbol will be added. +* Snyk adds all the Organizations that match the wildcard `*` symbol. {% hint style="info" %} -The wildcard, `*` symbol is considered a living command and will be applied every time you are rescanning your repositories. +The wildcard `*` symbol is considered a living command and applies every time you rescan your repositories. {% endhint %} ### Snyk Essentials integrations ecosystem diff --git a/developer-tools/scm-integrations/group-level-integrations/azure-devops-for-snyk-essentials.md b/developer-tools/scm-integrations/group-level-integrations/azure-devops-for-snyk-essentials.md index e7fda2d8232e..1310d01c9f17 100644 --- a/developer-tools/scm-integrations/group-level-integrations/azure-devops-for-snyk-essentials.md +++ b/developer-tools/scm-integrations/group-level-integrations/azure-devops-for-snyk-essentials.md @@ -29,7 +29,7 @@ The following PAT token permissions requirements are for Snyk Essentials integra ## Generate a Personal access token from your Azure DevOps settings {% hint style="warning" %} -The user account that owns the PAT needs `Basic` access level on the Azure organisation. +The user account that owns the PAT needs `Basic` access level on the Azure organization. {% endhint %} 1. Open Azure DevOps and click the **Settings** menu for your profile. diff --git a/developer-tools/scm-integrations/group-level-integrations/github-for-snyk-essentials.md b/developer-tools/scm-integrations/group-level-integrations/github-for-snyk-essentials.md index 781bc49191ee..ae6f7db25de6 100644 --- a/developer-tools/scm-integrations/group-level-integrations/github-for-snyk-essentials.md +++ b/developer-tools/scm-integrations/group-level-integrations/github-for-snyk-essentials.md @@ -43,17 +43,17 @@ If you want to pull data from both organization and personal repositories, then ## Generate a Personal access token from your GitHub settings -1. Open GitHub and click the Settings menu for your profile. -2. Select Developer settings from the left sidebar. -3. Select Personal access tokens and then Tokens (classic). -4. Click Generate new token and, from the dropdown, select Generate new token (classic). -5. Add a description for your token in the Note field. +1. Open GitHub and click the **Settings** menu for your profile. +2. Select **Developer settings**. +3. Select **Personal access tokens** and then **Tokens (classic)**. +4. Click **Generate new token** and, from the dropdown, select **Generate new token (classic)**. +5. Add a description for your token in the **Note** field. 6. Select the required permissions: * `repo` * `read:org` * `read:user` * `user:email`. -7. Click Generate token. +7. Click **Generate token**. 8. Copy and store the displayed key. {% hint style="info" %} @@ -66,4 +66,4 @@ You can use the[ GitHub REST API](https://docs.github.com/en/rest?apiVersion=202 You can use as the host Address the IP/URL of the GitHub server. The default URL is [`https://api.github.com`](https://api.github.com). -The user associated with the token needs to have write permissions on relevant repositories to collect a breakdown of scan issues. +The user associated with the token must have write permissions on relevant repositories to collect a breakdown of scan issues. diff --git a/developer-tools/scm-integrations/group-level-integrations/gitlab-for-snyk-essentials.md b/developer-tools/scm-integrations/group-level-integrations/gitlab-for-snyk-essentials.md index 2ffc10cdcee5..7b2323719750 100644 --- a/developer-tools/scm-integrations/group-level-integrations/gitlab-for-snyk-essentials.md +++ b/developer-tools/scm-integrations/group-level-integrations/gitlab-for-snyk-essentials.md @@ -20,20 +20,20 @@ To configure a Group-level integration, you must be a Group Admin or have a cust 3. Broker Token (`mandatory`): Create and add your Broker token if you use Snyk Broker. * Generate your Broker token by following the instructions from the [Obtain your Broker token for Snyk Broker](https://app.gitbook.com/s/IgtgtomLQ2TUgSKOMSAm/snyk-broker/classic-broker/prepare-snyk-broker-for-deployment/obtain-the-tokens-required-to-set-up-snyk-broker) page. * Copy and paste the Broker token on the integration setup menu from the Integration Hub. -4. Pull personal repositories (`optional`): Enable the option If you only want to pull the repositories you own. +4. Pull personal repositories (`optional`): Enable the option if you only want to pull the repositories you own. 5. Add Backstage Catalog (`optional`): If you want to add your Backstage catalog, follow the instructions from the [Backstage file for SCM Integrations](../application-context-for-scm-integrations/) page. ## Generate a [Personal access token](../organization-level-integrations/gitlab.md#gitlab-access-tokens) from your GitLab settings 1. Navigate to your GitLab profile. -2. Select Edit Profile. -3. On the left sidebar, select Access Token. -4. Select Add New Token. +2. Select **Edit Profile**. +3. Select **Access Token**. +4. Select **Add New Token**. 5. Enter a name and expiry date for the token. 6. Ensure to enable this permission: * `read_api` - Grants read access to the API, including all groups and projects, the container registry, and the package registry. * `read_repository` - Grants read-only access to repositories on private projects using Git-over-HTTP or the Repository Files API. -7. Click the Create personal access token button. +7. Click **Create personal access token**. 8. Copy and store the displayed key. ## API version diff --git a/developer-tools/scm-integrations/organization-level-integrations/README.md b/developer-tools/scm-integrations/organization-level-integrations/README.md index caf2e95ec461..f128e0b0e166 100644 --- a/developer-tools/scm-integrations/organization-level-integrations/README.md +++ b/developer-tools/scm-integrations/organization-level-integrations/README.md @@ -1,8 +1,8 @@ # Organization-level integrations -Snyk provides seamless integrations with various source control management systems such as GitHub, GitLab, Bitbucket, and Azure Repos at the Organizational level. These integrations enable you to automatically scan for vulnerabilities and receive actionable insights to enhance the security of your repositories. By integrating at this level, you can ensure comprehensive protection for all your Projects within the Organization. +Snyk provides integrations with various source control management systems such as GitHub, GitLab, Bitbucket, and Azure Repos at the Organization level. These integrations let you automatically scan for vulnerabilities and receive actionable insights to enhance the security of your repositories. By integrating at this level, you can protect all your Projects in the Organization. -Snyk can integrate with the following SCMs at the Organization-level to help you track, monitor, and fix the issues and vulnerabilities in your code: +Snyk can integrate with the following SCMs at the Organization level to help you track, monitor, and fix the issues and vulnerabilities in your code: * [GitHub](github.md) * [GitHub Enterprise](github-enterprise.md) diff --git a/developer-tools/scm-integrations/organization-level-integrations/azure-repositories-tfs.md b/developer-tools/scm-integrations/organization-level-integrations/azure-repositories-tfs.md index 5868be1ddad1..0a1a1e0085d8 100644 --- a/developer-tools/scm-integrations/organization-level-integrations/azure-repositories-tfs.md +++ b/developer-tools/scm-integrations/organization-level-integrations/azure-repositories-tfs.md @@ -4,7 +4,7 @@ **Feature availability**\ Integration with Azure DevOps Server 2020 and above, also known as TFS, is available only with Enterprise plans. For more information, see [plans and pricing](https://snyk.io/plans/). -Snyk supports only Git. Snyk does not currently support integration with Team Foundation Version Control (TFVC). +Snyk supports only Git. Snyk does not support integration with Team Foundation Version Control (TFVC). {% endhint %} ### Prerequisites for Azure Repositories (TFS) integration @@ -46,7 +46,7 @@ Generate and copy a unique PAT to use for Snyk. For more information on the PAT 1. Log in to [your Snyk account](https://app.snyk.io) and navigate to **Integrations**. 2. On the **Azure Repos** tile, click the settings icon to open **Organization Settings** > **Integrations** > **Azure Repos** > **Account credentials**. -3. Pay special attention to the instructions given on the **Account Credentials** page. Depending on your plan, you may need to enter just the Azure DevOps Organization, or you may need to enter the entire URL. +3. Pay special attention to the instructions given on the **Account Credentials** page. Depending on your plan, you may need to enter only the Azure DevOps Organization, or you may need to enter the entire URL. * **Set your organization**: Enter the slug for your Organization only.\ For example, enter `your-azure-devops-org` * **Set your host**: enter the entire url.\ @@ -57,7 +57,7 @@ Generate and copy a unique PAT to use for Snyk. For more information on the PAT Snyk tests the connection values and the page reloads, displaying the Azure Repos integration information. A message to confirm that the details were updated appears at the top of the screen. {% hint style="info" %} -If the connection to Azure fails, a notification will appear under the **Azure Repos** card title. +If the connection to Azure fails, a notification appears under the **Azure Repos** card title. {% endhint %} ### Add Projects to Snyk for Azure Repos diff --git a/developer-tools/scm-integrations/organization-level-integrations/bitbucket-cloud-app.md b/developer-tools/scm-integrations/organization-level-integrations/bitbucket-cloud-app.md index 45c9d6dff4bf..a66d844bea5b 100644 --- a/developer-tools/scm-integrations/organization-level-integrations/bitbucket-cloud-app.md +++ b/developer-tools/scm-integrations/organization-level-integrations/bitbucket-cloud-app.md @@ -1,13 +1,13 @@ # Bitbucket Cloud App -The Bitbucket Cloud App is positioned to be the default Bitbucket Cloud integration +The Bitbucket Cloud App is the default Bitbucket Cloud integration. -The Bitbucket Cloud App integration lets you connect your Snyk Organization to a Bitbucket Cloud Workspace and get all Snyk's core SCM integration features: +The Bitbucket Cloud App integration lets you connect your Snyk Organization to a Bitbucket Cloud Workspace and get all the core SCM integration features in Snyk: * Continuously perform security scanning across all the integrated repositories * Detect vulnerabilities in your Open Source components * Provide automated fixes and upgrades -* Provides developer teams with first-party visibility for security issues directly in the Bitbucket interface +* Provide developer teams with first-party visibility for security issues directly in the Bitbucket interface {% hint style="info" %} Snyk recommends using the Bitbucket Cloud App integration for smoother integration and to ensure long-term support. @@ -17,7 +17,7 @@ If you are using the [Bitbucket Cloud API token integration](bitbucket-cloud.md) ### Setting up a Bitbucket Cloud App -To give Snyk access to your Bitbucket account, you need to install the Snyk App on your Bitbucket Cloud workspace. +To give Snyk access to your Bitbucket account, you must install the Snyk App on your Bitbucket Cloud workspace. {% hint style="info" %} To install the Snyk App on your Bitbucket Cloud workspace, you must have **Admin** permissions for the Workspace in Bitbucket. @@ -126,7 +126,7 @@ The first-party interface currently supports only the [Snyk Open Source](https:/ You can **associate a first-party interface with a different Snyk account or Organization**. -During the first-time Bitbucket Cloud App onboarding process, the first-party interface is associated with a specific Snyk Organization. This is the Snyk Organization to which Bitbucket users will import repositories and for which they will view Snyk issues. +During the first-time Bitbucket Cloud App onboarding process, the first-party interface is associated with a specific Snyk Organization. This is the Snyk Organization to which Bitbucket users import repositories and for which they view Snyk issues. To change the Snyk Organization after onboarding, go to the workspace settings > **Security for Bitbucket Cloud** > **Integration Settings** and click **Connect via a different Snyk user/organization**. @@ -154,5 +154,5 @@ To disable this integration, in **Organization settings** > **Integrations** > * 2. Scroll to the **Disconnect** section and click **Remove** to remove the integration. {% hint style="info" %} -Disconnecting the integration from the Snyk side does not uninstall the app from your workspace in Bitbucket Cloud. To uninstall the Bitbucket app, navigate to your workspace settings in Bitbucket.org --> Installed Apps and remove the Snyk Security for Bitbucket Cloud app. +Disconnecting the integration from the Snyk side does not uninstall the app from your workspace in Bitbucket Cloud. To uninstall the Bitbucket app, navigate to your workspace settings in Bitbucket.org > **Installed Apps** and remove the Snyk Security for Bitbucket Cloud app. {% endhint %} diff --git a/developer-tools/scm-integrations/organization-level-integrations/bitbucket-cloud.md b/developer-tools/scm-integrations/organization-level-integrations/bitbucket-cloud.md index b2e18f02fc1e..b8592360eb18 100644 --- a/developer-tools/scm-integrations/organization-level-integrations/bitbucket-cloud.md +++ b/developer-tools/scm-integrations/organization-level-integrations/bitbucket-cloud.md @@ -13,7 +13,7 @@ The Bitbucket Cloud API token integration lets you: ### How to set up the Bitbucket Cloud Integration {% hint style="info" %} -Admin permissions are required; however, Snyk's access is ultimately limited by the [permissions assigned to the API Token](https://support.atlassian.com/bitbucket-cloud/docs/create-an-api-token/).\ +Admin permissions are required. However, Snyk access is ultimately limited by the [permissions assigned to the API Token](https://support.atlassian.com/bitbucket-cloud/docs/create-an-api-token/).\ \ To improve security, the use of app passwords in Bitbucket Cloud is transitioning to API tokens. Existing integrations that use app passwords will continue to function temporarily until 9 June 2026.\ To ensure continued support and functionality, update your Bitbucket Cloud integration in Snyk to use an API token. @@ -38,11 +38,11 @@ After you connect Snyk to your Bitbucket Cloud account, you can select repositor After you add the selected repositories, Snyk scans them for dependency files in the entire directory tree, that is, `package.json`, `pom.xml`, and so on, and imports them to Snyk as Projects. -The imported projects appear on your **Projects** page and are continuously checked for vulnerabilities. +The imported Projects appear on your **Projects** page and are continuously checked for vulnerabilities. ### Bitbucket integration features -After the integration is in place, you will be able to use capabilities such as: +After the integration is in place, you can use capabilities such as: * [Project-level security reports](bitbucket-cloud.md#project-level-security-reports) * [Project monitoring and automatic fix pull requests](bitbucket-cloud.md#project-monitoring-and-automatic-fix-pull-requests) diff --git a/developer-tools/scm-integrations/organization-level-integrations/bitbucket-data-center-server.md b/developer-tools/scm-integrations/organization-level-integrations/bitbucket-data-center-server.md index f2251c356442..562593e5df87 100644 --- a/developer-tools/scm-integrations/organization-level-integrations/bitbucket-data-center-server.md +++ b/developer-tools/scm-integrations/organization-level-integrations/bitbucket-data-center-server.md @@ -1,6 +1,6 @@ # Bitbucket Data Center/Server -The Bitbucket Data Center/Server integration allows you to continuously perform security scanning across all the integrated repositories, detect vulnerabilities in your open-source components, and use automated fixing. This integration supports Bitbucket Data Center/Server versions 4.0 and above. +The Bitbucket Data Center/Server integration lets you continuously perform security scanning across all the integrated repositories, detect vulnerabilities in your open-source components, and use automated fixing. This integration supports Bitbucket Data Center/Server versions 4.0 and above. For a quick reference, see the [Snyk and Bitbucket best practices cheat sheet](https://snyk.io/blog/snyk-bitbucket-best-practices-cheat-sheet/) on the Snyk blog. @@ -8,7 +8,7 @@ For a quick reference, see the [Snyk and Bitbucket best practices cheat sheet](h 1. To give Snyk access to your Bitbucket DC/Server account, set up a dedicated service account in Bitbucket DC/Server with admin permissions.\ Visit [Bitbucket Server documentation ](https://confluence.atlassian.com/bitbucketserver/users-and-groups-776640439.html#Usersandgroups-Creatingauser)to learn more about creating users.\ - Ensure the newly-created user has **Admin** permissions to all the repositories you need to monitor with Snyk. + Ensure the newly created user has **Admin** permissions to all the repositories you need to monitor with Snyk. 2. In Snyk, navigate to the **Integrations** page and click on the **Bitbucket Server** card. 3. Enter your Bitbucket DC/Server URL and the username and password for the service account you created. Alternatively, you can create a [personal access token](https://confluence.atlassian.com/bitbucketserver075/personal-access-tokens-1018784848.html) and use it instead of a password. 1. If your Bitbucket DC/Server instance has Basic Auth disabled, you must use a personal access token. @@ -24,7 +24,7 @@ To select the repositories for Snyk to monitor: 1. Click **Add your Bitbucket Server repositories to Snyk** to start importing repositories to Snyk. 2. When prompted, select the repositories to import to Snyk and click **Add selected repositories**. -After they are added, Snyk scans the selected repositories for dependency files in the entire directory tree, (that is, `package.json`, `pom.xml`, and so on) and imports them to Snyk as projects.\ +After they are added, Snyk scans the selected repositories for dependency files in the entire directory tree, (that is, `package.json`, `pom.xml`, and so on) and imports them to Snyk as Projects.\ \ The imported Projects appear on your Snyk **Projects** page and are continuously checked for vulnerabilities. @@ -106,15 +106,15 @@ Snyk performs all the Bitbucket DC/Server operations on behalf of the integrated For Snyk to perform the required operations on monitored repositories, such as reading manifest files on a frequent basis and opening fix or upgrade PRs, the integrated Bitbucket DC/Server service account needs **Admin** permissions on the imported repositories. -**Admin** permissions are also needed to set secure webhooks. Snyk relies on webhooks to perform a variety of tasks, from PR checks, to commit tests upon merge events, and upcoming auto imports. To ensure the events come from your system and your system only, with no tampering or spoofing, we secure the webhooks using the recommended method shared by the systems we are connecting to. For Bitbucket Server, please see [this link](https://confluence.atlassian.com/bitbucketserver/manage-webhooks-938025878.html#Managewebhooks-webhooksecretsSecuringyourwebhook).\ -To do this, a secret token is generated for each secure webhook we create. Snyk setting the webhooks resolves scalability constraints, eliminates token leakage, and reduces the integration workload for you. +**Admin** permissions are also needed to set secure webhooks. Snyk relies on webhooks to perform a variety of tasks, from PR checks, to commit tests upon merge events, and upcoming auto imports. To ensure the events come from your system and your system only, with no tampering or spoofing, Snyk secures the webhooks using the recommended method shared by the systems Snyk connects to. For Bitbucket Server, see the [Manage webhooks](https://confluence.atlassian.com/bitbucketserver/manage-webhooks-938025878.html#Managewebhooks-webhooksecretsSecuringyourwebhook) documentation.\ +To do this, Snyk generates a secret token for each secure webhook it creates. Snyk setting the webhooks resolves scalability constraints, eliminates token leakage, and reduces the integration workload for you. For detailed information on the permission scopes required, see [Bitbucket permission requirements](../user-permissions-and-access-scopes.md#bitbucket-cloud-and-bitbucket-data-center-server-scopes). ### How to disconnect the Bitbucket Data Center/Server integration {% hint style="warning" %} -When you disconnect Snyk from your Bitbucket repository projects, your credentials are removed from Snyk, and any integration-specific projects that Snyk is monitoring are deactivated in Snyk.\ +When you disconnect Snyk from your Bitbucket repository Projects, your credentials are removed from Snyk, and any integration-specific Projects that Snyk is monitoring are deactivated in Snyk.\ To re-enable this integration later, you must re-enter your credentials and activate your Projects. {% endhint %} diff --git a/developer-tools/scm-integrations/organization-level-integrations/github-cloud-app.md b/developer-tools/scm-integrations/organization-level-integrations/github-cloud-app.md index a3016248eae6..b46b2972effb 100644 --- a/developer-tools/scm-integrations/organization-level-integrations/github-cloud-app.md +++ b/developer-tools/scm-integrations/organization-level-integrations/github-cloud-app.md @@ -29,7 +29,7 @@ The GitHub Cloud App improves on many features as compared to the current GitHub * RBAC (Role-Based Access Control) Compliance: With the GitHub Cloud App, the access control mechanism is decoupled from individual user accounts. Instead, it is associated with the app entity itself. This separation allows for better management and enforcement of RBAC policies, as access control is handled at the application level rather than being tied to individual user accounts. * Granular access control: The GitHub Cloud App allows for fine-grained control over access permissions at the repository level. -* Increased API rate limit: The GitHub Cloud App provides higher rate limits, allowing Snyk to make a larger number of API requests. This increased limit will assist in handling large-scale use cases, such as monorepos with a large number of Projects, GitHub organizations with a large number of repositories, and more. +* Increased API rate limit: The GitHub Cloud App provides higher rate limits, allowing Snyk to make a larger number of API requests. This increased limit helps handle large-scale use cases, such as monorepos with a large number of Projects, GitHub organizations with a large number of repositories, and more. * Enabler for an enhanced developer experience: * Pull request checks: The Checks tab experience in GitHub is exclusively accessible through the GitHub Cloud App, enabling an SCM native experience as part of potential future PR check workflow improvements. * Fix and upgrade pull requests: Pull requests initiated by Snyk are performed directly by the GitHub App rather than a service account. @@ -70,7 +70,7 @@ Specify whether you wish to install the app in all of the repositories belonging
Install and Authorize settings for the GitHub organization you are installing the GitHub Cloud App into

Install and authorize settings for the GitHub organization you are installing the GitHub Cloud App into

{% hint style="warning" %} -The GitHub Cloud App will lose access to Snyk if it is uninstalled from the GitHub organization or if the repositories to which the app instance has access are edited. +The GitHub Cloud App loses access to Snyk if it is uninstalled from the GitHub organization or if the repositories to which the app instance has access are edited. {% endhint %} ## How to migrate to the GitHub Cloud App diff --git a/developer-tools/scm-integrations/organization-level-integrations/github-enterprise.md b/developer-tools/scm-integrations/organization-level-integrations/github-enterprise.md index 64cf9a3b5c93..bce9af49805a 100644 --- a/developer-tools/scm-integrations/organization-level-integrations/github-enterprise.md +++ b/developer-tools/scm-integrations/organization-level-integrations/github-enterprise.md @@ -50,7 +50,7 @@ See [GitHub and GitHub Enterprise permissions requirements](../user-permissions- 1. In Snyk, navigate to the **Integrations** page and click the **GitHub Enterprise** card. 2. Enter your GitHub Enterprise URL and the personal access token (PAT) for the service account you created, and **Save** your changes. After Snyk has successfully connected to the GitHub instance, the list of available repositories displays for your selection. 3. If your GitHub Enterprise organization enforces SAML/SSO, select **Configure SSO** next to the PAT in GitHub after the PAT has been created.\ - Occasionally, SSO is enforced in your GitHub Enterprise organizations after a PAT and Integration are configured. If this happens, any Projects that have already been imported show in Snyk, but retests, PR Checks, and so on, will not be performed. To fix this, check the **Configure SSO** settings to ensure the GitHub Enterprise organization is **Authorized**.\ + Occasionally, SSO is enforced in your GitHub Enterprise organizations after a PAT and Integration are configured. If this happens, any Projects that have already been imported show in Snyk, but Snyk does not perform retests, PR Checks, and so on. To fix this, check the **Configure SSO** settings to ensure the GitHub Enterprise organization is **Authorized**.\ If the organization is showing as **Authorized**, but the issue still persists, try de-authorizing the organization and then re-authorizing. {% hint style="info" %} @@ -60,7 +60,7 @@ Ensure that there are no trailing characters such as `/` following the url. An i {% endhint %} {% hint style="warning" %} -If the PAT token changes or expires in GitHub, the integration with Snyk will not function. To resolve this, update the token in the Snyk **GitHub Enterprise Integration settings**. +If the PAT token changes or expires in GitHub, the integration with Snyk does not function. To resolve this, update the token in the Snyk **GitHub Enterprise Integration settings**. {% endhint %} #### How to import GitHub repositories @@ -123,7 +123,7 @@ The Auto-assign PRs feature is supported only for private repositories. Snyk can automatically assign the pull requests it creates to ensure that they are handled by the right team members. -Auto-assign for PRs can be enabled for the GitHub and GitHub Enterprise integration and all Projects imported via GitHub, or on a per-Project basis. +Auto-assign for PRs can be enabled for the GitHub and GitHub Enterprise integration and all Projects imported through GitHub, or on a per-Project basis. Users can either be manually specified, and all will be assigned, or automatically selected based on the last commit user account. @@ -164,9 +164,9 @@ Disconnecting the Snyk GitHub Enterprise integration halts all scans for importe
Confirm disconnecting from GitHub Enterprise

Confirm disconnecting from GitHub Enterprise

-After GitHub Enterprise is disconnected, imported Snyk Projects will be set to inactive, and you will no longer get alerts, pull requests, or Snyk tests on pull requests. +After GitHub Enterprise is disconnected, Snyk sets imported Projects to inactive, and you no longer get alerts, pull requests, or Snyk tests on pull requests. -You can re-connect anytime; however, re-initiating GitHub Enterprise projects for monitoring requires setting up the integration again. +You can re-connect anytime. However, re-initiating GitHub Enterprise Projects for monitoring requires setting up the integration again. 4. Broker Token (`mandatory`): Create and add your Broker token if you use Snyk Broker. * Generate your Broker token by following the instructions from the [Obtain your Broker token for Snyk Broker](https://app.gitbook.com/s/IgtgtomLQ2TUgSKOMSAm/snyk-broker/classic-broker/prepare-snyk-broker-for-deployment/obtain-the-tokens-required-to-set-up-snyk-broker) page. diff --git a/developer-tools/scm-integrations/organization-level-integrations/github-read-only-projects.md b/developer-tools/scm-integrations/organization-level-integrations/github-read-only-projects.md index 178e4f3fc539..371ee8b9dc77 100644 --- a/developer-tools/scm-integrations/organization-level-integrations/github-read-only-projects.md +++ b/developer-tools/scm-integrations/organization-level-integrations/github-read-only-projects.md @@ -2,11 +2,11 @@ ### How GitHub Read-only Projects work -Snyk offers GitHub Read-only Projects, providing the ability to monitor a public GitHub repository that is not owned by your Organization. +Snyk offers GitHub Read-only Projects, which let you monitor a public GitHub repository that your Organization does not own. Adding a read-only Project lets you track the vulnerabilities in a Project you are considering using as a dependency, a Project you are already using as a stand-alone independent tool within your business, or any other public repository where you do not need to actively prevent or fix issues using Snyk. -The repository is tested daily using your Organization's GitHub credentials. These automated tests are not counted as part of the test limits of your Snyk plan. +Snyk tests the repository daily using your Organization's GitHub credentials. These automated tests do not count as part of the test limits of your Snyk plan. Unlike Projects imported through the Snyk GitHub integration, Projects that are imported or monitored with the read-only status cannot do the following: @@ -21,8 +21,8 @@ Unlike Projects imported through the Snyk GitHub integration, Projects that are Import a read-only Project using the **Add project** > **Monitor public GitHub repos** menu in the **Dashboard** and **Projects** tabs, or by going to [Monitor public GitHub repositories](https://app.snyk.io/add/github-readonly). 1. Enter a public repository to monitor, following the format `owner/repository.` -2. When you have entered a valid repository name, click **+ Add repo**.\ - The repository is quickly tested for a supported manifest file. -3. Enter the public repositories you want to monitor and select **Import N repository/ies**. +2. After you enter a valid repository name, click **+ Add repo**.\ + Snyk tests the repository for a supported manifest file. +3. Enter the public repositories you want to monitor and select **Import N repositories**.
Add repo and Import repository or repositories

Add repo and Import repository or repositories

diff --git a/developer-tools/scm-integrations/organization-level-integrations/github-server-app.md b/developer-tools/scm-integrations/organization-level-integrations/github-server-app.md index 54d2ab0cc61f..8b61613d850c 100644 --- a/developer-tools/scm-integrations/organization-level-integrations/github-server-app.md +++ b/developer-tools/scm-integrations/organization-level-integrations/github-server-app.md @@ -20,11 +20,11 @@ This feature supports self-hosted instances of GitHub and Snyk [Universal Broker The Snyk GitHub Server App improves on many features compared to the Snyk GitHub Enterprise integration, including role-based granular access control, increased API rate limits, and the creation of an entry point for expanded and enhanced developer experiences. * RBAC (Role-Based Access Control) Compliance: - * With the GitHub Server App, the access control mechanism is decoupled from individual user accounts. Instead, it is associated with the app entity itself. This separation allows for better management and enforcement of RBAC policies, as access control is handled at the application level rather than being tied to individual user accounts. + * With the GitHub Server App, the access control mechanism is decoupled from individual user accounts. Instead, it is associated with the app entity itself. This separation allows better management and enforcement of RBAC policies, because access control is handled at the application level rather than being tied to individual user accounts. * Granular access control: - * The GitHub Server App allows for fine-grained control over access permissions at the repository level. + * The GitHub Server App provides fine-grained control over access permissions at the repository level. * Increased API rate limit: - * The GitHub Server App provides higher rate limits, allowing Snyk to make a larger number of API requests. This increased limit will assist in handling large-scale use cases, such as monorepos with a large number of Projects, GitHub organizations with a large number of repositories, and more. + * The GitHub Server App provides higher rate limits, letting Snyk make a larger number of API requests. This increased limit helps in handling large-scale use cases, such as monorepos with a large number of Projects, GitHub organizations with a large number of repositories, and more. * Enabler for an enhanced developer experience: * Pull request checks: The Checks tab experience in GitHub is exclusively accessible through the GitHub Cloud App, enabling an SCM native experience as part of potential future PR check workflow improvements. * Fix and upgrade pull requests: Pull requests initiated by Snyk are performed directly by the GitHub App rather than a service account. @@ -38,11 +38,11 @@ When setting up the GitHub Server App, you can implement only one of the followi * One GitHub organization connected to multiple Snyk Organizations {% endhint %} -In the Snyk UI navigate to the integrations page and select the **GitHub Server App** tile. +In the Snyk Web UI, navigate to the integrations page and select the **GitHub Server App** tile.

GitHub Server App tile highlighted in the Snyk UI

-Clicking on the tile opens a modal that allows you to enter the URL of your GitHub Server. Entering the URL of your GitHub Server instance will redirect you to your GitHub instance, where you will be able to create the app. +Clicking the tile opens a modal where you can enter the URL of your GitHub Server. Entering the URL of your GitHub Server instance redirects you to your GitHub instance, where you can create the app.

Integration model prompting you for your GitHub Server's URL

@@ -65,7 +65,7 @@ Specify whether you wish to install the app in all or a select number of the rep

Install and authorize settings for the GitHub organization you are installing the GitHub Cloud App into

{% hint style="danger" %} -The GitHub Server App will lose access to Snyk if it is uninstalled from the GitHub organization. If this happens, you can create a fresh integration in Snyk to regain access. +The GitHub Server App loses access to Snyk if it is uninstalled from the GitHub organization. If this happens, you can create a fresh integration in Snyk to regain access. {% endhint %} ### Migrate from an existing GitHub Enterprise integration @@ -75,7 +75,7 @@ If you are an Enterprise plan customer, you can migrate Snyk Targets to the GitH ### How to disconnect a non-brokered GitHub Server App integration {% hint style="warning" %} -Disconnecting the Snyk GitHub Server App integration halts all scans for imported repositories. PR checks cannot be executed and Projects are deactivated in the Snyk Web UI. +Disconnecting the Snyk GitHub Server App integration halts all scans for imported repositories. Snyk cannot run PR checks, and Projects are deactivated in the Snyk Web UI. Note that the GitHub App will remain listed on your GitHub organization until removed manually. {% endhint %} @@ -86,20 +86,20 @@ Note that the GitHub App will remain listed on your GitHub organization until re

Confirm disconnecting from GitHub Server App

-After the integration is disconnected, imported Snyk Projects will be set to inactive, and you will no longer get alerts, pull requests, or Snyk tests on pull requests. +After the integration is disconnected, imported Snyk Projects are set to inactive, and you no longer get alerts, pull requests, or Snyk tests on pull requests. -You can re-connect anytime; however, re-initiating the Snyk Projects for monitoring requires setting up the integration again. +You can re-connect anytime. However, re-initiating the Snyk Projects for monitoring requires setting up the integration again. ### How to disconnect a brokered GitHub Server App integration {% hint style="warning" %} -Disconnecting the Snyk GitHub Server App integration halts all scans for imported repositories. PR checks cannot be executed and Projects are deactivated in the Snyk Web UI. +Disconnecting the Snyk GitHub Server App integration halts all scans for imported repositories. Snyk cannot run PR checks, and Projects are deactivated in the Snyk Web UI. Note that the GitHub App will remain listed on your GitHub organization until the app is removed manually. {% endhint %} Run `snyk-broker-config workflows connections disconnect` and select the connection you want to disconnect. -After the integration is disconnected, imported Snyk Projects will be set to inactive, and you will no longer get alerts, pull requests, or Snyk tests on pull requests. +After the integration is disconnected, imported Snyk Projects are set to inactive, and you no longer get alerts, pull requests, or Snyk tests on pull requests. -You can re-connect anytime; however, re-initiating the Snyk Projects for monitoring requires setting up the integration again. +You can re-connect anytime. However, re-initiating the Snyk Projects for monitoring requires setting up the integration again. diff --git a/developer-tools/scm-integrations/organization-level-integrations/github.md b/developer-tools/scm-integrations/organization-level-integrations/github.md index 763b414fbde7..d3deb68b32bc 100644 --- a/developer-tools/scm-integrations/organization-level-integrations/github.md +++ b/developer-tools/scm-integrations/organization-level-integrations/github.md @@ -9,13 +9,13 @@ ### Known limitations of the GitHub integration -You cannot use the GitHub integration with a Snyk [Service Account](https://app.gitbook.com/s/IgtgtomLQ2TUgSKOMSAm/service-accounts/service-accounts), as the GitHub integration is associated with your user account, not with the Snyk Organization. +You cannot use the GitHub integration with a Snyk [Service Account](https://app.gitbook.com/s/IgtgtomLQ2TUgSKOMSAm/service-accounts/service-accounts), because the GitHub integration is associated with your user account, not with the Snyk Organization. Use the [GitHub Enterprise integration](github-enterprise.md) to import public and private Projects using the API with a Snyk Service Account. ### GitHub integration features -The GitHub integration allows you to: +The GitHub integration lets you: * Continuously perform security scanning across all the integrated repositories * Detect vulnerabilities in your open-source components @@ -33,9 +33,9 @@ To connect your GitHub repositories to Snyk for scanning, you need to set up the ### GitHub integration settings -To see all settings for your GitHub integration, go to the GitHub Integration settings page, then navigate to Organization **Settings**, and select **GitHub** in the **Integrations** section: +To see all settings for your GitHub integration, navigate to the GitHub Integration settings page, then navigate to Organization **Settings**, and select **GitHub** in the **Integrations** section: -You can then scroll down to the section required, and set the options accordingly: +You can then scroll to the section required, and set the options accordingly: * [General settings](github.md#general-github-integration-settings) * Pull requests: @@ -62,7 +62,7 @@ Select **General** to view general settings: ### GitHub integration features -After you have connected GitHub to Snyk, you can use: +After you connect GitHub to Snyk, you can use: * [Project-level security reports](github.md#project-level-security-reports) * [Project monitoring and automatic fix pull requests](github.md#project-monitoring-and-automatic-fix-pull-requests) @@ -85,7 +85,7 @@ This example shows a Project-level security report. #### Project monitoring and automatic fix pull requests -Snyk scans your Projects on either a daily or a weekly basis. When new vulnerabilities are found, Snyk notifies you via email and opens automated pull requests with fixes for your repositories. +Snyk scans your Projects on either a daily or a weekly basis. When Snyk finds new vulnerabilities, it notifies you by email and opens automated pull requests with fixes for your repositories. The example that follows shows a fix pull request opened by Snyk. @@ -105,11 +105,11 @@ Scroll down to the **Automatic fix PRs** section and set the options. For defini For availability with Snyk Broker, see the [Commit signing](https://app.gitbook.com/s/IgtgtomLQ2TUgSKOMSAm/snyk-broker/snyk-broker-commit-signing) page in the Broker docs. {% endhint %} -All the commits in Snyk's pull requests are done by `snyk-bot@snyk.io` (a verified user on GitHub), and signed with a PGP key. All Snyk pull requests appear as verified on GitHub, thus providing your developers with the confidence that the fix and upgrade pull requests are generated by a trusted source. +All the commits in Snyk pull requests are done by `snyk-bot@snyk.io` (a verified user on GitHub), and signed with a PGP key. All Snyk pull requests appear as verified on GitHub, giving your developers the confidence that a trusted source generates the fix and upgrade pull requests. #### Pull request status checks -The Snyk [PR Checks](https://app.gitbook.com/s/BJO0IZx7zB6bOkotxQP2/prevent/pull-request-checks) feature allows Snyk to test any new PR in your repositories for security vulnerabilities and sends a status check to GitHub. This lets you see, directly in GitHub, whether or not the pull request introduces new security issues. +The Snyk [PR Checks](https://app.gitbook.com/s/BJO0IZx7zB6bOkotxQP2/prevent/pull-request-checks) feature lets Snyk test any new PR in your repositories for security vulnerabilities and sends a status check to GitHub. This lets you see, directly in GitHub, whether the pull request introduces new security issues. This example shows how Snyk PR checks appear on the GitHub pull request page. @@ -123,16 +123,16 @@ You can review and adjust the pull request test settings using the Snyk GitHub I In non-brokered GitHub integrations, operations that are triggered through the Snyk Web UI, for example, opening a Fix PR or re-testing a Project, are performed on behalf of the acting user. -Therefore, a user who wants to perform this operation on GitHub through the Snyk UI must connect their GitHub account to Snyk with the required permission scope for the repositories where they want to perform these operations. See [GitHub and GitHub Enterprise permissions requirements](../user-permissions-and-access-scopes.md#github-and-github-enterprise-permissions-requirements) for details. +Therefore, a user who wants to perform this operation on GitHub through the Snyk Web UI must connect their GitHub account to Snyk with the required permission scope for the repositories where they want to perform these operations. See [GitHub and GitHub Enterprise permissions requirements](../user-permissions-and-access-scopes.md#github-and-github-enterprise-permissions-requirements) for details. Operations that are not triggered through the Snyk Web UI, such as daily and weekly tests and automatic PRs (fix and upgrade), are performed on behalf of random Snyk Organization members who have connected their GitHub accounts to Snyk and have the required permission scope for the repository. -For public repositories that are non-brokered, some operations, such as creating the PR, may occasionally be performed by `snyk-bot@snyk.io`. +For public repositories that are non-brokered, `snyk-bot@snyk.io` occasionally performs some operations, such as creating the PR. {% hint style="info" %} A Snyk Organization administrator can [designate a specific GitHub account to use for opening fix and upgrade PRs](https://app.gitbook.com/s/BJO0IZx7zB6bOkotxQP2/fix/snyk-pull-or-merge-requests/opening-fix-and-upgrade-pull-requests-from-a-fixed-github-account). -Note that Snyk will continue to use a random Snyk Organization member's GitHub account to perform all the other operations. Therefore using this feature does not eliminate the need to connect users' GitHub accounts to Snyk. +Note that Snyk continues to use a random Snyk Organization member's GitHub account to perform all the other operations. Therefore, using this feature does not eliminate the need to connect users' GitHub accounts to Snyk. {% endhint %} ### How to set up a GitHub account to open Snyk PRs and enable the Pull Request Experience @@ -140,12 +140,12 @@ Note that Snyk will continue to use a random Snyk Organization member's GitHub a You can designate a specific GitHub account to open fix and upgrade pull requests, and enable the [Pull Request Experience](https://app.gitbook.com/s/BJO0IZx7zB6bOkotxQP2/prevent/pull-request-checks/pull-request-experience). {% hint style="info" %} -The configured account is only used for opening PRs and posting issue summary and inline comments. All other operations are still performed on behalf of a randomly selected Snyk Organization member who has connected their GitHub accounts to Snyk. +The configured account is used only for opening PRs and posting issue summary and inline comments. All other operations are still performed on behalf of a randomly selected Snyk Organization member who has connected their GitHub accounts to Snyk. {% endhint %} To use this feature, follow these steps: -1. Navigate to the GitHub Integrations settings page in the Snyk Web UI using Organization **Settings** **Integrations** > **Source control** > **GitHub**. +1. Navigate to the GitHub Integrations settings page in the Snyk Web UI using Organization **Settings** > **Integrations** > **Source control** > **GitHub**. 2. In the **Open Snyk automatic PRs from a fixed GitHub account** section, enter your GitHub personal access token.\ You can [generate this from your GitHub account](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token). 3. Click **Save** to enable this feature. @@ -168,13 +168,13 @@ The Auto-assign PRs feature is supported only for private repositories. Snyk can automatically assign the pull requests it creates to ensure that they are handled by the right team members. -Auto-assign for PRs can be enabled for the GitHub and GitHub Enterprise integration and all Projects imported via GitHub, or on a per-Project basis. +You can enable Auto-assign for PRs for the GitHub and GitHub Enterprise integration and all Projects imported using GitHub, or on a per-Project basis. -Users can either be manually specified, and all will be assigned, or automatically selected based on the last commit user account. +You can either specify users manually, and Snyk assigns all of them, or select them automatically based on the last commit user account. #### Enable Auto-assign for all Projects in the GitHub integration -To configure the Auto-assign settings for all the Projects from an imported private repository, go to the Github integration settings using Organization **Settings** > **Integrations** > **Source control** > **GitHub** and select **Enable pull request assignees**. +To configure the Auto-assign settings for all the Projects from an imported private repository, navigate to the Github integration settings using Organization **Settings** > **Integrations** > **Source control** > **GitHub** and select **Enable pull request assignees**. You can then choose to assign PRs to the last user to change the manifest file or specified contributors. @@ -191,7 +191,7 @@ To configure the Auto-assign settings for a specific Project from an imported pr 1. In the **Projects** tab for your Organization, select and expand the relevant private repository, select a Target, and click the **Settings** cog. This opens the Project page. 2. On the Project page, apply unique settings for that specific Project.\ Select the **Settings** tab in the upper right and the **Github integration** \_\_ option in the left sidebar. -3. Go to the **Pull request assignees for private repos** section at the bottom of the page and choose to **Inherit from integration settings** or **Customize only for this Project**. +3. Navigate to the **Pull request assignees for private repos** section at the bottom of the page and choose to **Inherit from integration settings** or **Customize only for this Project**. 4. Ensure **Auto-assign PRs for this private Project** is enabled. 5. Choose to assign PRs to the last user to change the manifest file or named contributors. @@ -199,32 +199,32 @@ To configure the Auto-assign settings for a specific Project from an imported pr ### How to disable the GitHub integration -The GitHub SCM integration leverages the OAuth app integration. If you integrated GitHub without using Snyk Broker, you can disconnect it by following these steps: +The GitHub SCM integration uses the OAuth app integration. If you integrated GitHub without using Snyk Broker, you can disconnect it by following these steps: 1. In GitHub, log in to the GitHub account that you used to create the integration. -2. Go to your GitHub account settings and select the **Applications** option in the left sidebar. +2. Navigate to your GitHub account settings and select the **Applications** option. 3. Select the **Authorized OAuth Apps** tab.\ You can also reach the [Authorized OAuth Apps tab directly](https://github.com/settings/applications). -4. Find the **Snyk** entry, click the three (3) dots on the right, and select **Revoke**. +4. Find the **Snyk** entry, click the three dots, and select **Revoke**.
Revoke OAuth authorization

Revoke OAuth authorization

-Revoking this access effectively disconnects Snyk’s access to that GitHub account. +Revoking this access disconnects Snyk access to that GitHub account. -* Existing imported snapshots will persist in Snyk and continue to be re-scanned based on the existing snapshots until deleted. -* Snyk will no longer be able to import new Projects from the GitHub integration and will no longer re-scan on new code merges. +* Existing imported snapshots persist in Snyk and continue to be re-scanned based on the existing snapshots until deleted. +* Snyk can no longer import new Projects from the GitHub integration and no longer re-scans on new code merges. In addition, you must confirm that Snyk is not enabled on any existing **Branch protection rules**. {% hint style="info" %} -Note that branch protection is active only after a PR has been raised. +Note that branch protection is active only after a PR is raised. {% endhint %} -1. From the main page of your GitHub repository, go to **Settings** > **Branches** > **Branch protection rules**. +1. From the main page of your GitHub repository, navigate to **Settings** > **Branches** > **Branch protection rules**. 2. Ensure there are no **Status checks found in the last week for this repository**. {% hint style="info" %} -A disconnected GitHub integration will still appear as configured in the Integrations menu of the Snyk UI. However, clicking on the integration settings will show that it is not connected. In this case, the "configured" integration can safely be ignored. +A disconnected GitHub integration still appears as configured in the Integrations menu of the Snyk Web UI. However, clicking the integration settings shows that it is not connected. In this case, you can safely ignore the "configured" integration. {% endhint %} ### Migrate to the GitHub Enterprise integration @@ -235,19 +235,19 @@ Before deleting Snyk Projects imported using the GitHub integration, consider th Before you configure and Import Projects using the [GitHub Enterprise integration](github-enterprise.md), Snyk recommends removing all Projects imported using the GitHub integration. This avoids having duplicate Snyk Projects. -You can remove Projects imported using the GitHub integration manually by removing the Projects from Snyk. However, depending on how many Projects you have already imported using the GitHub integration, it may be easier for you to create a new Snyk Organization. +You can remove Projects imported using the GitHub integration manually by removing the Projects from Snyk. However, depending on how many Projects you have already imported using the GitHub integration, it might be easier for you to create a new Snyk Organization. -If you have already created multiple Snyk Organizations and Projects have been imported from GitHub to each Organization, it may be easier to re-create the Snyk Organizations to use the Snyk GitHub Enterprise integration than to update each one manually. If you choose to do this, you can copy integration settings from an existing Organization to avoid having to re-configure other integrations. +If you have already created multiple Snyk Organizations and imported Projects from GitHub to each Organization, it might be easier to re-create the Snyk Organizations to use the Snyk GitHub Enterprise integration than to update each one manually. If you choose to do this, you can copy integration settings from an existing Organization to avoid having to re-configure other integrations. #### Migration steps If you already have multiple Snyk Organizations with Projects imported using the GitHub integration, follow these steps to migrate from GitHub integration to GitHub Enterprise integration. -1. Create a new Snyk Organization that will be used as the template for all others. You can copy integration settings from an existing Organization if required. -2. In this new template Organization, set up the Snyk GitHub Enterprise integration using the steps on the page [GitHub Enterprise integration](github-enterprise.md#how-to-set-up-the-github-enterprise-integration). The dedicated GitHub service account in those steps is a separate user account that you will use as the connection between Snyk and GitHub. -3. When the Snyk GitHub Enterprise integration is configured, you can import a Project to your template Organization to test that the integration is working as expected. -4. You can now create new Organizations that will replace the existing Organizations that were configured using the GitHub integration. As you create each new Organization, ensure that you copy the integration settings from this template Organization so that the GitHub Enterprise integration is available. +1. Create a new Snyk Organization to use as the template for all others. You can copy integration settings from an existing Organization if required. +2. In this new template Organization, set up the Snyk GitHub Enterprise integration using the steps on the page [GitHub Enterprise integration](github-enterprise.md#how-to-set-up-the-github-enterprise-integration). The dedicated GitHub service account in those steps is a separate user account that you use as the connection between Snyk and GitHub. +3. When the Snyk GitHub Enterprise integration is configured, you can import a Project to your template Organization to test that the integration works as expected. +4. You can now create new Organizations to replace the existing Organizations that were configured using the GitHub integration. As you create each new Organization, ensure that you copy the integration settings from this template Organization so that the GitHub Enterprise integration is available. 5. Now that your new Organizations are created, you can import your Projects, choosing the GitHub Enterprise integration when you select the source. 6. You can now remove the previous Organizations that were configured using the GitHub integration. -You may want to [disconnect your GitHub integration](github-enterprise.md#how-to-disconnect-the-github-enterprise-integration) to avoid unintentionally importing Projects using the GitHub integration in the future. Because the GitHub integration is configured per user account, rather than per Organization, each user who has set up the GitHub integration must complete this disconnection process individually. +You might want to [disconnect your GitHub integration](github-enterprise.md#how-to-disconnect-the-github-enterprise-integration) to avoid unintentionally importing Projects using the GitHub integration in the future. Because the GitHub integration is configured per user account, rather than per Organization, each user who has set up the GitHub integration must complete this disconnection process individually. diff --git a/developer-tools/scm-integrations/organization-level-integrations/gitlab.md b/developer-tools/scm-integrations/organization-level-integrations/gitlab.md index 302d3dcaa4fc..b9688c7bedc3 100644 --- a/developer-tools/scm-integrations/organization-level-integrations/gitlab.md +++ b/developer-tools/scm-integrations/organization-level-integrations/gitlab.md @@ -5,7 +5,7 @@ The GitLab integration is available only with Enterprise plans. For more information, see [plans and pricing](https://snyk.io/plans/). -[Snyk Broker](https://app.gitbook.com/s/IgtgtomLQ2TUgSKOMSAm/snyk-broker/snyk-broker) is required if you are integrating from a private network. +You need [Snyk Broker](https://app.gitbook.com/s/IgtgtomLQ2TUgSKOMSAm/snyk-broker/snyk-broker) if you are integrating from a private network. {% endhint %} ### Prerequisites for GitLab integration @@ -15,7 +15,7 @@ The GitLab integration is available only with Enterprise plans. For more informa ### GitLab integration features -The GitLab integration allows you to: +The GitLab integration lets you: 1. Check for vulnerabilities in your pull requests. 2. From the **Report** page or the **Project** page on the Snyk Web UI, [trigger a Snyk pull request](gitlab.md#fix-vulnerabilities-with-snyk-merge-requests) for the fixes listed. @@ -28,13 +28,13 @@ To set up the GitLab integration with Snyk, create a GitLab access token and ent Typically, the first user in a Snyk Organization, a [Snyk admin](https://app.gitbook.com/s/IgtgtomLQ2TUgSKOMSAm/#user-types) and GitLab Owner or Maintainer, sets up an integration with a **GitLab Personal Access Token** or **Group Access Token**. This token is then authenticated with GitLab, enabling access by Snyk to the repositories in that GitLab account. -* A **GitLab Personal Access Token** is used to perform actions on and manage personal GitLab projects individually. These differ from Group Access Tokens as they are attached to a user rather than a GitLab group. For Snyk Essentials to show all repositories from GitLab, the user generating the PAT should be part of the GitLab group where their GitLab permissions can be a minimum of Guest. -* A **GitLab Group Access Token** is used to perform actions for and manage more than one GitLab project within a GitLab group. The Group Access Token also grants access to all GitLab projects in a GitLab group or subgroup without contributing to GitLab's licensed user count. +* A **GitLab Personal Access Token** performs actions on and manages personal GitLab projects individually. These differ from Group Access Tokens because they are attached to a user rather than a GitLab group. For Snyk Essentials to show all repositories from GitLab, the user generating the PAT must be part of the GitLab group where their GitLab permissions can be a minimum of Guest. +* A **GitLab Group Access Token** performs actions for and manages more than one GitLab project in a GitLab group. The Group Access Token also grants access to all GitLab projects in a GitLab group or subgroup without contributing to the licensed user count in GitLab. -To trigger the creation of fix pull requests manually, all users in a Snyk Organization can add and work with any related Snyk Projects, while the merge requests themselves will appear in GitLab as having been opened by the Snyk admin who set up the configuration. +To trigger the creation of fix pull requests manually, all users in a Snyk Organization can add and work with any related Snyk Projects, while the merge requests themselves appear in GitLab as opened by the Snyk admin who set up the configuration. {% hint style="warning" %} -Group Access Tokens can only be created by a GitLab Owner using a GitLab Premium or Ultimate [account tier](https://about.gitlab.com/pricing/). This can be done in [GitLab's web UI](https://docs.gitlab.com/ee/user/group/settings/group_access_tokens.html), their Rails console, or through the GitLab API. +Only a GitLab Owner using a GitLab Premium or Ultimate [account tier](https://about.gitlab.com/pricing/) can create Group Access Tokens. You can do this in the [GitLab web UI](https://docs.gitlab.com/ee/user/group/settings/group_access_tokens.html), the Rails console, or through the GitLab API. {% endhint %} ### How to set up the GitLab integration @@ -52,7 +52,7 @@ Group Access Tokens can only be created by a GitLab Owner using a GitLab Premium Generating a GitLab Group Access Token requires selecting the Maintainer role for access. -Selecting the **api** scope with a **Maintainer** role allows Snyk to authenticate user accounts and create webhooks, enabling the following: +Selecting the **api** scope with a **Maintainer** role lets Snyk authenticate user accounts and create webhooks, enabling the following: * Automation of fix pull requests and Snyk tests on your pull requests. * Manual creation of fix pull requests. @@ -73,12 +73,12 @@ Selecting the **api** scope with a **Maintainer** role allows Snyk to authentica #### Fix vulnerabilities with Snyk merge requests -When viewing a Snyk test report for a Snyk Project that you own or when looking at a GitLab Project that you are watching with Snyk, you see two options for fixing a vulnerability: +When viewing a Snyk test report for a Snyk Project that you own or when looking at a GitLab Project that you are watching with Snyk, you see two (2) options for fixing a vulnerability: * **Fix these vulnerabilities**: generate a Snyk merge request with the minimal changes needed to fix all the Snyk Project's detected vulnerabilities. * **Fix this vulnerability**: generate a Snyk merge request on an individual issue that fixes the vulnerability. -You can review the vulnerabilities that will be fixed, change your selection with the checkboxes, and choose to ignore any vulnerabilities that cannot be fixed now before opening the merge request on the **Open a Fix Merge Request** page. +You can review the vulnerabilities that Snyk fixes, change your selection with the checkboxes, and choose to ignore any vulnerabilities that cannot be fixed now before opening the merge request on the **Open a Fix Merge Request** page. {% hint style="info" %} GitLab webhooks send out an event to Snyk when merge requests occur. This starts a series of other events, such as pulling GitLab project files, running the test process, and posting the results to GitLab, all of which occur on the Snyk side. @@ -86,14 +86,14 @@ GitLab webhooks send out an event to Snyk when merge requests occur. This starts #### Receive email alerts for new vulnerabilities -When a new vulnerability is detected on a Snyk Project you are watching, Snyk will send you an email with a generated Snyk merge request to address the vulnerability. +When Snyk detects a new vulnerability on a Snyk Project you are watching, it sends you an email with a generated Snyk merge request to address the vulnerability. #### Receive email alerts for new upgrades or patches -You may find yourself in a situation where no upgrade is found for a vulnerability, and only a patch is available. When a fix does become available, Snyk notifies you by email and generates a merge request containing the new fix. +You might find yourself in a situation where no upgrade is found for a vulnerability, and only a patch is available. When a fix does become available, Snyk notifies you by email and generates a merge request containing the new fix. {% hint style="warning" %} -Patching is only available on Node.js Projects. +Patching is available only on Node.js Projects. {% endhint %} ### How to disconnect the GitLab integration @@ -101,7 +101,7 @@ Patching is only available on Node.js Projects. {% hint style="warning" %} Disconnecting the GitLab integration removes all Snyk webhooks, along with the Snyk credentials, and deactivates the GitLab Projects in the Snyk Web UI. -The Projects will be set to inactive, and you will no longer get alerts, pull requests, or Snyk tests on your pull requests. +The Projects are set to inactive, and you no longer get alerts, pull requests, or Snyk tests on your pull requests. {% endhint %} 1. Navigate to the Snyk GitLab integration **Settings**. @@ -110,9 +110,9 @@ The Projects will be set to inactive, and you will no longer get alerts, pull re
Confirm diconnecting from GitLab

Confirm disconnecting from GitLab

-After GitLab is disconnected, Snyk Projects imported from GitLab will be set to inactive, and you will no longer get alerts, pull requests, or Snyk tests on pull requests. The webhook that enables the integration for this repository will be removed. +After GitLab is disconnected, Snyk Projects imported from GitLab are set to inactive, and you no longer get alerts, pull requests, or Snyk tests on pull requests. Snyk removes the webhook that enables the integration for this repository. -You can re-connect anytime; however, re-initiating GitLab projects for monitoring requires setting up the integration again. +You can re-connect anytime. However, re-initiating GitLab projects for monitoring requires setting up the integration again. ### GitLab integration Troubleshooting diff --git a/developer-tools/scm-integrations/scm-integrations-and-snyk-broker.md b/developer-tools/scm-integrations/scm-integrations-and-snyk-broker.md index 90431c89c035..90e046de669f 100644 --- a/developer-tools/scm-integrations/scm-integrations-and-snyk-broker.md +++ b/developer-tools/scm-integrations/scm-integrations-and-snyk-broker.md @@ -10,7 +10,7 @@ You can find on [GitHub](https://github.com/snyk/broker/tree/565242baf003f06f445 ## Integrated SCM tokens for classic Broker -An integrated SCM token is required for [Broker client setup](https://app.gitbook.com/s/IgtgtomLQ2TUgSKOMSAm/snyk-broker/classic-broker/prepare-snyk-broker-for-deployment). It is used in the `-e _TOKEN` parameter, for example, `-e GITHUB_TOKEN=xxx…`, to enable access to the SCM. These meet certain permissions needed for the operation of Broker and Snyk Code. +An integrated SCM token is required for [Broker client setup](https://app.gitbook.com/s/IgtgtomLQ2TUgSKOMSAm/snyk-broker/classic-broker/prepare-snyk-broker-for-deployment). You use it in the `-e _TOKEN` parameter, for example, `-e GITHUB_TOKEN=xxx…`, to enable access to the SCM. These tokens meet certain permissions needed for the operation of Broker and Snyk Code. An integrated SCM token can be generated for the following SCM integrations: @@ -67,15 +67,15 @@ https://github.com/settings/apps/new?name=Snyk&description=Snyk%20helps%20you%20 * Snyk EU: `https%3A%2F%2Fapp.eu.snyk.io` * Snyk AU: `https%3A%2F%2Fapp.au.snyk.io` -3. After the value is replaced, navigate to that URL in your browser.\ - This will take you to the app creation screen in your GitHub Cloud instance with all the required details pre-filled. +3. After you replace the value, navigate to that URL in your browser.\ + This takes you to the app creation screen in your GitHub Cloud instance with all the required details pre-filled. 4. Scroll to the end of the page. Ensure that **Any account** is selected, and then click **Create GitHub App**. 5. Make a note of the `ClientId` and `AppId`. Store these safely and treat them as secrets. You must enter these credentials when you create the Universal Broker connection to your GitHub Cloud app. 6. Click the **generate a private key** link.\ This initiates the download of a `.pem` file. Store this file safely and treat it as a secret. You must enter the path to this file when you create the Universal Broker connection to your GitHub Cloud app.\ - Your GitHub Cloud App is now ready to be installed in repositories in your Snyk Organization. + Your GitHub Cloud App is now ready to install in repositories in your Snyk Organization. 7. Scroll to the top of the page and click **Install App** on the navigation panel. Click the **Install** button for your app. -8. Choose where you want to install the app in your GitHub organization. It can be installed in specific repositories or all of them. +8. Choose where you want to install the app in your GitHub organization. You can install it in specific repositories or all of them. {% hint style="info" %} If you choose to install the app only in specific repositories, the app works only in those repositories. You can return to this screen and edit where the app is installed if you want to add it to additional repositories. @@ -105,7 +105,7 @@ Before the GitHub Cloud App can be used with the Universal Broker, you must crea 1. Run the `snyk-broker-config workflows connections create` command. Choose the `github-cloud-app` option and provide the information you are prompted for in the workflow. 2. Run `snyk-broker-config workflows connections integrate` to integrate the newly created connection to the Organization of your choice. Enter the Organization ID when you are prompted. -Visit the integrations page in Snyk to verify that the integration has been configured. +Visit the integrations page in Snyk to verify that the integration is configured. See the [Universal Broker](https://app.gitbook.com/s/IgtgtomLQ2TUgSKOMSAm/snyk-broker/universal-broker) documentation for more details. @@ -137,15 +137,15 @@ To use the GitHub Server App with Universal Broker you must create your own GitH * Snyk AU: https%3A%2F%2Fapp.au.snyk.io * Snyk US-02: https%3A%2F%2Fapp.us.snyk.io -3. After these values are replaced, navigate to that URL in your browser.\ - This will take you to the app creation screen in your GitHub Server instance with all the required details pre-filled. +3. After you replace these values, navigate to that URL in your browser.\ + This takes you to the app creation screen in your GitHub Server instance with all the required details pre-filled. 4. Scroll to the end of the page. Ensure that **Any account** is selected, and then click **Create GitHub App**. 5. Make a note of the `ClientId` and `AppId`. Store these safely and treat them as secrets. You must enter these credentials when you create the Universal Broker connection to your GitHub Server app. 6. Click the **generate a private key** link.\ This initiates the download of a `.pem` file. Store this file safely and treat it as a secret. You must enter the path to this file when you create the Universal Broker connection to your GitHub Server app.\ - Your GitHub Server App is now ready to be installed in repositories in your Snyk Organization. + Your GitHub Server App is now ready to install in repositories in your Snyk Organization. 7. Scroll to the top of the page and click **Install App** on the navigation panel. Click the **Install** button for your app. -8. Choose where you want to install the app in your GitHub organization. It can be installed in specific repositories or all of them. +8. Choose where you want to install the app in your GitHub organization. You can install it in specific repositories or all of them. {% hint style="info" %} If you choose to install the app only in specific repositories, the app works only in those repositories. You can return to this screen and edit where the app is installed if you want to add it to additional repositories. @@ -158,7 +158,7 @@ If you choose to install the app only in specific repositories, the app works on ### Create the Universal Broker connection for your GitHub Server App -Before the GitHub Server App can be used with the Universal Broker, you must create a connection of the `github-server-app` type using the `snyk-broker-config` tool. For more details, see the [Universal Broker](https://app.gitbook.com/s/IgtgtomLQ2TUgSKOMSAm/snyk-broker/universal-broker) documentation. After the connection is created, it can be integrated with one or more Organization(s) of your choice. +Before the GitHub Server App can be used with the Universal Broker, you must create a connection of the `github-server-app` type using the `snyk-broker-config` tool. For more details, see the [Universal Broker](https://app.gitbook.com/s/IgtgtomLQ2TUgSKOMSAm/snyk-broker/universal-broker) documentation. After you create the connection, you can integrate it with one or more Organizations of your choice. #### Prerequisites @@ -174,6 +174,6 @@ Before the GitHub Server App can be used with the Universal Broker, you must cre 1. Run the `snyk-broker-config workflows connections create` command. Choose the `github-server-app` option and provide the information you are prompted for in the workflow. 2. Run `snyk-broker-config workflows connections integrate` to integrate the newly created connection to the Organization of your choice. Enter the Organization ID when you are prompted. -Visit the integrations page in Snyk to see that the integration has been configured. +Visit the integrations page in Snyk to see that the integration is configured. See the [Universal Broker](https://app.gitbook.com/s/IgtgtomLQ2TUgSKOMSAm/snyk-broker/universal-broker) documentation for more details. diff --git a/developer-tools/scm-integrations/user-permissions-and-access-scopes.md b/developer-tools/scm-integrations/user-permissions-and-access-scopes.md index b6922b9a3eb7..cec35aecc1e2 100644 --- a/developer-tools/scm-integrations/user-permissions-and-access-scopes.md +++ b/developer-tools/scm-integrations/user-permissions-and-access-scopes.md @@ -1,6 +1,6 @@ # User permissions and access scopes -Snyk SCM integrations may require different permission requirements based on the connection method. +Snyk SCM integrations can require different permissions based on the connection method. See the following for detailed permission requirements: @@ -28,7 +28,7 @@ A PAT generated for the Group-level GitHub integration requires the following pe For information about token permissions in a brokered integration, see [GitHub - prerequisites and steps to install and configure Broker](https://app.gitbook.com/s/IgtgtomLQ2TUgSKOMSAm/snyk-broker/classic-broker/install-and-configure-snyk-broker/github-prerequisites-and-steps-to-install-and-configure-broker) and [Integrated SCM tokens for Snyk Broker](scm-integrations-and-snyk-broker.md#integrated-scm-tokens-for-classic-broker). {% endhint %} -The Snyk GitHub Enterprise integration is bound to a single user, preferably a GitHub service account. The level of access for the integration is defined by the combination of the user's permissions in GitHub and the access defined for the Personal Access Token (PAT) on that user's account. If the PAT is defined with more permission than the user's GitHub account, the integration will not be able to use that permission. +The Snyk GitHub Enterprise integration is bound to a single user, preferably a GitHub service account. The combination of the user's permissions in GitHub and the access defined for the Personal Access Token (PAT) on that user's account defines the level of access for the integration. If the PAT has more permission than the user's GitHub account, the integration cannot use that permission. The following table details the access scopes required in GitHub and GitHub Enterprise for Personal Access Tokens (PAT) and the scopes required for Snyk to perform the required operations on monitored repositories, such as reading manifest files on a frequent basis and opening fix or upgrade PRs. GitHub custom roles are not supported. @@ -55,7 +55,7 @@ Snyk uses SCM webhooks to: ### GitHub Cloud App permission requirements -The [Snyk GitHub Cloud App](organization-level-integrations/github-cloud-app.md) integration uses role-based access control, meaning access control is not dependent on individual users or their role, it is instead tied to the app entity. +The [Snyk GitHub Cloud App](organization-level-integrations/github-cloud-app.md) integration uses role-based access control. Access control does not depend on individual users or their role; instead, it is tied to the app entity. To set up the GitHub Cloud app integration, you must be a: @@ -64,7 +64,7 @@ To set up the GitHub Cloud app integration, you must be a: * GitHub Repository Admin (if installing through the GitHub UI). {% hint style="info" %} -While some permissions may be optional from GitHub’s perspective, they are necessary to support Snyk functions. These permissions cannot be customized for your individual needs because the app is registered under the Snyk Organization. +While some permissions are optional from GitHub’s perspective, they are necessary to support Snyk functions. You cannot customize these permissions for your individual needs because the app is registered under the Snyk Organization. {% endhint %} The following table states the required GitHub App permissions and scopes: @@ -130,7 +130,7 @@ Scope by Purpose |

Importing new projects to Snyk:
Lists available repos in the Bitbucket instance in the Add Projects screen.

|

read:project:bitbucket

read:workspace:bitbucket

read:account

read:user:bitbucket

| |

Snyk Group Level Integrations:
Required for Inventory and Essentials

|

read:repository:bitbucket

read:user:bitbucket
read:workspace:bitbucket

| -When reviewing the token scopes, they are listed by access level. Please review to ensure that you have the correct scopes: +Bitbucket lists the token scopes by access level. Review them to ensure that you have the correct scopes: | READ | WRITE | | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------- | diff --git a/developer-tools/scm-integrations/workspaces.md b/developer-tools/scm-integrations/workspaces.md index 3dfd4c302ab3..ff617c85602c 100644 --- a/developer-tools/scm-integrations/workspaces.md +++ b/developer-tools/scm-integrations/workspaces.md @@ -1,22 +1,22 @@ # Workspaces {% hint style="info" %} -Workspaces improve the accuracy and reliability of Snyk’s SCM integration results, especially for large-scale enterprise environments. This capability also supports additional functionality and improvements we have planned in the future. For these reasons, Snyk strongly recommends [enabling this option](workspaces.md#manage-workspaces) by default at your Group level. +Workspaces improve the accuracy and reliability of the SCM integration results in Snyk, especially for large-scale enterprise environments. This capability also supports additional functionality and improvements we have planned in the future. For these reasons, Snyk strongly recommends [enabling this option](workspaces.md#manage-workspaces) by default at your Group level. {% endhint %} Workspaces represents a significant step forward in providing you with the most reliable and accurate vulnerability detection possible. -Traditionally, Snyk has accessed repository contents using SCM APIs, which impose primary and secondary rate limits, and content limits. For example, the GitHub.com APIs are rate-limited to allow only a certain number of requests per hour, and there is a limit on the number of tree entries that can be retrieved from the Git database. +Traditionally, Snyk accessed repository contents using SCM APIs, which impose primary and secondary rate limits, and content limits. For example, the GitHub.com APIs are rate-limited to allow only a certain number of requests per hour, and there is a limit on the number of tree entries that can be retrieved from the Git database. -When repository contents are retrieved over these APIs, these limitations inhibit Snyk’s providing a complete analysis in a number of ways, especially across a very large number of repositories, or for repositories containing more than 100,000 files, sometimes referred to as monorepos. +When Snyk retrieves repository contents over these APIs, these limitations inhibit Snyk from providing a complete analysis in a number of ways, especially across a large number of repositories, or for repositories containing more than 100,000 files, sometimes referred to as monorepos. -Through Workspaces, these limitations are removed. +Workspaces removes these limitations. -The accuracy of results is improved in a number of ways through cloning. Since Snyk can access a complete view of a source code repository at a specific commit SHA, including repositories containing more than 100,000 files, the analysis is also more complete through cloning. +Cloning improves the accuracy of results in a number of ways. Because Snyk can access a complete view of a source code repository at a specific commit SHA, including repositories containing more than 100,000 files, the analysis is also more complete through cloning. ## Snyk data ingestion -When Workspaces is enabled, Snyk will ingest, through configured SCM integrations, a temporary and shallow clone of repository contents at a given commit and all commit metadata (including the commit message, authors, and timestamp). +When Workspaces is enabled, Snyk ingests, through configured SCM integrations, a temporary and shallow clone of repository contents at a given commit and all commit metadata (including the commit message, authors, and timestamp). {% hint style="info" %} For more information on Snyk data processing and safeguards concerning Git repo cloning, see [Cache retention period related to vulnerability source data](https://app.gitbook.com/s/ELvljsaLKPkSpffOkmsQ/how-snyk-handles-your-data#cache-retention-period-related-to-vulnerability-source-data) and [Snyk integrations: workspaces](https://app.gitbook.com/s/ELvljsaLKPkSpffOkmsQ/how-snyk-handles-your-data#snyk-integrations-workspaces). @@ -28,15 +28,15 @@ Repositories are cloned using HTTPS. SSH-based clones are unavailable. ## Manage Workspaces -The Workspaces feature is managed through the **Integrations settings** page on the Group or Organization level. To do so, you must be a Snyk Group Admin or Snyk Organization Admin. +You manage the Workspaces feature through the **Integrations settings** page on the Group or Organization level. To do so, you must be a Snyk Group Admin or Snyk Organization Admin. -When Workspaces is enabled at the Group level, all Organizations within that Group have Workspaces enabled. This Group level setting can be overridden by the individual Organization level setting. +When Workspaces is enabled at the Group level, all Organizations in that Group have Workspaces enabled. The individual Organization level setting can override this Group level setting. {% hint style="warning" %} -When a Group level setting is overridden by an Organization level setting, the Organization level setting cannot be modified by any future changes made to the Group level setting. +When an Organization level setting overrides a Group level setting, no future changes to the Group level setting can modify the Organization level setting. {% endhint %} -While you can choose to disable the Workspaces feature, it is important to understand doing so will hinder Snyk’s ability to scan repositories in two specific ways: +While you can choose to disable the Workspaces feature, it is important to understand that doing so hinders the ability of Snyk to scan repositories in two specific ways: -1. Frequency of scanning: With Workspaces disabled, Snyk will analyze repository content through SCM APIs, which typically impose primary and secondary rate limits, and content limits. For example, the GitHub.com APIs are rate-limited to allow only a certain number of requests per hour, which hinders Snyk’s ability to analyze a large number of repositories in any one hour. -2. Completeness of scanning: With the Workspaces feature disabled, Snyk will analyze repo content through SCM APIs, which typically limit the number of tree entries that can be retrieved from the Git database, potentially leading to missed vulnerabilities. This impacts analysis of repositories containing a large number of files, sometimes referred to as monorepos. +1. Frequency of scanning: With Workspaces disabled, Snyk analyzes repository content through SCM APIs, which typically impose primary and secondary rate limits, and content limits. For example, the GitHub.com APIs are rate-limited to allow only a certain number of requests per hour, which hinders the ability of Snyk to analyze a large number of repositories in any one hour. +2. Completeness of scanning: With the Workspaces feature disabled, Snyk analyzes repo content through SCM APIs, which typically limit the number of tree entries that can be retrieved from the Git database, potentially leading to missed vulnerabilities. This impacts analysis of repositories containing a large number of files, sometimes referred to as monorepos. diff --git a/developer-tools/snyk-api/api-end-of-life-eol-process-and-migration-guides/README.md b/developer-tools/snyk-api/api-end-of-life-eol-process-and-migration-guides/README.md index 0772b0bbb376..1288a346dc7b 100644 --- a/developer-tools/snyk-api/api-end-of-life-eol-process-and-migration-guides/README.md +++ b/developer-tools/snyk-api/api-end-of-life-eol-process-and-migration-guides/README.md @@ -1,6 +1,6 @@ # API End of Life (EOL) process and migration guides -This page explains the process, key dates, and milestones associated with the end-of-life (EOL) cycle for all API endpoints. In this documentation, you will also find detailed information about [key dates](api-eol-endpoints-and-key-dates.md) and [migration guides](guides-to-migration/) for API endpoints that are in the end-of-life process. +This page explains the process, key dates, and milestones associated with the end-of-life (EOL) cycle for all API endpoints. In this documentation, you can also find detailed information about [key dates](api-eol-endpoints-and-key-dates.md) and [migration guides](guides-to-migration/) for API endpoints that are in the end-of-life process. ## API End of Life (EOL) process @@ -11,25 +11,25 @@ Snyk GA REST APIs are an evolution of Snyk V1 APIs because the GA REST APIs hav * Improved performance * Specifications for client generation -Snyk EOL for V1 APIs and replacement with GA REST APIs will implement this improvement over the equivalent V1 APIs. As Snyk delivers more GA REST APIs, experimental and beta versions of the REST API will also reach end-of-life. +Snyk EOL for V1 APIs and replacement with GA REST APIs implements this improvement over the equivalent V1 APIs. As Snyk delivers more GA REST APIs, experimental and beta versions of the REST API also reach end-of-life. -Migrating from V1 API to GA REST can be a time-consuming process, and Snyk wants to ensure that you have enough time to factor in and execute migrations so that you can have the best API experience as soon as possible. The process for taking an endpoint (V1, experimental, or beta API) to EOL for seamless migration to GA REST is as follows: +Migrating from V1 API to GA REST can be a time-consuming process, and Snyk wants to ensure that you have enough time to factor in and execute migrations so that you can have the best API experience as soon as possible. The process for taking an endpoint (V1, experimental, or beta API) to EOL for migration to GA REST is as follows: -1. Batches of endpoints will be part of an EOL cycle that begins twice a year: one batch in January and one batch in July. +1. Batches of endpoints are part of an EOL cycle that begins twice a year: one batch in January and one batch in July. 2. API endpoints can be included for EOL only if they have: * A GA REST equivalent or equivalents (except in the rare case where a V1 API does not have or need a GA REST equivalent) * Functionality parity between V1 and GA REST (unless explicitly stated otherwise in the migration guide) * A migration guide by our field specialists for ease of migration -3. Snyk will [publicly announce](http://updates.snyk.io/) which endpoints will be part of an EOL cycle one month before the cycle begins. -4. On the date the EOL begins, the endpoints are deemed **deprecated**. At that point, the documentation of each endpoint will either be **removed** or have a statement added that the endpoint is deprecated. In addition, no new customers will be able to integrate with the endpoint. The endpoint will remain functional for existing customers until the end-of-life date. You can find all of the endpoints reaching end of life and the associated timelines on the [API EOL endpoints and key dates](api-eol-endpoints-and-key-dates.md) page. -5. On a monthly basis during the EOL cadence, Snyk will temporarily halt functionality for the nominated endpoints for a period of time, increasing in duration over the course of the EOL. -6. When we reach the EOL date, the endpoint will stop working, and you will receive an error. +3. Snyk [publicly announces](http://updates.snyk.io/) which endpoints are part of an EOL cycle one month before the cycle begins. +4. On the date the EOL begins, the endpoints are deemed **deprecated**. At that point, Snyk either **removes** the documentation of each endpoint or adds a statement that the endpoint is deprecated. In addition, no new customers can integrate with the endpoint. The endpoint remains functional for existing customers until the end-of-life date. You can find all of the endpoints reaching end of life and the associated timelines on the [API EOL endpoints and key dates](api-eol-endpoints-and-key-dates.md) page. +5. On a monthly basis during the EOL cadence, Snyk temporarily halts functionality for the nominated endpoints for a period of time, increasing in duration over the course of the EOL. +6. When we reach the EOL date, the endpoint stops working, and you receive an error. ## Types of API EOL -The following types of EOL will take place during each cycle: +The following types of EOL take place during each cycle: -1. V1 API: When a GA REST equivalent or equivalents are released, Snyk will aim to include the V1 API in an end-of-life cycle as soon as possible. Users will have a six-month window to migrate off the endpoint, beginning at the public announcement in January and July. -2. Experimental and beta: When Snyk upgrades a REST endpoint to GA that has earlier experimental or beta endpoints or both, Snyk will aim to include them in the EOL cycle as soon as possible. Users will have a 3-month window to migrate off the endpoint (starting from the public announcement in January and July). +1. V1 API: When a GA REST equivalent or equivalents are released, Snyk aims to include the V1 API in an end-of-life cycle as soon as possible. Users have a six-month window to migrate off the endpoint, beginning at the public announcement in January and July. +2. Experimental and beta: When Snyk upgrades a REST endpoint to GA that has earlier experimental or beta endpoints or both, Snyk aims to include them in the EOL cycle as soon as possible. Users have a three-month window to migrate off the endpoint (starting from the public announcement in January and July). -In exceptional circumstances, Snyk may have to announce an EOL for an endpoint outside of the two announcements each year in January and July. Users will receive a one-month notice of the EOL cycle. The time window to migrate off the endpoint will follow the same windows identified for each type of EOL: a V1 API or an experimental or beta endpoint. +In exceptional circumstances, Snyk might have to announce an EOL for an endpoint outside of the two announcements each year in January and July. Users receive a one-month notice of the EOL cycle. The time window to migrate off the endpoint follows the same windows identified for each type of EOL: a V1 API or an experimental or beta endpoint. diff --git a/developer-tools/snyk-api/api-end-of-life-eol-process-and-migration-guides/api-eol-endpoints-and-key-dates.md b/developer-tools/snyk-api/api-end-of-life-eol-process-and-migration-guides/api-eol-endpoints-and-key-dates.md index 2663cfcfc0ab..6c7bbe3ac9b1 100644 --- a/developer-tools/snyk-api/api-end-of-life-eol-process-and-migration-guides/api-eol-endpoints-and-key-dates.md +++ b/developer-tools/snyk-api/api-end-of-life-eol-process-and-migration-guides/api-eol-endpoints-and-key-dates.md @@ -2,7 +2,7 @@ ## APIs at EOL -Beginning July 22, 2024, the following endpoints will follow the EOL process: +Beginning July 22, 2024, the following endpoints follow the EOL process: | Endpoint | Endpoint type | EOL date | Migration guide | | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------- | ---------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | @@ -18,7 +18,7 @@ Beginning July 22, 2024, the following endpoints will follow the EOL process: A brownout occurs when Snyk temporarily suspends an endpoint from being usable, returning a `410 gone` response when a user calls the endpoint. -Snyk brownouts for APIs that are part of an end-of-life cycle will occur at 12:00 UTC. For the end-of-life cycle beginning July 22, 2024, the brownouts will occur on the following dates. Users will see a reminder two weeks before the brownout through an announcement on [updates.snyk.io](http://updates.snyk.io/): +Snyk brownouts for APIs that are part of an end-of-life cycle occur at 12:00 UTC. For the end-of-life cycle beginning July 22, 2024, the brownouts occur on the following dates. Users see a reminder two weeks before the brownout through an announcement on [updates.snyk.io](http://updates.snyk.io/): | Endpoints | Brownout date | Duration | | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------- | -------- | diff --git a/developer-tools/snyk-api/api-end-of-life-eol-process-and-migration-guides/candidates-for-upcoming-api-end-of-life-cadences.md b/developer-tools/snyk-api/api-end-of-life-eol-process-and-migration-guides/candidates-for-upcoming-api-end-of-life-cadences.md index ae51e102dba8..9c5fa15bac20 100644 --- a/developer-tools/snyk-api/api-end-of-life-eol-process-and-migration-guides/candidates-for-upcoming-api-end-of-life-cadences.md +++ b/developer-tools/snyk-api/api-end-of-life-eol-process-and-migration-guides/candidates-for-upcoming-api-end-of-life-cadences.md @@ -2,7 +2,7 @@ This page contains the list of V1, non-GA REST, and older versions of GA REST endpoints that are potential candidates for future end-of-life cadences. To see which endpoints are end-of-life'd, see [API EOL endpoints and key dates](api-eol-endpoints-and-key-dates.md). -If an endpoint is listed in the table below, it does not guarantee that the endpoint will be included in the next end-of-life cadence. In addition, an endpoint can go straight into the next end-of-life cadence without having to be listed in the table below. +If an endpoint is listed in the following table, it does not guarantee that Snyk includes the endpoint in the next end-of-life cadence. In addition, an endpoint can go straight into the next end-of-life cadence without having to be listed in the following table. The endpoints in this list, and in any end-of-life cadence, must adhere to our end-of-life criteria, which require that the endpoints have: @@ -10,7 +10,7 @@ The endpoints in this list, and in any end-of-life cadence, must adhere to our e * Functionality parity between V1 and GA REST (unless explicitly stated otherwise in the migration guide) * A migration guide by our field specialists for ease of migration -Endpoints that are end-of-life'd do not appear in the list that follows, as the list is for future candidates for end-of-life, and can be found on the [API EOL endpoints and key dates](api-eol-endpoints-and-key-dates.md) page. +Endpoints that are end-of-life'd do not appear in the list that follows, because the list is for future candidates for end-of-life, and can be found on the [API EOL endpoints and key dates](api-eol-endpoints-and-key-dates.md) page. | Endpoint | Endpoint Type | Migration Guide | Date Added | | -------- | ------------- | --------------- | ---------- | diff --git a/developer-tools/snyk-api/api-end-of-life-eol-process-and-migration-guides/guides-to-migration/list-all-projects-v1-api-to-rest-api-migration-guide-completed-migration.md b/developer-tools/snyk-api/api-end-of-life-eol-process-and-migration-guides/guides-to-migration/list-all-projects-v1-api-to-rest-api-migration-guide-completed-migration.md index ebba6f81379a..89af3122b1cd 100644 --- a/developer-tools/snyk-api/api-end-of-life-eol-process-and-migration-guides/guides-to-migration/list-all-projects-v1-api-to-rest-api-migration-guide-completed-migration.md +++ b/developer-tools/snyk-api/api-end-of-life-eol-process-and-migration-guides/guides-to-migration/list-all-projects-v1-api-to-rest-api-migration-guide-completed-migration.md @@ -17,7 +17,7 @@ Based on OpenAPI specifications, the Snyk REST API is designed to provide a cons The Projects REST API introduces improved data architecture to facilitate enhanced performance and separation of domains. -Snyk understands that migrating to a new API can be a significant undertaking and wants to support you throughout the process. This comprehensive migration guide is intended to facilitate a seamless transition by providing step-by-step instructions, code examples, and best practices to help you smoothly integrate with the new API. +Snyk understands that migrating to a new API can be a significant undertaking and wants to support you throughout the process. This comprehensive migration guide is intended to facilitate the transition by providing step-by-step instructions, code examples, and best practices to help you integrate with the new API. If you are using the deprecated endpoint, Snyk encourages you to review this migration guide and move all your automations over before Friday, December 22, 2023. @@ -32,7 +32,7 @@ If you are using the deprecated endpoint, Snyk encourages you to review this mig | List all projects v1 API documentation removal | September 22, 2023 | No action needed | | End-of-life: All access to List all projects v1 API will result in a 410 Gone response. | December 22, 2023 | Ensure migration has been completed by this time to avoid disruption to automated workflows | -The following Snyk Tools that use the List all projects v1 API have been updated to use the [REST List all projects API](https://apidocs.snyk.io/?version=2023-05-29#get-/orgs/-org_id-/projects) instead: +The following Snyk Tools that use the List all projects v1 API are updated to use the [REST List all projects API](https://apidocs.snyk.io/?version=2023-05-29#get-/orgs/-org_id-/projects) instead: * [snyk-jira-tickets-for-new-vulns](https://github.com/snyk-tech-services/jira-tickets-for-new-vulns): version 5.0.0 or newer * [snyk-api-ts-client](https://github.com/snyk-labs/snyk-api-ts-client): version 1.11.1 or newer diff --git a/developer-tools/snyk-api/api-end-of-life-eol-process-and-migration-guides/guides-to-migration/rest-issues-experimental-api-to-ga-api-migration-guide.md b/developer-tools/snyk-api/api-end-of-life-eol-process-and-migration-guides/guides-to-migration/rest-issues-experimental-api-to-ga-api-migration-guide.md index 52a9bee63a9e..75b7ff6fb311 100644 --- a/developer-tools/snyk-api/api-end-of-life-eol-process-and-migration-guides/guides-to-migration/rest-issues-experimental-api-to-ga-api-migration-guide.md +++ b/developer-tools/snyk-api/api-end-of-life-eol-process-and-migration-guides/guides-to-migration/rest-issues-experimental-api-to-ga-api-migration-guide.md @@ -3,7 +3,7 @@ {% hint style="info" %} **Important information about Experimental APIs** -An experimental endpoint should be considered unstable and regarded as a tech preview. Experimental versions may introduce breaking changes and may be discontinued at any time. +Consider an experimental endpoint unstable and regard it as a tech preview. Experimental versions can introduce breaking changes and can be discontinued at any time. {% endhint %} ## What's new in the GA REST Issues API? @@ -17,9 +17,9 @@ This version of the API delivers: * **Consistency:** Improved performance and reliability of the REST Issues API * **Depth:** detailed representations for Open Source packages and fixes * **Flexibility:** new filters for tailored API responses -* **Usability:** improved pagination and response management, simplifying the API interaction +* **Usability:** improved pagination and response management for the API interaction -Snyk understands that migrating to a new API can be a significant undertaking and wants to support you throughout the process. This comprehensive migration guide is intended to facilitate a seamless transition by providing step-by-step instructions, code examples, and best practices to help you smoothly integrate with the new API. +Snyk understands that migrating to a new API can be a significant undertaking and wants to support you throughout the process. This comprehensive migration guide is intended to facilitate the transition by providing step-by-step instructions, code examples, and best practices to help you integrate with the new API. If you are using the deprecated endpoint, Snyk encourages you to review this migration guide and move all your automations over. @@ -28,7 +28,7 @@ If you are using the deprecated endpoint, Snyk encourages you to review this mig {% hint style="info" %} **Mapping experimental API issues to GA API issues** -One of the main differences you will see in the table below is that the format of the ID for an issue changes from URI format (consists of key & scan\_item.id) in the Experimental API to UUID in the GA API. To match an issue in the experimental api response to the same issue in the GA API response you can use **key** and the **scan\_item.id**. Note that **scan\_item** is part of the **relationships** block and **key** is part of the **attributes** block. +One of the main differences you see in the following table is that the format of the ID for an issue changes from URI format (consists of key & scan\_item.id) in the Experimental API to UUID in the GA API. To match an issue in the experimental api response to the same issue in the GA API response you can use **key** and the **scan\_item.id**. Note that **scan\_item** is part of the **relationships** block and **key** is part of the **attributes** block. {% endhint %}
FieldsExperimentalGA
classesPresentNo change
coordinatesOnly available for cloud issuesAvailable for cloud and SCA issues and has new fixability fields.

coordinates.is_fixable_manually

coordinates.is_fixable_snyk

coordinates.is_fixable_upstream

coordinates.is_patchable

coordinates.is_pinnable

coordinates.is_upgradeable


Not presentNewly introduced fixability data
coordinates.reachabilityNot presentNewly introduced
coordinates.remediesPresentNo change
representationsPresentNew fields
representations.resourcePathPresentNo change
respresentations.dependencyChainPresentRemoved in favor of representations.dependency
representations.dependencyNot present

Newly introduced replaces representations.

dependencyChain

representations.dependency

.package_name

representations.dependency.

package_version


Not presentNewly introduced as part of represenations.dependency
cloud_resourcePresentNo change
sourceLocationPresentNo change
created_atPresentNo change
description
No change
effective_severity_levelPresentNo change
ignoredPresentNo change
keyPresentNo change
priorityPresentRemoved and replaced with risk
priority.factorsPresentReplaced with risk.factors
priority.scorePresentReplaced with risk.score
riskNot presentNewly introduced - replaces priority
risk.factorsNot presentNewly introduced - replaces priority.factors

risk.factors[i].included_in_score

risk.factors[i].links

risk.factors[i].links.evidence

risk.factors[i].links.evidence.href

risk.factors[i].links.evidence.meta

risk.factors[i].name

risk.factors[i].updated_at

risk.factors[i].value

Not presentNewly introduced
risk.scoreNot presentNewly introduced replaces priority.score

risk.score.model

risk.score.updated_at

risk.score.value

Not present
problemsPresentNo change
resolutionOnly for cloud issuesFor all issue types
severitiesPresent - Not populatedRemoved as not populated and will not be
statusPresentNo change
titlePresentNo change
toolPresentNo change
typePresentNo change
updated_atPresentNo change
idURI format (consists of key & scan_item.id)UUID format
relationships.ignorePresentNo change
relationships.organizationPresentNo change
relationships.policiesPresent - Not populatedRemoved as not populated and will not be
relationships.previousPresent - Not populatedRemoved as not populated and will not be
relationships.scan_itemPresentNo change
relationships.test_executionPresentNo change
diff --git a/developer-tools/snyk-api/api-end-of-life-eol-process-and-migration-guides/guides-to-migration/search-audit-logs-group-and-org-v1-api-to-ga-rest-audit-logs-api-migration-guide.md b/developer-tools/snyk-api/api-end-of-life-eol-process-and-migration-guides/guides-to-migration/search-audit-logs-group-and-org-v1-api-to-ga-rest-audit-logs-api-migration-guide.md index 638dc20b7bb9..de1f6be4d958 100644 --- a/developer-tools/snyk-api/api-end-of-life-eol-process-and-migration-guides/guides-to-migration/search-audit-logs-group-and-org-v1-api-to-ga-rest-audit-logs-api-migration-guide.md +++ b/developer-tools/snyk-api/api-end-of-life-eol-process-and-migration-guides/guides-to-migration/search-audit-logs-group-and-org-v1-api-to-ga-rest-audit-logs-api-migration-guide.md @@ -7,11 +7,11 @@ Based on OpenAPI specifications, the Snyk REST API is designed to provide a cons * Consistent versioning * Improved performance -The Search Audit Logs REST API deprecates offset-based pagination in favour of more performant and consistent cursor-based pagination. Our v1 APIs get slower the higher your page offset becomes and will eventually time out at very high page counts. We’ve improved this considerably in our REST API by using a cursor-based approach that consistently returns results at greater speeds regardless of page count. +The Search Audit Logs REST API deprecates offset-based pagination in favor of more performant and consistent cursor-based pagination. Our v1 APIs get slower the higher your page offset becomes and eventually time out at high page counts. We’ve improved this considerably in our REST API by using a cursor-based approach that consistently returns results at greater speeds regardless of page count. -As well as performance improvements we have also improved filtering capabilities, allowing users to provide multiple include or exclude events for finer-tuned filtering. In a addition to this, the API was only capable of searching for logs within a minimum time-frame of 24 hours, we’ve improved this with higher granularity time stamps [RFC3339](https://datatracker.ietf.org/doc/html/rfc3339), which allows users to search within windows of minutes on a given day. +As well as performance improvements, we have also improved filtering capabilities, letting users provide multiple include or exclude events for finer-tuned filtering. In addition to this, the API was only capable of searching for logs in a minimum time-frame of 24 hours; we’ve improved this with higher granularity time stamps [RFC3339](https://datatracker.ietf.org/doc/html/rfc3339), which lets users search in windows of minutes on a given day. -`` `api.access` `` logs are now excluded by default on all search queries unless explicitly provided as part of the \`events\` parameter. These are typically high-volume low-information logs that are superseded by our explicit action logs, e.g. group.create. Explicit action logs will contain richer contextual information for an action and should be favoured in all cases. +`` `api.access` `` logs are now excluded by default on all search queries unless explicitly provided as part of the \`events\` parameter. These are typically high-volume low-information logs that are superseded by our explicit action logs, for example, group.create. Explicit action logs contain richer contextual information for an action and you should favor them in all cases. Here is what you could use in the v1 endpoints, and their GA REST equivalents: @@ -19,7 +19,7 @@ Here is what you could use in the v1 endpoints, and their GA REST equivalents: ## Response -Audit log event payloads have not changed as part of the REST migration, however, the structure of the response is different to conform to our standardised JSON API responses. +Audit log event payloads have not changed as part of the REST migration; however, the structure of the response is different to conform to our standardized JSON API responses. The V1 response is returned as an array, e.g. @@ -63,7 +63,7 @@ The V1 response is returned as an array, e.g. ` ``` ` -The REST response will contain the same event payload information, however, it will be in the following format: +The REST response contains the same event payload information; however, it is in the following format: ` ``` ` diff --git a/developer-tools/snyk-api/api-end-of-life-eol-process-and-migration-guides/guides-to-migration/v1-reporting-apis-to-export-api-migration-guide.md b/developer-tools/snyk-api/api-end-of-life-eol-process-and-migration-guides/guides-to-migration/v1-reporting-apis-to-export-api-migration-guide.md index 3e6b501be0ec..c160ca8d1686 100644 --- a/developer-tools/snyk-api/api-end-of-life-eol-process-and-migration-guides/guides-to-migration/v1-reporting-apis-to-export-api-migration-guide.md +++ b/developer-tools/snyk-api/api-end-of-life-eol-process-and-migration-guides/guides-to-migration/v1-reporting-apis-to-export-api-migration-guide.md @@ -3,7 +3,7 @@ {% hint style="warning" %} **End of life** -The v1 Reporting API is being deprecated, and future development and support are focused on the [Dataset Export API](../../using-specific-snyk-apis/export-api-specifications-columns-and-filters.md) and the [Issues REST API](../../reference/issues.md). Snyk recommends migrating to the new [Export API](../../using-specific-snyk-apis/export-api-specifications-columns-and-filters.md). +Snyk is deprecating the v1 Reporting API, and future development and support are focused on the [Dataset Export API](../../using-specific-snyk-apis/export-api-specifications-columns-and-filters.md) and the [Issues REST API](../../reference/issues.md). Snyk recommends migrating to the new [Export API](../../using-specific-snyk-apis/export-api-specifications-columns-and-filters.md). {% endhint %} This guide outlines the migration path for all routes in the legacy v1 Reporting API. @@ -25,7 +25,7 @@ The most significant change is the shift from a direct, synchronous request/resp To replace any v1 Reporting API call, follow these steps: 1. Initiate the Export: - 1. Send a `POST` request with your filters to create an export job. You will receive an `export_id`. + 1. Send a `POST` request with your filters to create an export job. You receive an `export_id`. 2. Endpoint: `POST /groups/{group_id}/export` 3. Required Parameters: The body must include the filters (including at least one date filter: introduced or updated) and specify the dataset (issues or usage) in the request header. 2. Validate the Export Status: @@ -33,7 +33,7 @@ To replace any v1 Reporting API call, follow these steps: 2. Endpoint: `GET /groups/{group_id}/jobs/export/{export_id}` 3. Statuses: `PENDING`, `STARTED`, `FINISHED`, `ERROR`. 3. Fetch Results in a CSV: - 1. After `FINISHED`, fetch the results, which will return a self-signed URL to the CSV file. + 1. After `FINISHED`, fetch the results, which return a self-signed URL to the CSV file. 2. Endpoint: `GET /groups/{group_id}/export/{export_id}` {% hint style="info" %} @@ -53,7 +53,7 @@ The v1 issue count endpoints (`/v1/reporting/counts/issues` and `/latest`) relie Key issue: * The legacy v1 issue count endpoints do not include issues from Snyk Code, and do not include issues generated by the most recent Snyk Infrastructure as Code (IaC) engines. -* Action: Migrating to the Export API with the issues dataset will provide a more complete and accurate count of all issues across all Snyk products, including IaC. Any count migration should be aware that the new number will likely be higher and more representative of your total issue landscape. +* Action: Migrating to the Export API with the issues dataset provides a more complete and accurate count of all issues across all Snyk products, including IaC. For any count migration, be aware that the new number is likely to be higher and more representative of your total issue landscape. #### Filter parameter migration @@ -86,11 +86,11 @@ For any v1 filter not listed above (for example, `severity`, `fixable`, `languag #### CSV to JSON Conversion Tool -Since the Export API returns data as CSV, and the legacy API returned JSON, you will likely need to convert the exported file for structured consumption by your application. +Because the Export API returns data as CSV, and the legacy API returned JSON, you likely need to convert the exported file for structured consumption by your application. **Native JSON output** -We are prioritizing adding the ability to export data directly in JSON format. It will be available early November. This feature will simplify data consumption for users migrating from the v1 API. +We are prioritizing adding the ability to export data directly in JSON format. It is available early November. This feature streamlines data consumption for users migrating from the v1 API. **Current workaround script** diff --git a/developer-tools/snyk-api/api-end-of-life-eol-process-and-migration-guides/guides-to-migration/v1-reporting-issues-and-v1-aggregated-issues-apis-to-rest-issues-api-migration-guide.md b/developer-tools/snyk-api/api-end-of-life-eol-process-and-migration-guides/guides-to-migration/v1-reporting-issues-and-v1-aggregated-issues-apis-to-rest-issues-api-migration-guide.md index e9f1f8a0b127..e524d25f4ee0 100644 --- a/developer-tools/snyk-api/api-end-of-life-eol-process-and-migration-guides/guides-to-migration/v1-reporting-issues-and-v1-aggregated-issues-apis-to-rest-issues-api-migration-guide.md +++ b/developer-tools/snyk-api/api-end-of-life-eol-process-and-migration-guides/guides-to-migration/v1-reporting-issues-and-v1-aggregated-issues-apis-to-rest-issues-api-migration-guide.md @@ -11,7 +11,7 @@ This page applies to the following V1 API endpoints: * [Get list of latest issues](../../reference/reporting-api-v1.md#post-reporting-issues-latest) (`POST /reporting/issues/latest`) - not available for customers or partners in the `Snyk-US-02`, `Snyk-EU-01`, and `Snyk-AU-01` regions. * [List all aggregated issues](../../reference/projects-v1.md#post-org-orgid-project-projectid-aggregated-issues) (`POST /org/{orgId}/project/{projectId}/aggregated-issues`) -These APIs are subject to deprecation, and migrating to the REST Issues API immediately is highly recommended. The REST Issues API accommodates multiple regions. +These APIs are subject to deprecation, and Snyk highly recommends migrating to the REST Issues API immediately. The REST Issues API accommodates multiple regions. {% endhint %} ## Key benefits of the REST Issues API @@ -30,7 +30,7 @@ The REST Issues API provides: * Flexibility through new filters for tailored API responses. * Enhanced usability through better pagination and response handling, streamlining API interactions. -This migration guide is intended to facilitate a seamless transition by providing step-by-step instructions, code examples, and best practices to help you smoothly integrate with the new API. +This migration guide is intended to facilitate the transition by providing step-by-step instructions, code examples, and best practices to help you integrate with the new API. If you are using the V1 Issues endpoints, Snyk recommends that you migrate all your automation, API-based reporting, and integrations accordingly, by using the guidance provided here. diff --git a/developer-tools/snyk-api/api-endpoints-index-and-tips/README.md b/developer-tools/snyk-api/api-endpoints-index-and-tips/README.md index 0d69b68dac4e..f038ab03d516 100644 --- a/developer-tools/snyk-api/api-endpoints-index-and-tips/README.md +++ b/developer-tools/snyk-api/api-endpoints-index-and-tips/README.md @@ -19,7 +19,7 @@ See also the following sections on specific APIs: For additional information, see the [API support articles](https://support.snyk.io/s/topic/0TOPU00000BgWMv4AN/snyk-api). -This index includes the categories and names of REST GA and beta and V1 API endpoints, with the URL in the reference docs for each endpoint, and links to related information where available. REST is the default, and GA is the status unless beta is noted. V1 API is specified where applicable. This index is a work in progress; additional information is being added continually. +This index includes the categories and names of REST GA and beta and V1 API endpoints, with the URL in the reference docs for each endpoint, and links to related information where available. REST is the default, and GA is the status unless beta is noted. V1 API is specified where applicable. This index is a work in progress; Snyk adds additional information continually. ## AccessRequests (beta) @@ -337,7 +337,7 @@ The View Project History permission is needed to use this API. Projects can be Git repositories, Docker images, containers, configuration files, and much more. For more information, see [Snyk Projects](https://app.gitbook.com/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-projects); the page includes the [Targets definition](https://app.gitbook.com/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-projects#target). -A typical import starts with using the endpoint [Import targets](../reference/import-projects-v1.md#org-orgid-integrations-integrationid-import) to request a target to be processed. Then, use the endpoint [Get import job details](../reference/import-projects-v1.md#org-orgid-integrations-integrationid-import-jobid) to poll the Import Job AP I for further details on completion and resulting Snyk Projects. +A typical import starts with using the endpoint [Import targets](../reference/import-projects-v1.md#org-orgid-integrations-integrationid-import) to request a target to be processed. Then, use the endpoint [Get import job details](../reference/import-projects-v1.md#org-orgid-integrations-integrationid-import-jobid) to poll the Import Job API for further details on completion and resulting Snyk Projects. ### [Import targets](../reference/import-projects-v1.md#org-orgid-integrations-integrationid-import) and [Get import job details](../reference/import-projects-v1.md#org-orgid-integrations-integrationid-import-jobid) @@ -347,10 +347,10 @@ For information on when and how you can use Import targets, see [Gain visibility If a call to the Import targets endpoint fails, use [Get import job detail](../reference/import-projects-v1.md#org-orgid-integrations-integrationid-import-jobid)s to help determine why. There are two types of failures: -* The repository was rejected for processing, that is, HTTP status code 201 was not returned. This happens if there is an issue Snyk can see quickly for example: +* The repository was rejected for processing, that is, HTTP status code 201 was not returned. This happens if there is an issue Snyk can see quickly, for example: * The repository does not exist. * The repository is unreachable by Snyk because the token is invalid or does not have sufficient permissions; there is no default branch. -* The repository was accepted for processing, that is, the user got back HTTP status code 201 and a url to poll, but no projects were detected or some failed. This may occur because: +* The repository was accepted for processing, that is, the user got back HTTP status code 201 and a url to poll, but no projects were detected or some failed. This can occur because: * There are no Snyk-supported manifests in this repository. * The repository is archived and the Snyk API calls to fetch files fail. * The individual project or manifest had issues during processing. In this case Snyk returns success: false with a message in the log. @@ -610,11 +610,11 @@ More information: [Project type responses from the API](project-type-responses-f ### [Applying (project) attributes](../reference/projects-v1.md#org-orgid-project-projectid-attributes) -By using the API endpoint Applying attributes, you can set attributes for Snyk Projects including business criticality, lifecycle stage, and environment once the project has been created . To do so: +By using the API endpoint Applying attributes, you can set attributes for Snyk Projects including business criticality, lifecycle stage, and environment after the project is created. To do so: * Import the project using the API endpoint [Import targets](../reference/import-projects-v1.md#org-orgid-integrations-integrationid-import). * Get the status API ID from [Import targets](../reference/import-projects-v1.md#org-orgid-integrations-integrationid-import). -* Poll using the endpoint [Import job details](../reference/import-projects-v1.md#org-orgid-integrations-integrationid-import-jobid) until all imports have completed. +* Poll using the endpoint [Import job details](../reference/import-projects-v1.md#org-orgid-integrations-integrationid-import-jobid) until all imports are completed. * Parse the project IDs from the `projectURL` field. * Use the endpoint [Applying attributes](../reference/projects-v1.md#org-orgid-project-projectid-attributes) to set the project attributes. @@ -632,7 +632,7 @@ The Snyk V1 API endpoint [List all aggregated issues](../reference/projects-v1.m ### [List all Projects for an Org with the given Org ID](../reference/projects.md#orgs-org_id-projects) -The query-string parameter for types is optional. The endpoint does not enforce specific project types and will return `no matching projects` if you enter a string that does not match a requested project type. See [Project type responses from the AP](project-type-responses-from-the-api.md)I for a list of project types. +The query-string parameter for types is optional. The endpoint does not enforce specific project types and returns `no matching projects` if you enter a string that does not match a requested project type. See [Project type responses from the API](project-type-responses-from-the-api.md) for a list of project types. **More information:** [Slack app (for Jira integration)](../../integrations/jira-and-slack-integrations/slack-app.md) (Use: Find your Project ID);\ [Snyk Projects](https://app.gitbook.com/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-projects);\ @@ -670,7 +670,7 @@ The V1 Reporting endpoints support only Snyk legacy reporting, not the latest re The V1 Reporting API underlies Snyk legacy reporting. Using the V1 Reporting API, you can find answers to questions like how many issues your Organization has, or how many tests have been conducted in a given time period. -The rate limit is up to 70 requests per minute, per user. For all requests above the limit, the response will have the status code `429: Too many requests`, until requests stop for the duration of the rate-limiting interval (one minute). For more information see [Rate limiting for V1 API](../v1-api.md#rate-limiting). +The rate limit is up to 70 requests per minute, per user. For all requests above the limit, the response has the status code `429: Too many requests`, until requests stop for the duration of the rate-limiting interval (one minute). For more information, see [Rate limiting for V1 API](../v1-api.md#rate-limiting). **More information:** [Dependencies and licenses](https://app.gitbook.com/s/BJO0IZx7zB6bOkotxQP2/prevent/dependencies-and-licenses) @@ -832,7 +832,7 @@ To get a list of issues that have been fixed, use the endpoint [Get list of late ### [Get target by target ID](../reference/targets.md#orgs-org_id-targets-target_id) -This endpoint retrieves a list of Snyk Targets, which is used if you want to delete Targets by target ID. +This endpoint retrieves a list of Snyk Targets, which you use if you want to delete Targets by target ID. ### [Delete target by target ID](../reference/targets.md#orgs-org_id-targets-target_id-1) diff --git a/developer-tools/snyk-api/api-endpoints-index-and-tips/project-issue-paths-api-endpoints.md b/developer-tools/snyk-api/api-endpoints-index-and-tips/project-issue-paths-api-endpoints.md index 3221bc8f95d1..4a0fce3d62f3 100644 --- a/developer-tools/snyk-api/api-endpoints-index-and-tips/project-issue-paths-api-endpoints.md +++ b/developer-tools/snyk-api/api-endpoints-index-and-tips/project-issue-paths-api-endpoints.md @@ -2,7 +2,7 @@ The following provides information in addition to the information in the API Reference for the endpoints [List all project issue paths](../reference/projects-v1.md#org-orgid-project-projectid-issue-issueid-paths) and [List all project snapshot issue paths](../reference/snapshots-v1.md#org-orgid-project-projectid-history-snapshotid-issue-issueid-paths). -The `paths` endpoints provide details of the paths through which an issue has been introduced. +The `paths` endpoints provide details of the paths through which an issue is introduced. **Requests** to the `paths` endpoint are `GET` requests. The endpoints are available at the following URLs: @@ -51,4 +51,4 @@ In this example, an issue is introduced through two different versions of the `l The shortest path is provided first. If an issue applies to the Project itself, it appears as the only element in the path. For issues that apply to dependencies, each path starts with a direct dependency. -The `fixVersion` attribute is provided on the first element of each path when that path is upgradable. If the `version` attribute and `fixVersion` attributes are the same, then the upgrade will only involve re-locking transitive dependencies. +The `fixVersion` attribute is provided on the first element of each path when that path is upgradable. If the `version` attribute and `fixVersion` attributes are the same, then the upgrade involves only re-locking transitive dependencies. diff --git a/developer-tools/snyk-api/api-endpoints-index-and-tips/project-type-responses-from-the-api.md b/developer-tools/snyk-api/api-endpoints-index-and-tips/project-type-responses-from-the-api.md index 39f1830bc655..c4084aac0f50 100644 --- a/developer-tools/snyk-api/api-endpoints-index-and-tips/project-type-responses-from-the-api.md +++ b/developer-tools/snyk-api/api-endpoints-index-and-tips/project-type-responses-from-the-api.md @@ -2,7 +2,7 @@ The Snyk Project type, defined in the V1 API only as `the package manager of the project`, is returned from the [API v1 Projects endpoints](../reference/projects-v1.md) and from the endpoint [List all Projects for an Org with the given Org ID](../reference/projects.md#orgs-org_id-projects). -The following is a list of the possible `type` values that may be returned. +The following is a list of the possible `type` values that the API can return. `apk`\ `armconfig`\ diff --git a/developer-tools/snyk-api/api-endpoints-index-and-tips/scenarios-for-using-the-snyk-api.md b/developer-tools/snyk-api/api-endpoints-index-and-tips/scenarios-for-using-the-snyk-api.md index e17fbcea2539..5e94ec6f6781 100644 --- a/developer-tools/snyk-api/api-endpoints-index-and-tips/scenarios-for-using-the-snyk-api.md +++ b/developer-tools/snyk-api/api-endpoints-index-and-tips/scenarios-for-using-the-snyk-api.md @@ -26,7 +26,7 @@ Scenario: [assign-users-to-all-orgs](https://github.com/snyk-playground/cx-tools ### Add users to organizations at scale ahead of the first login -Scenario: [Provision users to Orgs via API](https://app.gitbook.com/s/IgtgtomLQ2TUgSKOMSAm/user-management/user-management-with-the-api/provision-users-to-organizations-using-the-api) +Scenario: [Provision users to Orgs using the API](https://app.gitbook.com/s/IgtgtomLQ2TUgSKOMSAm/user-management/user-management-with-the-api/provision-users-to-organizations-using-the-api) **Endpoint used:**\ [Provision a user to the organization](../reference/organizations-v1.md#org-orgid-provision) @@ -93,7 +93,7 @@ Scenario: [Broker-token-rotation](https://github.com/snyk-playground/cx-tools/bl [Add new integration](../reference/integrations-v1.md#org-orgid-integrations)\ [Update existing integration](../reference/integrations-v1.md#org-orgid-integrations-integrationid) (to enable Broker) -### For a specific event or time, disable all interactions (pull requests, tests) from Snyk to the code base (source control management repository) +### For a specific event or time, disable all interactions (pull requests, tests) from Snyk to the codebase (source control management repository) Scenario: [disable-all-interaction-from-snyk](https://github.com/snyk-playground/cx-tools/blob/main/scripts/disable-all-interaction-from-snyk.md) (complete procedure) diff --git a/developer-tools/snyk-api/authentication-for-api/README.md b/developer-tools/snyk-api/authentication-for-api/README.md index 9b549678662d..fa887de1fa0b 100644 --- a/developer-tools/snyk-api/authentication-for-api/README.md +++ b/developer-tools/snyk-api/authentication-for-api/README.md @@ -18,7 +18,7 @@ Enterprise users have [access to a personal access token under their profile](./ * Authenticating with the IDE manually * Running API calls one time, for example, to test something -Note that for free and team plan users, the personal token does not have access to the API and may be used for authenticating to IDE, CLI, and CI/CD integrations only. For details, see [Obtain and use your PAT token](https://app.gitbook.com/s/L7HyJj9FsK1W4pNt8Gzl/getting-started-guides/getting-started#obtain-and-use-your-snyk-api-token). +Note that for free and team plan users, the personal token does not have access to the API and can be used for authenticating to IDE, CLI, and CI/CD integrations only. For details, see [Obtain and use your PAT token](https://app.gitbook.com/s/L7HyJj9FsK1W4pNt8Gzl/getting-started-guides/getting-started#obtain-and-use-your-snyk-api-token). For additional information, see [Snyk PAT token permissions users can control](snyk-api-token-permissions-users-can-control.md). @@ -30,11 +30,11 @@ You can create a personal access token through your [account settings](https://a You can find your personal API token in your personal [account settings](https://app.snyk.io/account) after you register with Snyk and log in. In the **key** field, **Click to show**. Then highlight and copy the API key. -If you want a new API token, select **Revoke & Regenerate.** This will make the previous API token invalid. For details, see [Revoke and regenerate a Snyk API token](revoke-and-regenerate-a-snyk-api-token.md). +If you want a new API token, select **Revoke & Regenerate.** This makes the previous API token invalid. For details, see [Revoke and regenerate a Snyk API token](revoke-and-regenerate-a-snyk-api-token.md). ## Authenticating with a personal API token -When using the API directly, provide the API token in an `Authorization: token` header, as in the following example request, replacing `API_TOKEN` with your token +When using the API directly, provide the API token in an `Authorization: token` header, as in the following example request, replacing `API_TOKEN` with your token. ```bash curl --request GET \ @@ -54,4 +54,4 @@ curl --request GET \ --header "Authorization: bearer API_TOKEN" ``` -Otherwise, a `401 Unauthorized` error will be returned. +Otherwise, Snyk returns a `401 Unauthorized` error. diff --git a/developer-tools/snyk-api/authentication-for-api/personal-access-tokens-pats.md b/developer-tools/snyk-api/authentication-for-api/personal-access-tokens-pats.md index 06bd8ed45e87..1e89a2094873 100644 --- a/developer-tools/snyk-api/authentication-for-api/personal-access-tokens-pats.md +++ b/developer-tools/snyk-api/authentication-for-api/personal-access-tokens-pats.md @@ -4,34 +4,34 @@ A Personal Access Token (PAT) is a credential used to authenticate API, CLI, and IDE workflows. -At any given time, you can have up to three active PATs. This is primarily to allow for downtime-free rotation journeys, where the new token can be created ahead of the old one expiring. PATs can be named, and you can choose their expiration up to a maximum of 90 days ahead. Names are solely there to help you identify tokens; they have no functional impact. Users cannot create PATs that live for more than 90 days. +At any given time, you can have up to three active PATs. This allows for downtime-free rotation, where you can create the new token before the old one expires. You can name PATs and choose their expiration up to a maximum of 90 days ahead. Names help you identify tokens and have no functional impact. You cannot create PATs that live for more than 90 days. -PATs are revealed only upon creation, and never after this point. Users must ensure they safely store the token itself, as the only option after this will be to revoke and create another. +Snyk reveals PATs only upon creation, never after this point. You must safely store the token itself, because the only option afterward is to revoke and create another. -PATs can only be created through the UI, but can be revoked through the UI and API. +You can create PATs only through the UI, but you can revoke them through the UI and API. -You can see the name, created date and expiry for each token of a PAT (but not the token), and these details can be seen in the UI and through the API. +You can see the name, created date, and expiry for each PAT, but not the token, in the UI and through the API. -## Generating a new token (UI Only) +## Generating a new token (UI only) 1. In your account settings area, select the **Personal access tokens** tab.
-2. In the Name field, enter the name that you would like to provide your PAT. The names are solely there to help you distinguish between your PATs, and provide no other purpose. -3. To set an expiry date, select the Expiry drop-down and select a date for your PAT to expire. The maximum date you can pick is 90 days ahead. No PAT can be created with a longer expiry. +2. In the **Name** field, enter a name for your PAT. Names help you distinguish between your PATs and serve no other purpose. +3. To set an expiry date, select the **Expiry** dropdown and select a date for your PAT to expire. The maximum date you can pick is 90 days ahead. You cannot create a PAT with a longer expiry.
-4. Click **Generate new token**. You have generated your PAT and will see a window appear with your token. Click **Copy** to copy your token. This is the only time the Snyk Platform will share this token with you. You must store it in a secure and accessible location as you cannot retrieve it later. +4. Click **Generate new token**. Snyk generates your PAT and a window appears with your token. Click **Copy** to copy your token. This is the only time the Snyk Platform shares this token with you. You must store it in a secure and accessible location, because you cannot retrieve it later.
-5. If you have three PATs already, you will not be able to create another one. You must revoke one of them before being able to create any more. +5. If you already have three PATs, you cannot create another one. You must revoke one of them before you can create any more. ## Revoking a token 1. In your account settings area, select the **Personal access tokens** tab. -2. Next to the token that you would like to revoke, click Revoke. This results in your token being revoked. Token revocation cannot be reverted. +2. Next to the token you want to revoke, click **Revoke**. Snyk revokes your token. You cannot revert token revocation.
diff --git a/developer-tools/snyk-api/authentication-for-api/revoke-and-regenerate-a-snyk-api-token.md b/developer-tools/snyk-api/authentication-for-api/revoke-and-regenerate-a-snyk-api-token.md index 5683fef42253..7ff8a9dd6890 100644 --- a/developer-tools/snyk-api/authentication-for-api/revoke-and-regenerate-a-snyk-api-token.md +++ b/developer-tools/snyk-api/authentication-for-api/revoke-and-regenerate-a-snyk-api-token.md @@ -1,7 +1,7 @@ # Revoke and regenerate a Snyk API token {% hint style="warning" %} -When an API token is revoked, all integrations using that key immediately stop working. Proceed with caution! +When you revoke an API token, all integrations using that key immediately stop working. Proceed with caution. {% endhint %} If you suspect an API token has been leaked, it is good practice to revoke that token and generate a new one to use in its place. @@ -10,4 +10,4 @@ To revoke your Snyk user API token, navigate to your personal General Account Se ![API token screen, Revoke & Regenerate button](../../.gitbook/assets/account-settings-general-auth-token.png) -Click the **Revoke & Regenerate** button to revoke your API token. A new one will be generated in its place. You can now copy the newly generated API token and update integrations that used the old token. +Click **Revoke & Regenerate** to revoke your API token. Snyk generates a new one in its place. You can now copy the newly generated API token and update integrations that used the old token. diff --git a/developer-tools/snyk-api/authentication-for-api/snyk-api-token-permissions-users-can-control.md b/developer-tools/snyk-api/authentication-for-api/snyk-api-token-permissions-users-can-control.md index 25a0f026abc6..8010cd09d134 100644 --- a/developer-tools/snyk-api/authentication-for-api/snyk-api-token-permissions-users-can-control.md +++ b/developer-tools/snyk-api/authentication-for-api/snyk-api-token-permissions-users-can-control.md @@ -1,7 +1,7 @@ # Snyk API token permissions users can control -To set an API token to have read-only permissions so the user is unable to write to the platform, use a service account and set it to Group Viewer. +To set an API token to have read-only permissions so the user cannot write to the platform, use a service account and set it to Group Viewer. -Service accounts at the Organization level have only Organization Admin and Organization Collaborator permissions. Thus, to set a service account to view only, you must use a Group-level service account. +Service accounts at the Organization level have only Organization Admin and Organization Collaborator permissions. So, to set a service account to view only, you must use a Group-level service account. For more information see [Service accounts](https://app.gitbook.com/s/IgtgtomLQ2TUgSKOMSAm/service-accounts/service-accounts). diff --git a/developer-tools/snyk-api/reference/aibom.md b/developer-tools/snyk-api/reference/aibom.md index 8bb00b8202c9..a65b15ef02dc 100644 --- a/developer-tools/snyk-api/reference/aibom.md +++ b/developer-tools/snyk-api/reference/aibom.md @@ -1,4 +1,4 @@ -# AiBom +# AI-BOM {% hint style="info" %} This document uses the REST API. For more details, see the [Authentication for API](../authentication-for-api/) page. diff --git a/developer-tools/snyk-api/reference/dependencies-v1.md b/developer-tools/snyk-api/reference/dependencies-v1.md index 0c1291fd61dd..b46fa791b7a6 100644 --- a/developer-tools/snyk-api/reference/dependencies-v1.md +++ b/developer-tools/snyk-api/reference/dependencies-v1.md @@ -1,7 +1,7 @@ # Dependencies (v1) {% hint style="info" %} -This document uses the v1 API, which will eventually be deprecated, as further Snyk developments are now focused on the REST API. For more details, see the [v1 API](../v1-api.md). +This document uses the v1 API, which Snyk plans to deprecate, because Snyk now focuses development on the REST API. For more details, see the [v1 API](../v1-api.md). {% endhint %} Dependencies are packages or modules that your Projects depend on. diff --git a/developer-tools/snyk-api/reference/entitlements-v1.md b/developer-tools/snyk-api/reference/entitlements-v1.md index 5ecc16571747..ce1e84224824 100644 --- a/developer-tools/snyk-api/reference/entitlements-v1.md +++ b/developer-tools/snyk-api/reference/entitlements-v1.md @@ -1,7 +1,7 @@ # Entitlements (v1) {% hint style="info" %} -This document uses the v1 API, which will eventually be deprecated, as further Snyk developments are now focused on the REST API. For more details, see the [v1 API](../v1-api.md). +This document uses the v1 API, which Snyk plans to deprecate, because Snyk now focuses development on the REST API. For more details, see the [v1 API](../v1-api.md). {% endhint %} {% openapi src="../../.gitbook/assets/v1-api-spec.yaml" path="/org/{orgId}/entitlements" method="get" %} diff --git a/developer-tools/snyk-api/reference/import-projects-v1.md b/developer-tools/snyk-api/reference/import-projects-v1.md index d817dc77eb52..3fa4343cbcae 100644 --- a/developer-tools/snyk-api/reference/import-projects-v1.md +++ b/developer-tools/snyk-api/reference/import-projects-v1.md @@ -4,7 +4,7 @@ This document uses the v1 API, which will eventually be deprecated, as further Snyk developments are now focused on the REST API. For more details, see the [v1 API](../v1-api.md). {% endhint %} -You can use this API to import projects into Snyk. Projects imported can be Git repositories, Docker images, containers, configuration files, and much more. See the [Projects and Targets documentation](https://docs.snyk.io/scan-fix-and-prevent/scan-with-snyk/snyk-projects#target) for more information. A typical import would start with requesting a target to be processed and then polling the Import Job API for more details on completion of an import and the resulting Snyk Projects. +You can use this API to import Projects into Snyk. Imported Projects can be Git repositories, Docker images, containers, and configuration files. See the [Projects and Targets documentation](https://docs.snyk.io/scan-fix-and-prevent/scan-with-snyk/snyk-projects#target) for more information. A typical import starts by requesting a target to be processed, then polls the Import Job API for details about the completion of an import and the resulting Snyk Projects. {% openapi src="../../.gitbook/assets/v1-api-spec.yaml" path="/org/{orgId}/integrations/{integrationId}/import" method="post" %} [v1-api-spec.yaml](../../.gitbook/assets/v1-api-spec.yaml) diff --git a/developer-tools/snyk-api/reference/licenses-v1.md b/developer-tools/snyk-api/reference/licenses-v1.md index 465b0b9907ba..83b841883c1e 100644 --- a/developer-tools/snyk-api/reference/licenses-v1.md +++ b/developer-tools/snyk-api/reference/licenses-v1.md @@ -4,7 +4,7 @@ This document uses the v1 API, which will eventually be deprecated, as further Snyk developments are now focused on the REST API. For more details, see the [v1 API](../v1-api.md). {% endhint %} -**Note:** When you import or update Projects, changes will be reflected in the endpoint results after a one-hour delay. +**Note:** When you import or update Projects, the endpoint results reflect the changes after a one-hour delay. {% openapi src="../../.gitbook/assets/v1-api-spec.yaml" path="/org/{orgId}/licenses" method="post" %} [v1-api-spec.yaml](../../.gitbook/assets/v1-api-spec.yaml) diff --git a/developer-tools/snyk-api/reference/reporting-api-v1.md b/developer-tools/snyk-api/reference/reporting-api-v1.md index cfe3d999bf2f..7c5b0c3897f2 100644 --- a/developer-tools/snyk-api/reference/reporting-api-v1.md +++ b/developer-tools/snyk-api/reference/reporting-api-v1.md @@ -9,7 +9,7 @@ The endpoints in this category support only Snyk legacy reporting, not the lates {% endhint %} Using the Reporting API, you can find answers to questions like how many issues your Organization has, or how many tests have been conducted in a given time period. -The rate limit is up to **70 requests per minute, per user**. All requests above the limit will get a response with the status code `429 - Too many requests` until requests stop for the duration of the rate-limiting interval (one minute). +The rate limit is up to **70 requests per minute, per user**. Requests above the limit receive a response with the status code `429 - Too many requests` until requests stop for the duration of the rate-limiting interval (one minute). {% openapi src="../../.gitbook/assets/v1-api-spec.yaml" path="/reporting/issues" method="post" %} [v1-api-spec.yaml](../../.gitbook/assets/v1-api-spec.yaml) diff --git a/developer-tools/snyk-api/rest-api/about-the-rest-api.md b/developer-tools/snyk-api/rest-api/about-the-rest-api.md index 6c333e1423d7..5ad5e358880c 100644 --- a/developer-tools/snyk-api/rest-api/about-the-rest-api.md +++ b/developer-tools/snyk-api/rest-api/about-the-rest-api.md @@ -16,13 +16,13 @@ This API is available only over HTTPS. Calling this API over HTTP will yield a 4 The Snyk REST API generally adheres to the [JSON:API standard](https://jsonapi.org/), with some [caveats](https://github.com/snyk/sweater-comb/blob/main/docs/principles/jsonapi.md). JSON:API is an opinionated specification for how a client should request and modify resources and how a server should respond to requests. -When using the REST API, send all requests which contain data with the header: +When using the REST API, send all requests that contain data with the header: ``` Content-Type: application/vnd.api+json ``` -Otherwise a 400 "Bad Request" response will be returned. +Otherwise, Snyk returns a 400 "Bad Request" response. ```json HTTP/1.1 400 Bad Request @@ -42,9 +42,9 @@ HTTP/1.1 400 Bad Request ### Using versions dated on or after 2024-10-15 -The API Reference examples include `?version=text` as a placeholder, where `text` represents the required date-formatted version string. Snyk recommends using `2024-10-15` for the version number unless you are using an earlier version for a specific reason. You can use the current day's date; this will call the most recent version of the API. The format for the date is `YYYY-MM-DD`. +The API Reference examples include `?version=text` as a placeholder, where `text` represents the required date-formatted version string. Snyk recommends using `2024-10-15` for the version number unless you are using an earlier version for a specific reason. You can use the current day's date to call the most recent version of the API. The format for the date is `YYYY-MM-DD`. -### Using versions dated prior to 2024-10-15 +### Using versions dated before 2024-10-15 The following information applies to calling versions earlier than 2024-10-15. The Snyk REST API has per-endpoint version contracts. For information about the differences in GA versions, see the [API Changelog](../changelog.md). Each endpoint can have its own release and support lifecycle, independent of any other endpoint in the Snyk REST API. In its most explicit form, the endpoint version number includes a date and stability tree, for example: @@ -54,9 +54,9 @@ The following information applies to calling versions earlier than 2024-10-15. T This version number indicates that the requested endpoint should be at stability level `2023-11-27` or older `beta`. The possible stability levels are: -* `ga` - Generally Available, the default. Snyk will support these for at least six months after the next GA release. -* `beta` - Beta. Snyk will support these for at least three months after the next beta or GA release. -* `experimental` - Experimental. An experimental endpoint should be considered unstable and regarded as a tech preview. Experimental versions may introduce breaking changes and may be discontinued at any time. +* `ga` - Generally Available, the default. Snyk supports these for at least six months after the next GA release. +* `beta` - Beta. Snyk supports these for at least three months after the next beta or GA release. +* `experimental` - Experimental. Consider an experimental endpoint to be unstable and a tech preview. Experimental versions can introduce breaking changes and Snyk can discontinue them at any time. In the default case of Generally Available, there is no stability level specified in the version number itself, that is, only the date is present, for example: @@ -68,9 +68,9 @@ This means the requested endpoint should be 2023-11-27 or older on the Generally When the requested endpoint is at a specific stability level, Snyk serves the latest version, the version released on or before the requested date, or that stability or higher. For example, if the requested endpoint has a beta version at 2023-09-29 and GA version at 2024-01-23, and the requested endpoint is after 2024-01-23\~beta, Snyk resolves to the GA version. -Granular version controls enable Snyk to introduce progressive enhancements. These may require small or minor backward-incompatible changes. However, using granular version controls means Snyk can deliver rapid enhancements more quickly while supporting existing endpoints for a guaranteed period of time. +Granular version controls let Snyk introduce progressive enhancements. These can require small or minor backward-incompatible changes. However, using granular version controls means Snyk can deliver rapid enhancements more quickly while supporting existing endpoints for a guaranteed period of time. -After an endpoint is marked as deprecated, it will contain a `Sunset` header indicating the date at which that endpoint contract will no longer be supported. For example: +After an endpoint is marked as deprecated, it contains a `Sunset` header indicating the date on which that endpoint contract is no longer supported. For example: ``` Sunset: "2021-11-11" @@ -82,7 +82,7 @@ All endpoints in the Snyk REST API are paginated using _cursor-based_ pagination To mitigate the possibility of inconsistent results, by default, Snyk sorts by insertion order, so it is not possible to have items inserted on a prior page. However, if you specify the `sort` parameter, consistent pagination is no longer guaranteed. If you see inconsistent results, you can submit a new request. If consistent pagination is important to your workflow, use the default insertion sort order. -Whenever you receive an API response, it will contain appropriate links in the body of the response as follows: +Whenever you receive an API response, it contains appropriate links in the body of the response as follows: ```json { @@ -121,6 +121,6 @@ Errors conform to the JSON:API specification and include path-based information ## Rate limiting -There is a limit of **1620 requests per minute**, per API key. All requests above the limit will get a response with the status code `429` - `Too many requests` until requests stop for the duration of the rate-limiting interval (one minute). +There is a limit of **1620 requests per minute**, per API key. All requests above the limit get a response with the status code `429` - `Too many requests` until requests stop for the duration of the rate-limiting interval (one minute). -From time to time, Snyk may introduce new rate limits to maintain overall system health. This is not considered a breaking change. All clients are expected to handle the `429` responses correctly and such requests can be retried later safely. +From time to time, Snyk can introduce new rate limits to maintain overall system health. This is not considered a breaking change. All clients are expected to handle the `429` responses correctly, and such requests can be retried later safely. diff --git a/developer-tools/snyk-api/snyk-api.md b/developer-tools/snyk-api/snyk-api.md index 27f61b91c0fc..5b9777d30ffc 100644 --- a/developer-tools/snyk-api/snyk-api.md +++ b/developer-tools/snyk-api/snyk-api.md @@ -6,22 +6,22 @@ The majority of Snyk APIs are restricted to use by Enterprise plan customers onl For more information, see [Plans and pricing](https://snyk.io/plans). {% endhint %} -The Snyk API allows customers to integrate programmatically with Snyk. +The Snyk API lets customers integrate programmatically with Snyk. The [Snyk REST API ](rest-api/about-the-rest-api.md) and the [V1 API](v1-api.md) are available in the Snyk API [Reference](reference/). Additional endpoints are available in the [OAuth2 API reference](oauth2-api.md). ## Automating Snyk processes -The Snyk API enables developers to automate Snyk processes to accomplish their specific workflows, ensuring consistency in both developer experience and platform governance. +The Snyk API lets developers automate Snyk processes to accomplish their specific workflows, ensuring consistency in both developer experience and platform governance. Use the API when you want to customize, integrate, and automate Snyk processes as part of your specific workflows. ## Deciding to use the API, the CLI, or an SCM integration -You may decide to use an API rather than the CLI or an integration. When you decide, consider possible differences in the output for the API, the CLI, and integrations. +You can decide to use an API rather than the CLI or an integration. When you decide, consider possible differences in the output for the API, the CLI, and integrations. -For example, for many package managers, using the API will be less accurate than running the Snyk CLI as part of your build pipe or locally on your package. More than one version of a package may fit the requirements in manifest files. +For example, for many package managers, using the API is less accurate than running the Snyk CLI as part of your build pipe or locally on your package. More than one version of a package can fit the requirements in manifest files. Running the CLI locally tests the actual deployed code and creates an accurate snapshot of the dependency versions in use. The API infers a snapshot, with inferior accuracy. Note that the Snyk CLI can output machine-readable JSON (`snyk test --json`). -You can allow Snyk access to your development flow by using Snyk integrations. The advantage is having Snyk monitor every new pull request and suggest fixes by opening new pull requests. You can integrate Snyk directly with your source code management (SCM) tool, or by using a Broker to allow greater security and auditability. +You can allow Snyk access to your development flow by using Snyk integrations. The advantage is having Snyk monitor every new pull request and suggest fixes by opening new pull requests. You can integrate Snyk directly with your source code management (SCM) tool, or by using a Broker for greater security and auditability. diff --git a/developer-tools/snyk-api/using-specific-snyk-apis/export-api-specifications-columns-and-filters.md b/developer-tools/snyk-api/using-specific-snyk-apis/export-api-specifications-columns-and-filters.md index e01110fd27e8..92321319d111 100644 --- a/developer-tools/snyk-api/using-specific-snyk-apis/export-api-specifications-columns-and-filters.md +++ b/developer-tools/snyk-api/using-specific-snyk-apis/export-api-specifications-columns-and-filters.md @@ -1,6 +1,6 @@ # Export API: Specifications, columns, and filters -The Export API, which Snyk Analytics supports, makes it easier to export data by allowing users to create and manage CSV files. These files are safely stored by Snyk. Designed for efficiency and security, the Export API helps users organize and scale the export of large datasets, which is useful for reporting and analytics tasks. +The Export API, which Snyk Analytics supports, makes it easier to export data by letting users create and manage CSV files. Snyk stores these files safely. Designed for efficiency and security, the Export API helps users organize and scale the export of large datasets, which is useful for reporting and analytics tasks. You can use the Export API to export the Snyk `issues`, `usage events`, `pr checks`, `pr checks project adoption`, and `pr checks integration adoption` datasets in the scope of `Snyk Organization` or `Snyk Group`. Navigate to the [available columns and filters](export-api-specifications-columns-and-filters.md#available-columns-and-filters) section to see the full lists. @@ -48,7 +48,7 @@ GET /groups/{group_id}/export/{export_id} ### Data freshness -The data provided by the Export API service updates approximately every two hours. Given the data freshness, cyclic exports should not be scheduled more frequently than once every two hours. +The data provided by the Export API service updates approximately every two hours. Given the data freshness, do not schedule cyclic exports more frequently than once every two hours. ### Rate limits @@ -57,12 +57,12 @@ The API is limited by: * The export `POST` endpoint allows up to 20 export requests per hour, while the status checks and results retrieval are unlimited. {% hint style="info" %} -Given that the data is typically refreshed every two hours, Snyk anticipates that the applied rate limits will allow comfortable consumption. Snyk recommends requesting an export per relevant Group once in a few hours or on a daily basis. +Given that the data is typically refreshed every two hours, Snyk anticipates that the applied rate limits allow comfortable consumption. Snyk recommends requesting an export per relevant Group once in a few hours or on a daily basis. {% endhint %} ### Data retention -The exported CSV files will remain available for a period of three days. +The exported CSV files remain available for a period of three days. {% hint style="danger" %} While the files are accessible for three days, the self-signed link to retrieve the export results is available only for 60 minutes after its creation by default. Users can limit the link expiration by passing a value between 0 and 3600 to the `url_expiration_seconds` attribute. diff --git a/developer-tools/snyk-api/using-specific-snyk-apis/issues-list-issues-for-a-package.md b/developer-tools/snyk-api/using-specific-snyk-apis/issues-list-issues-for-a-package.md index baf32227c905..a0dc1b53c6c6 100644 --- a/developer-tools/snyk-api/using-specific-snyk-apis/issues-list-issues-for-a-package.md +++ b/developer-tools/snyk-api/using-specific-snyk-apis/issues-list-issues-for-a-package.md @@ -1,8 +1,8 @@ # Issues: List issues for a package -The Snyk REST API endpoint [List issues for a package](../reference/issues.md#orgs-org_id-packages-purl-issues) can be used to get all direct (non-transitive) vulnerabilities for a package using its `purl`, which is a uniform way of identifying software packages across ecosystems as defined in the [package URL specification](https://github.com/package-url/purl-spec). +Use the Snyk REST API endpoint [List issues for a package](../reference/issues.md#orgs-org_id-packages-purl-issues) to get all direct (non-transitive) vulnerabilities for a package using its `purl`, which is a uniform way of identifying software packages across ecosystems as defined in the [package URL specification](https://github.com/package-url/purl-spec). -When you pass a `purl` to the endpoint, Snyk will find any known vulnerabilities for that package and return them as part of the response body. +When you pass a `purl` to the endpoint, Snyk finds any known vulnerabilities for that package and returns them as part of the response body. The API is useful when you have a list of packages and want to retrieve a list of vulnerabilities for a package version. @@ -12,7 +12,7 @@ The examples on this page use [HTTPie](https://httpie.io/), but you can use any ## Supported purl types -The current release supports the following `purl` types: `apk`, `cargo`, `cocoapods`, `conan`, `composer`, `deb`, `gem`, `generic`, `golang`, `hex`, `npm`, `nuget`, `pub`, `pypi`, `rpm`, `swift` and `maven`. +The current release supports the following `purl` types: `apk`, `cargo`, `cocoapods`, `conan`, `composer`, `deb`, `gem`, `generic`, `golang`, `hex`, `npm`, `nuget`, `pub`, `pypi`, `rpm`, `swift`, and `maven`. If you are interested in support for additional ecosystems, submit a request to [Snyk Support](https://support.snyk.io). @@ -38,7 +38,7 @@ $ http \ version==2024-06-26 ``` -For operating system packages, a vendor must be specified in the namespace portion, and a `distro` qualifier must be specified. Supported vendors include: `debian`, `alpine`, `rhel`, `ubuntu`, `amzn`, `centos`, `oracle`, `rocky`, `sles`. +For operating system packages, you must specify a vendor in the namespace portion and a `distro` qualifier. Supported vendors include `debian`, `alpine`, `rhel`, `ubuntu`, `amzn`, `centos`, `oracle`, `rocky`, and `sles`. An example using a valid url-encoded operating system purl follows: @@ -240,7 +240,7 @@ Where applicable, **pagination links for the results** are included as follows: ## Troubleshooting for the List issues for a package endpoint -The following are **error states** that you may receive when using the API. If you experience issues not covered here or are having trouble resolving these, contact your Solution Engineer or Technical Success Manager, or submit a request to [Snyk Support](https://support.snyk.io). +The following are **error states** that you can receive when using the API. If you experience issues not covered here or are having trouble resolving these, contact your Solution Engineer or Technical Success Manager, or submit a request to [Snyk Support](https://support.snyk.io). **Invalid PURL**\ 400\ @@ -264,7 +264,7 @@ To get access, contact your Solutions Engineer or Technical Success Manager, or **Rate limit exceeded**\ 429\ -180 requests per minute per user are permitted on this API endpoint. If you exceed this volume, you will receive a 429 error response code. +180 requests per minute per user are permitted on this API endpoint. If you exceed this volume, you receive a 429 error response code. **Invalid pagination parameters**\ 400\ diff --git a/developer-tools/snyk-api/using-specific-snyk-apis/sbom-apis/README.md b/developer-tools/snyk-api/using-specific-snyk-apis/sbom-apis/README.md index 8d945a0572e6..6723b158d06f 100644 --- a/developer-tools/snyk-api/using-specific-snyk-apis/sbom-apis/README.md +++ b/developer-tools/snyk-api/using-specific-snyk-apis/sbom-apis/README.md @@ -1,6 +1,6 @@ # SBOM APIs -Information about how to use the following API endpoints is provided: +This section describes how to use the following API endpoints: * [Get a project’s SBOM document](rest-api-get-a-projects-sbom-document.md) * [Test an SBOM document for vulnerabilities](rest-api-endpoint-test-an-sbom-document-for-vulnerabilities.md) diff --git a/developer-tools/snyk-api/using-specific-snyk-apis/sbom-apis/rest-api-endpoint-test-an-sbom-document-for-vulnerabilities.md b/developer-tools/snyk-api/using-specific-snyk-apis/sbom-apis/rest-api-endpoint-test-an-sbom-document-for-vulnerabilities.md index 658fbd6090c5..766f7bbce39a 100644 --- a/developer-tools/snyk-api/using-specific-snyk-apis/sbom-apis/rest-api-endpoint-test-an-sbom-document-for-vulnerabilities.md +++ b/developer-tools/snyk-api/using-specific-snyk-apis/sbom-apis/rest-api-endpoint-test-an-sbom-document-for-vulnerabilities.md @@ -5,7 +5,7 @@ The Snyk REST API is available only for Enterprise plans. For more information, see [Plans and pricing](https://snyk.io/plans). -These endpoints are beta API versions. Some of the functionality may change. For more information, see the [Versioning](../../rest-api/about-the-rest-api.md#versioning) information for the REST API. +These endpoints are beta API versions. Some of the functionality can change. For more information, see the [Versioning](../../rest-api/about-the-rest-api.md#versioning) information for the REST API. {% endhint %} Snyk offers a [collection of API endpoints](https://apidocs.snyk.io/?version=2024-09-03%7Ebeta#post-/orgs/-org_id-/sbom_tests) to asynchronously test a software bill of materials (SBOM) document. You can use these endpoints to learn more about the vulnerabilities impacting your SBOM and its packages. @@ -89,7 +89,7 @@ curl --request POST \ You can check the status of the test at any time after the initial request. 1. Using the `job_id` returned from the initial request to the endpoint [Create an SBOM test run](https://apidocs.snyk.io/?version=2024-09-03%7Ebeta#post-/orgs/-org_id-/sbom_tests), make a request to the endpoint [Gets an SBOM test run status](https://apidocs.snyk.io/?version=2024-09-03%7Ebeta#get-/orgs/-org_id-/sbom_tests/-job_id-). -2. A successful request to this endpoint returns the status of your test, which can either be `processing` or `finished`. If the call is not successful, an error will be returned. +2. A successful request to this endpoint returns the status of your test, which can either be `processing` or `finished`. If the call is not successful, Snyk returns an error. ```bash curl --get \ @@ -116,9 +116,9 @@ The following response code indicates success. **201 Created** -The SBOM test run was successfully created. The response body contains the job ID of the test run. +Snyk successfully created the SBOM test run. The response body contains the job ID of the test run. -The following are error states that you may receive when using the API. If you experience issues not covered here or are having trouble resolving these, contact your Solutions Engineer or Technical Success Manager, or submit a request to [Snyk Support](https://support.snyk.io). +The following are error states that you can receive when using the API. If you experience issues not covered here or are having trouble resolving these, contact your Solutions Engineer or Technical Success Manager, or submit a request to [Snyk Support](https://support.snyk.io). **400 Bad Request** @@ -134,7 +134,7 @@ You do not have the permissions required to make the request. This can happen if **429 Too Many Requests** -Since the Snyk API is rate-limited, an excessive number of requests will eventually start to be rejected. You need to wait before making any further requests. +Since the Snyk API is rate-limited, an excessive number of requests eventually starts to be rejected. You need to wait before making any further requests. **500 Internal Server Error** diff --git a/developer-tools/snyk-api/using-specific-snyk-apis/sbom-apis/rest-api-get-a-projects-sbom-document.md b/developer-tools/snyk-api/using-specific-snyk-apis/sbom-apis/rest-api-get-a-projects-sbom-document.md index 9d5292434071..79c0fecd0b7d 100644 --- a/developer-tools/snyk-api/using-specific-snyk-apis/sbom-apis/rest-api-get-a-projects-sbom-document.md +++ b/developer-tools/snyk-api/using-specific-snyk-apis/sbom-apis/rest-api-get-a-projects-sbom-document.md @@ -9,7 +9,7 @@ Snyk offers the endpoint [Get a project's SBOM document](../../reference/sbom.md The SBOM document represents the latest state of a Project’s dependencies and their relationships. -SBOM documents can be generated in [CycloneDX](https://cyclonedx.org/) v1.4, v1.5, v1. 6 (JSON, XML) and [SPDX](https://spdx.dev/) v2.3 (JSON) formats. +You can generate SBOM documents in [CycloneDX](https://cyclonedx.org/) v1.4, v1.5, v1.6 (JSON, XML) and [SPDX](https://spdx.dev/) v2.3 (JSON) formats. ## How to generate the SBOM for a Project @@ -18,15 +18,15 @@ SBOM documents can be generated in [CycloneDX](https://cyclonedx.org/) v1.4, v1. 2. Determine the format you want for the SBOM you will generate.\ Available options are CycloneDX 1.4 JSON (`cyclonedx1.4+json`), CycloneDX 1.4 XML (`cyclonedx1.4+xml`), CycloneDX 1.5 JSON (`cyclonedx1.5+json`), CycloneDX 1.5 XML (`cyclonedx1.5+xml`), CycloneDX 1.6 JSON (`cyclonedx1.6+json`), CycloneDX 1.6 XML (`cyclonedx1.6+xml`) or SPDX v2.3 JSON (`spdx2.3+json`). 3. Using any HTTP client, for example, Postman or `curl`, make a request to the endpoint, specifying the latest stable version.\ - Note that the `format` parameter must be URL-encoded.\ - Example: To retrieve a CycloneDX 1.4 JSON document, set `format=cyclonedx1.4%2Bjson` on the query. Note that the example has a placeholder for the version; use version 2024-08-22 or later. + The `format` parameter must be URL-encoded.\ + Example: To retrieve a CycloneDX 1.4 JSON document, set `format=cyclonedx1.4%2Bjson` on the query. The example has a placeholder for the version; use version 2024-08-22 or later. `$ curl --location 'https://api.snyk.io/rest/orgs//projects//sbom?version=yyyy-mm-dd&format='`\ `--header 'Authorization: token '` ## Custom CycloneDX properties -An SBOM document generated by Snyk will include some Snyk-specific metadata about what has been exported. This is included in the `metadata.properties` section of the document when exported as CycloneDX. +An SBOM document generated by Snyk includes some Snyk-specific metadata about what has been exported. This is included in the `metadata.properties` section of the document when exported as CycloneDX.
Property NameDescription
snyk:org_idThe organization ID (UUID), if applicable
snyk:collection_idThe project collection’s ID (UUID), if applicable
snyk:project_idThe project’s ID (UUID), if applicable
snyk:target_idThe target’s ID (UUID), if applicable
@@ -36,9 +36,9 @@ The following response code indicates success. **200 OK** -The SBOM document was successfully generated. The response body contains the document in the requested format. +Snyk successfully generated the SBOM document. The response body contains the document in the requested format. -The following are **error states** that you may receive when using the API. If you experience issues not covered here or are having trouble resolving these, contact your Solution Engineer or Technical Success Manager or submit a request to [Snyk Support](https://support.snyk.io). +The following are **error states** that you can receive when using the API. If you experience issues not covered here or are having trouble resolving these, contact your Solution Engineer or Technical Success Manager, or submit a request to [Snyk Support](https://support.snyk.io). **401 Unauthorized** @@ -50,7 +50,7 @@ You do not have the permissions required to make the request. This can happen if **429 Too Many Requests** -Since the Snyk API is rate-limited, an excessive number of requests will eventually start to be rejected. Wait before making any further requests. +Since the Snyk API is rate-limited, an excessive number of requests eventually starts to be rejected. Wait before making any further requests. **500 Internal Server Error** diff --git a/developer-tools/snyk-api/using-specific-snyk-apis/snyk-apps-apis/README.md b/developer-tools/snyk-api/using-specific-snyk-apis/snyk-apps-apis/README.md index fc87549ab8a3..8addf0d49eda 100644 --- a/developer-tools/snyk-api/using-specific-snyk-apis/snyk-apps-apis/README.md +++ b/developer-tools/snyk-api/using-specific-snyk-apis/snyk-apps-apis/README.md @@ -1,6 +1,6 @@ # How to use Snyk Apps APIs -This section provides an introduction to Snyk Apps and instructions for using the API and the CLI to create an App, for using the OAuth2 API to set up a Snyk App, and for using the API to manage Snyk Apps. +This section introduces Snyk Apps and provides instructions for using the API and the CLI to create an App, using the OAuth2 API to set up a Snyk App, and using the API to manage Snyk Apps. * [About Snyk Apps](about-snyk-apps.md) * [Prerequisites for Snyk Apps](prerequisites-for-snyk-apps.md) diff --git a/developer-tools/snyk-api/using-specific-snyk-apis/snyk-apps-apis/about-snyk-apps.md b/developer-tools/snyk-api/using-specific-snyk-apis/snyk-apps-apis/about-snyk-apps.md index f9ca4bce652c..2b1f98fce259 100644 --- a/developer-tools/snyk-api/using-specific-snyk-apis/snyk-apps-apis/about-snyk-apps.md +++ b/developer-tools/snyk-api/using-specific-snyk-apis/snyk-apps-apis/about-snyk-apps.md @@ -1,8 +1,8 @@ # About Snyk Apps -Snyk Apps are integrations that extend the functionality of the Snyk platform, allowing you to create a Snyk experience to suit your specific needs. +Snyk Apps are integrations that extend the functionality of the Snyk platform, letting you create a Snyk experience to suit your specific needs. -For example, a Snyk App might automate Snyk [application security testing](https://snyk.io/learn/application-security/testing/) as part of a build tool. Another Snyk App might stream Snyk security testing results into an incident management tool. You can create your own reporting, metrics, or even a user management App. You can move your automated Snyk API scripts and transform them into a Snyk App, which will add a better UX/UI experience for your Snyk Organization users. +For example, a Snyk App might automate Snyk [application security testing](https://snyk.io/learn/application-security/testing/) as part of a build tool. Another Snyk App might stream Snyk security testing results into an incident management tool. You can create your own reporting, metrics, or even a user management App. You can move your automated Snyk API scripts and transform them into a Snyk App, which adds a better UX/UI experience for your Snyk Organization users. The easiest way to start building a new Snyk App is to clone the [Demo Snyk Apps ](https://github.com/snyk/snyk-apps-demo)GitHub repository. You can either modify the demo to suit your App design or use it as a base for creating your own Snyk App. See the [Snyk Apps blog post](https://snyk.io/blog/snyk-apps-beta-build-custom-apps-extend-snyk-security-into-workflows/) for more details. @@ -12,17 +12,17 @@ Snyk Apps are based on the [Snyk API](../../snyk-api.md) so that your integratio ## Integrating Apps with Snyk -The Snyk Apps platform uses an [OAuth 2.0](http://oauth.net/2/) authorization flow. This allows your Snyk App to get an access token to act on behalf of the user or Tenant, depending on the scopes you request. There are many OAuth 2.0 libraries available that will greatly simplify the integration. The [Snyk Apps Demo](https://github.com/snyk/snyk-apps-demo) uses the popular JavaScript library [passport.js](http://www.passportjs.org/packages/passport-oauth2/). +The Snyk Apps platform uses an [OAuth 2.0](http://oauth.net/2/) authorization flow. This lets your Snyk App get an access token to act on behalf of the user or Tenant, depending on the scopes you request. There are many OAuth 2.0 libraries available that greatly simplify the integration. The [Snyk Apps Demo](https://github.com/snyk/snyk-apps-demo) uses the popular JavaScript library [passport.js](http://www.passportjs.org/packages/passport-oauth2/). See the Snyk [OAuth2 API documentation](../../oauth2-api.md) for details. ## How do Apps connect? -When a Snyk App is created, it is set up to use `a specific context`, either `tenant` or `user`. Set this with the `context` field if you are creating a Snyk App with the API or the `--context` flag if you are using the CLI. If the `context` is not specified, a Snyk App will default to the `tenant` context, which is preferred unless your Snyk App specifically needs to perform operations as an individual user. +When you create a Snyk App, it is set up to use `a specific context`, either `tenant` or `user`. Set this with the `context` field if you are creating a Snyk App with the API or the `--context` flag if you are using the CLI. If you do not specify the `context`, a Snyk App defaults to the `tenant` context, which is preferred unless your Snyk App specifically needs to perform operations as an individual user. ### User context -Authorizing a Snyk App that has the `user` context grants the Snyk App access to perform actions on behalf of the user. The Snyk App will have access to the same set of Organizations and Groups as the installing user, as well as access to any new Snyk Organizations and Groups the user is added to. If the installing user deactivates their account, any installed apps having the `user` context that user has installed will lose access to Snyk. +Authorizing a Snyk App that has the `user` context grants the Snyk App access to perform actions on behalf of the user. The Snyk App has access to the same set of Organizations and Groups as the installing user, as well as access to any new Snyk Organizations and Groups the user is added to. If the installing user deactivates their account, any installed apps having the `user` context that user has installed lose access to Snyk. ### Tenant context @@ -48,13 +48,13 @@ You can also navigate directly to the [Authorized Snyk Apps page](https://app.sn ### Revoking a Snyk App from the management UI -On the Authorized Snyk Apps page, you will see a list of all the Snyk Apps that you have integrated and authorized. The page displays relevant information about each App, including the date when it was authorized. +On the Authorized Snyk Apps page, you see a list of all the Snyk Apps that you have integrated and authorized. The page displays relevant information about each App, including the date when it was authorized. -If you wish to revoke access for a particular Snyk App: +To revoke access for a particular Snyk App: * Locate the specific App in the list of authorized Apps. -* Click the **Revoke** button next to the App. +* Click **Revoke** next to the App. -Revoking access will prevent the App from further accessing your Snyk account and performing actions on your behalf. This gives you full control over which Apps can interact with your Snyk data and ensures that you can manage your App integrations securely. +Revoking access prevents the App from further accessing your Snyk account and performing actions on your behalf. This gives you full control over which Apps can interact with your Snyk data and ensures that you can manage your App integrations securely. By using the Snyk Apps management UI, you can maintain a clear overview of your authorized Apps and make adjustments to their access as needed, enhancing the security and customization of your Snyk experience. diff --git a/developer-tools/snyk-api/using-specific-snyk-apis/snyk-apps-apis/create-a-snyk-app-using-the-snyk-api.md b/developer-tools/snyk-api/using-specific-snyk-apis/snyk-apps-apis/create-a-snyk-app-using-the-snyk-api.md index 7c2dffc48572..413bc2e8f15e 100644 --- a/developer-tools/snyk-api/using-specific-snyk-apis/snyk-apps-apis/create-a-snyk-app-using-the-snyk-api.md +++ b/developer-tools/snyk-api/using-specific-snyk-apis/snyk-apps-apis/create-a-snyk-app-using-the-snyk-api.md @@ -31,10 +31,10 @@ curl -L \ }' ``` -The request body should contain the details for your new App, including the `name`, `context`, `redirect_uris`, and [`scopes`](scopes-to-request.md). +The request body must contain the details for your new App, including the `name`, `context`, `redirect_uris`, and [`scopes`](scopes-to-request.md). The response includes details necessary to complete the integration: `client_id` and `client_secret`. Use these values with Snyk API endpoints within your App; consider storing them as part of the configuration of your App. {% hint style="info" %} -Never share the `client_secret` publicly, as it is used to authenticate your App. This is the only time you will see the `client_secret`, so keep it secure and private. If you lose it or if the secret is leaked, you can [rotate your App's clientSecret](manage-app-details.md#rotate-app-clientsecret). +Never share the `client_secret` publicly, as it is used to authenticate your App. This is the only time you see the `client_secret`, so keep it secure and private. If you lose it or if the secret is leaked, you can [rotate your App's clientSecret](manage-app-details.md#rotate-app-clientsecret). {% endhint %} diff --git a/developer-tools/snyk-api/using-specific-snyk-apis/snyk-apps-apis/create-a-snyk-app-using-the-snyk-cli.md b/developer-tools/snyk-api/using-specific-snyk-apis/snyk-apps-apis/create-a-snyk-app-using-the-snyk-cli.md index 13a9d8d49d0a..e108a0d6da2b 100644 --- a/developer-tools/snyk-api/using-specific-snyk-apis/snyk-apps-apis/create-a-snyk-app-using-the-snyk-cli.md +++ b/developer-tools/snyk-api/using-specific-snyk-apis/snyk-apps-apis/create-a-snyk-app-using-the-snyk-cli.md @@ -48,11 +48,11 @@ A comma-separated list of scopes required by your Snyk App. This forms a list of `--context=` -The `context` your Snyk App will use when installed. +The `context` your Snyk App uses when installed. -Can be either `tenant` or `user`. The default is `tenant` if `context` is not specified. +Can be either `tenant` or `user`. The default is `tenant` if you do not specify `context`. -A Snyk App that has the `tenant` context will act as a bot user so it is not tied to any individual user and thus will persist even if the installing user leaves the Snyk Organization. In contrast, a Snyk App that has the `user` context will perform actions as the installing user. Specify the `user` context only if your Snyk App is performing operations that are specific to individual users. If there is any doubt, use `tenant`. +A Snyk App that has the `tenant` context acts as a bot user, so it is not tied to any individual user and persists even if the installing user leaves the Snyk Organization. In contrast, a Snyk App that has the `user` context performs actions as the installing user. Specify the `user` context only if your Snyk App is performing operations that are specific to individual users. If there is any doubt, use `tenant`. ## Sub-commands of `snyk apps` diff --git a/developer-tools/snyk-api/using-specific-snyk-apis/snyk-apps-apis/manage-app-details.md b/developer-tools/snyk-api/using-specific-snyk-apis/snyk-apps-apis/manage-app-details.md index da7296d6bef2..8254d1a1c5f7 100644 --- a/developer-tools/snyk-api/using-specific-snyk-apis/snyk-apps-apis/manage-app-details.md +++ b/developer-tools/snyk-api/using-specific-snyk-apis/snyk-apps-apis/manage-app-details.md @@ -30,7 +30,7 @@ The `app_id` path parameter is the `id` in the response to a [`GET` request to t For details, see the endpoint [Delete an app by its App ID](../../reference/apps.md#orgs-org_id-apps-client_id-2). -Deleting an App revokes your App credentials and removes all of your App's installations. If you have active users, they will no longer be able to connect to Snyk through the App. +Deleting an App revokes your App credentials and removes all of your App's installations. If you have active users, they can no longer connect to Snyk through the App. ## Rotate App clientSecret @@ -62,18 +62,18 @@ Snyk recommends you adopt the following procedure when rotating your secrets: ### Create a clientSecret -It is recommended that in normal operation you periodically rotate your client secrets. To start the process, send the request body `{"mode": "create"}` to the endpoint which will create a new secret. The returned value of this call will be your app with the newly generated secret. Both the new secret and any existing secrets will be valid until they are manually replaced or deleted. You can also immediately replace a client secret. +In normal operation, Snyk recommends that you periodically rotate your client secrets. To start the process, send the request body `{"mode": "create"}` to the endpoint, which creates a new secret. The returned value of this call is your app with the newly generated secret. Both the new secret and any existing secrets are valid until they are manually replaced or deleted. You can also immediately replace a client secret. An App can have a maximum of two active secrets at any time. This endpoint fails with the error `cannot update secrets` if you try to call `create` when you already have the maximum number of secrets active. ### Replace a clientSecret -In the event that your App's `clientSecret` is leaked, you can generate a new one by using `{"mode": "replace"}`. +If your App's `clientSecret` is leaked, you can generate a new one by using `{"mode": "replace"}`. -When you replace your `clientSecret`, your current secret is immediately invalid. Your App will not be able to connect to Snyk until you update the App's configuration with the new secret. +When you replace your `clientSecret`, your current secret is immediately invalid. Your App cannot connect to Snyk until you update the App's configuration with the new secret. ### Delete a clientSecret To clean up any unused secrets, call the endpoint with `{"mode": "delete", "secret": "{clientSecret}"}` where `{clientSecret}` is your client secret that you want to delete. This action invalidates the secret immediately so it can no longer be used. -An App must have at least one active secret; calling delete with your last secret will fail. +An App must have at least one active secret. Calling delete with your last secret fails. diff --git a/developer-tools/snyk-api/using-specific-snyk-apis/snyk-apps-apis/prerequisites-for-snyk-apps.md b/developer-tools/snyk-api/using-specific-snyk-apis/snyk-apps-apis/prerequisites-for-snyk-apps.md index 31508a91691c..e3a6364f5bc2 100644 --- a/developer-tools/snyk-api/using-specific-snyk-apis/snyk-apps-apis/prerequisites-for-snyk-apps.md +++ b/developer-tools/snyk-api/using-specific-snyk-apis/snyk-apps-apis/prerequisites-for-snyk-apps.md @@ -2,7 +2,7 @@ To create a Snyk App, you must have access to the Snyk API. To get started, follow the instructions to [authenticate for the API](../../authentication-for-api/). -You must also retrieve the ID of the Snyk Organization you intend the App to be owned by (your `orgId`). You can get the Organization ID from the Organization settings in the Snyk Web UI or by using the [List accesible organizations](../../reference/orgs.md#get-orgs) endpoint (`https://api.snyk.io/rest/orgs` ) with the Snyk API token in the Authorization header. +You must also retrieve the ID of the Snyk Organization you intend to own the App (your `orgId`). You can get the Organization ID from the Organization settings in the Snyk Web UI or by using the [List accessible organizations](../../reference/orgs.md#get-orgs) endpoint (`https://api.snyk.io/rest/orgs` ) with the Snyk API token in the Authorization header. {% hint style="info" %} Snyk Apps have first-class access to the API, regardless of whether users installing the App have paid for access or not. To take advantage of this feature, Apps must use API endpoints with the domain https://api.snyk.io/ rather than the deprecated `https://snyk.io/api/` to call the API within the App. diff --git a/developer-tools/snyk-api/using-specific-snyk-apis/snyk-apps-apis/scopes-to-request.md b/developer-tools/snyk-api/using-specific-snyk-apis/snyk-apps-apis/scopes-to-request.md index ca33acbcf0d4..c837b37be0f2 100644 --- a/developer-tools/snyk-api/using-specific-snyk-apis/snyk-apps-apis/scopes-to-request.md +++ b/developer-tools/snyk-api/using-specific-snyk-apis/snyk-apps-apis/scopes-to-request.md @@ -2,12 +2,12 @@ Scopes define the permissions your Snyk App has to perform actions in a user’s account. When a user authorizes your Snyk App to access their Snyk account, they see the list of scopes the App is requesting and then decide whether or not they approve the connection. -When deciding which scopes your Snyk App will request, consider the actions your App will be performing. It may seem better to request every available scope, but users may refuse to install an App that asks for more permissions than needed. Also, a user installing your App will not be able to complete the authorization process if they do not have all the permissions matching the scopes the App is requesting. +When deciding which scopes your Snyk App requests, consider the actions your App performs. It can seem better to request every available scope, but users can refuse to install an App that asks for more permissions than needed. Also, a user installing your App cannot complete the authorization process if they do not have all the permissions matching the scopes the App is requesting. The following lists the **available scopes**. {% hint style="info" %} -`org.read` is a mandatory scope and should always be included. +`org.read` is a mandatory scope and must always be included. {% endhint %} | Scope | Description | @@ -26,7 +26,7 @@ The following lists the **available scopes**. | `org.project.ignore.edit` | Configure Project ignores | | `org.project.ignore.delete` | Permanently remove Project ignores | | `org.project.attributes.edit` | Apply and remove project attributes | -| `org.project.tag.edit` | Create, apply and remove Project tags | +| `org.project.tag.edit` | Create, apply, and remove Project tags | | `org.project.pr.create` | Create fix pull requests for Projects | | `org.project.pr.skip` | Skip failed security tests on pull requests by marking checks as successful | | `org.project.jira.issue.read` | View Jira issue information | diff --git a/developer-tools/snyk-api/using-specific-snyk-apis/snyk-apps-apis/set-up-a-snyk-app-using-the-oauth2-api/quick-setup.md b/developer-tools/snyk-api/using-specific-snyk-apis/snyk-apps-apis/set-up-a-snyk-app-using-the-oauth2-api/quick-setup.md index 0f51bf73de17..521cf95a42d2 100644 --- a/developer-tools/snyk-api/using-specific-snyk-apis/snyk-apps-apis/set-up-a-snyk-app-using-the-oauth2-api/quick-setup.md +++ b/developer-tools/snyk-api/using-specific-snyk-apis/snyk-apps-apis/set-up-a-snyk-app-using-the-oauth2-api/quick-setup.md @@ -5,14 +5,14 @@ Snyk Apps uses the Authorization code with the Proof Key for Code Exchange (PKCE * Authorization: `/oauth2/authorize` * Token: `/oauth2/token` -The Snyk Apps authorization flow should work with any popular OAuth2-compatible client library, providing it supports PKCE. +The Snyk Apps authorization flow works with any popular OAuth2-compatible client library, providing it supports PKCE. The basic steps to set up a Snyk App using the OAuth2 API follow: 1. Generate a code verifier and code challenge. 2. Request the authorization code by directing the installing user to `/oauth2/authorize` with the generated code challenge, as well as all other required OAuth2 parameters. 3. The user is asked to approve the request, selecting the Organization or Group to which the Snyk App is being installed. -4. The user is returned to the redirect URI defined by the Snyk App with an authorization code. You have to extract the authorization code from the user request +4. The user is returned to the redirect URI defined by the Snyk App with an authorization code. You must extract the authorization code from the user request. 5. Exchange the authorization code for an access token and refresh the token pair, using the code verifier generated in the first step. The following pages go into more detail about each step. diff --git a/developer-tools/snyk-api/using-specific-snyk-apis/snyk-apps-apis/set-up-a-snyk-app-using-the-oauth2-api/retrieve-the-app-org-ids.md b/developer-tools/snyk-api/using-specific-snyk-apis/snyk-apps-apis/set-up-a-snyk-app-using-the-oauth2-api/retrieve-the-app-org-ids.md index d0be440c6b7d..bb63b7e815d4 100644 --- a/developer-tools/snyk-api/using-specific-snyk-apis/snyk-apps-apis/set-up-a-snyk-app-using-the-oauth2-api/retrieve-the-app-org-ids.md +++ b/developer-tools/snyk-api/using-specific-snyk-apis/snyk-apps-apis/set-up-a-snyk-app-using-the-oauth2-api/retrieve-the-app-org-ids.md @@ -1,6 +1,6 @@ # Retrieve the App Org IDs -Users may connect with a single Organization or a single Group. Most of the Snyk API endpoints require an `orgid` in the path, which is used for authorizing the action being performed. +Users can connect with a single Organization or a single Group. Most of the Snyk API endpoints require an `orgid` in the path, which is used for authorizing the action being performed. To retrieve the `orgid` that is used by your App, send a GET request to the `orgs` endpoint, [List accessible organizations](../../../reference/orgs.md#get-orgs) at the following URL: diff --git a/developer-tools/snyk-api/using-specific-snyk-apis/snyk-apps-apis/set-up-a-snyk-app-using-the-oauth2-api/revoke-compromised-refresh-tokens.md b/developer-tools/snyk-api/using-specific-snyk-apis/snyk-apps-apis/set-up-a-snyk-app-using-the-oauth2-api/revoke-compromised-refresh-tokens.md index f70b7b326053..89fa92bd178c 100644 --- a/developer-tools/snyk-api/using-specific-snyk-apis/snyk-apps-apis/set-up-a-snyk-app-using-the-oauth2-api/revoke-compromised-refresh-tokens.md +++ b/developer-tools/snyk-api/using-specific-snyk-apis/snyk-apps-apis/set-up-a-snyk-app-using-the-oauth2-api/revoke-compromised-refresh-tokens.md @@ -1,8 +1,8 @@ # Revoke compromised refresh tokens -If you believe that a refresh token has been compromised then it is recommended that you revoke that token as soon as possible. This is to prevent misuse of the token to gain access to Snyk systems. +If you believe that a refresh token has been compromised, Snyk recommends that you revoke that token as soon as possible. This prevents misuse of the token to gain access to Snyk systems. -To do this issue a POST request to the revoke endpoint: +To do this, issue a POST request to the revoke endpoint: ``` https://api.snyk.io/oauth2/revoke @@ -16,4 +16,4 @@ token=(refresh token to be revoked) &client_secret=(clientSecret from the app creation) ``` -This endpoint will return an empty response on success and the given refresh token will immediately be revoked. +This endpoint returns an empty response on success, and the given refresh token is immediately revoked. diff --git a/developer-tools/snyk-api/using-specific-snyk-apis/snyk-apps-apis/set-up-a-snyk-app-using-the-oauth2-api/set-up-the-authorization-code-exchange.md b/developer-tools/snyk-api/using-specific-snyk-apis/snyk-apps-apis/set-up-a-snyk-app-using-the-oauth2-api/set-up-the-authorization-code-exchange.md index a0b4b1d3a8b1..d7f546babfd5 100644 --- a/developer-tools/snyk-api/using-specific-snyk-apis/snyk-apps-apis/set-up-a-snyk-app-using-the-oauth2-api/set-up-the-authorization-code-exchange.md +++ b/developer-tools/snyk-api/using-specific-snyk-apis/snyk-apps-apis/set-up-a-snyk-app-using-the-oauth2-api/set-up-the-authorization-code-exchange.md @@ -21,8 +21,8 @@ grant_type=authorization_code The response includes details necessary for your app to communicate with the Snyk APIs: `access_token` and `refresh_token`, as well as their expiry. -Both tokens must be stored in a secured data store. It is highly recommended to encrypt the values before storing them. +Both tokens must be stored in a secured data store. Snyk highly recommends that you encrypt the values before storing them. -The `access_token` will be used for future API calls on behalf of the user and Organization. The access-token has a much shorter lifespan than the `refresh_token`. +The `access_token` is used for future API calls on behalf of the user and Organization. The access-token has a much shorter lifespan than the `refresh_token`. -The `refresh_token` can be used a single time to get a new `access_token` when it expires. In other words, the `refresh_token` will no longer be usable if its own expiry time passes or if it is used to refresh the `access_token`. +The `refresh_token` can be used a single time to get a new `access_token` when it expires. In other words, the `refresh_token` is no longer usable if its own expiry time passes or if it is used to refresh the `access_token`. diff --git a/developer-tools/snyk-api/using-specific-snyk-apis/snyk-apps-apis/set-up-a-snyk-app-using-the-oauth2-api/set-up-the-refresh-token-exchange.md b/developer-tools/snyk-api/using-specific-snyk-apis/snyk-apps-apis/set-up-a-snyk-app-using-the-oauth2-api/set-up-the-refresh-token-exchange.md index 2583c5e85725..4944eed185f0 100644 --- a/developer-tools/snyk-api/using-specific-snyk-apis/snyk-apps-apis/set-up-a-snyk-app-using-the-oauth2-api/set-up-the-refresh-token-exchange.md +++ b/developer-tools/snyk-api/using-specific-snyk-apis/snyk-apps-apis/set-up-a-snyk-app-using-the-oauth2-api/set-up-the-refresh-token-exchange.md @@ -1,6 +1,6 @@ # Set up the refresh token exchange -As the `access_token` will expire in a short time, the App will need to frequently request a new one using the `refresh_token`. This must be done while the `refresh_token` itself is still valid. +As the `access_token` expires in a short time, the App needs to frequently request a new one using the `refresh_token`. This must be done while the `refresh_token` itself is still valid. To exchange for a fresh `access_token`, make a POST request to the token endpoint: @@ -19,4 +19,4 @@ grant_type=refresh_token The response to this call provides a new `access_token`, `refresh_token`, and expiry for each. -Be sure to store the new `refresh_token`, as the old one is now invalid. Be aware that concurrent calls to this endpoint may result in refresh tokens being marked invalid unexpectedly, make sure to only request a new refresh token pair once per given refresh token. If this process fails then a user will need to perform the authorization flow again. +Be sure to store the new `refresh_token`, as the old one is now invalid. Be aware that concurrent calls to this endpoint can result in refresh tokens being marked invalid unexpectedly. Request a new refresh token pair only once per given refresh token. If this process fails, a user needs to perform the authorization flow again. diff --git a/developer-tools/snyk-api/using-specific-snyk-apis/snyk-apps-apis/set-up-a-snyk-app-using-the-oauth2-api/set-up-to-authorize-users.md b/developer-tools/snyk-api/using-specific-snyk-apis/snyk-apps-apis/set-up-a-snyk-app-using-the-oauth2-api/set-up-to-authorize-users.md index d529e7d75a5a..5003cb112c0e 100644 --- a/developer-tools/snyk-api/using-specific-snyk-apis/snyk-apps-apis/set-up-a-snyk-app-using-the-oauth2-api/set-up-to-authorize-users.md +++ b/developer-tools/snyk-api/using-specific-snyk-apis/snyk-apps-apis/set-up-a-snyk-app-using-the-oauth2-api/set-up-to-authorize-users.md @@ -2,11 +2,11 @@ When users connect their Snyk account to your App, they must authorize access to their chosen Organization or Group and approve the requested scopes. This process starts when you direct users to the Snyk Apps authorization web page and pass the appropriate parameters: `https://app.snyk.io/oauth2/authorize?response_type=code&client_id={clientId}&redirect_uri={redirectURI}&state={state}&code_challenge={codeChallenge}&code_challenge_method=S256` -If your Snyk App is configured with multiple redirect URIs, passing `redirect_uri` will select which redirect URI to use. The given value must match exactly one of the values that are defined for your Snyk App. If not specified the first value defined on the Snyk App is used. +If your Snyk App is configured with multiple redirect URIs, passing `redirect_uri` selects which redirect URI to use. The given value must match exactly one of the values that are defined for your Snyk App. If you do not specify it, the first value defined on the Snyk App is used. The `state` value is used to carry any App-specific state from this `/authorize` call to the callback on the `redirect_uri` (such as a user’s id). It must be verified in your callback to [prevent CSRF attacks](https://datatracker.ietf.org/doc/html/rfc6749#section-10.12). -The `code_challenge` value is a URL-safe base64-encoded string of the SHA256 hash of a generated code verifier. This code verifier must be a highly randomised string generated on the app side before calling `/authorize`, the code verifier is sent when exchanging the returned authorization code for an access token. For more information see [Proof Key for Code Exchange by OAuth Public Clients](https://datatracker.ietf.org/doc/html/rfc7636). Note that Snyk Apps only supports `S256` for the code challenge method. +The `code_challenge` value is a URL-safe base64-encoded string of the SHA256 hash of a generated code verifier. This code verifier must be a highly randomized string generated on the app side before calling `/authorize`. The code verifier is sent when exchanging the returned authorization code for an access token. For more information, see [Proof Key for Code Exchange by OAuth Public Clients](https://datatracker.ietf.org/doc/html/rfc7636). Snyk Apps support only `S256` for the code challenge method.
Authorize access to Organization

Authorize access to Organization

diff --git a/developer-tools/snyk-api/using-specific-snyk-apis/snyk-apps-apis/tutorial-create-a-snyk-app/README.md b/developer-tools/snyk-api/using-specific-snyk-apis/snyk-apps-apis/tutorial-create-a-snyk-app/README.md index e4c4bed06862..0630cb704d06 100644 --- a/developer-tools/snyk-api/using-specific-snyk-apis/snyk-apps-apis/tutorial-create-a-snyk-app/README.md +++ b/developer-tools/snyk-api/using-specific-snyk-apis/snyk-apps-apis/tutorial-create-a-snyk-app/README.md @@ -1,10 +1,10 @@ # Tutorial: create a Snyk App -In this tutorial, we'll create a simple Snyk App using TypeScript to show users a list of their projects within Snyk. +In this tutorial, we'll create a Snyk App using TypeScript to show users a list of their Projects in Snyk. ## Prerequisites -* NodeJS +* Node.js * A Snyk account ## Configure the basics @@ -19,7 +19,7 @@ Now that we have a place to save dependency information, use `npm` to install Ty npm install typescript --save-dev ``` -At this point, TypeScript has been installed, but we'll need a configuration file to provide compilation options to the `tsc` binary. Create a TypeScript configuration file called `tsconfig.json` in the root of the project. Use the template that follows: +At this point, TypeScript is installed, but we'll need a configuration file to provide compilation options to the `tsc` binary. Create a TypeScript configuration file called `tsconfig.json` in the root of the project. Use the template that follows: ```json { @@ -53,7 +53,7 @@ mkdir ./src ## Test it out -Now that we have the basic parameters in place, we'll create a simple Hello World by creating the file `./src/index.ts`. +Now that we have the basic parameters in place, we'll create a Hello World by creating the file `./src/index.ts`. ``` const world = 'world'; diff --git a/developer-tools/snyk-api/using-specific-snyk-apis/snyk-apps-apis/tutorial-create-a-snyk-app/configuring-express.js.md b/developer-tools/snyk-api/using-specific-snyk-apis/snyk-apps-apis/tutorial-create-a-snyk-app/configuring-express.js.md index 80b70f613706..fecab26ce83e 100644 --- a/developer-tools/snyk-api/using-specific-snyk-apis/snyk-apps-apis/tutorial-create-a-snyk-app/configuring-express.js.md +++ b/developer-tools/snyk-api/using-specific-snyk-apis/snyk-apps-apis/tutorial-create-a-snyk-app/configuring-express.js.md @@ -2,7 +2,7 @@ ## Set up Express to serve the application -So far, we've configured our project directories, set the TypeScript compiler options, and created a very simple TypeScript application to print out `Hello World`. +So far, we've configured our project directories, set the TypeScript compiler options, and created a TypeScript application to print out `Hello World`. In this section, we'll expand our application by adding `ExpressJS` to serve our application and configure middleware to handle different kinds of requests. @@ -32,7 +32,7 @@ npm install --save-dev \ > This tutorial makes use of Object-oriented programming (OOP) concepts. If you aren't familiar with OOP, refer to [this MDN page](https://developer.mozilla.org/en-US/docs/Learn/JavaScript/Objects/Object-oriented\_JS) for a brief primer. -To begin, create a new file to house the application code we'll be working on in this portion of the tutorial. If you've just come from the previous module where we configured a simple 'Hello world' app, you can leave your `index.ts` file alone; we'll come back to it. +To begin, create a new file to house the application code we'll be working on in this portion of the tutorial. If you have come from the previous module where we configured a 'Hello world' app, you can leave your `index.ts` file alone. We'll come back to it. ```bash touch ./src/app.ts @@ -40,9 +40,9 @@ touch ./src/app.ts Add an import statement for Express and its TypeScript type / interface definitions at the top of the new file (`./src/app.ts`), then create an `App` class to house all the related functions and configuration required to run our application. -The class constructor will initialize Express on port 3000 when the class is instantiated. We'll create a private function `listen()` for the constructor to call which will handle the actual start of the Express server. +The class constructor initializes Express on port 3000 when the class is instantiated. We'll create a private function `listen()` for the constructor to call, which handles the start of the Express server. -Don't forget to export the class at the bottom, we'll need it later. +Remember to export the class at the bottom. We'll need it later. ```typescript import express from 'express'; @@ -71,15 +71,15 @@ class App { export default App; ``` -Test the new file using `npx tsc` and ensure an `app.js` file is successfully created in the `./dist` directory. If there are no errors, great! You're ready to start adding routes. +Test the new file using `npx tsc` and ensure an `app.js` file is created in the `./dist` directory. If there are no errors, you're ready to start adding routes. ## Basic routes Express will listen to any request on our given port, but it doesn't know _what to do_ when it receives a request. We need to tell Express _how_ to handle the various types of requests it might receive. How you configure this depends heavily on the architecture of your application, and which routes / pages you expect your app to respond to when hit. -For this tutorial, we'll keep things simple. Since our end goal is to provide users with a list of their projects within Snyk, assume we'll want at least two routes: an index route (`/`) to handle any initial connections and a projects route (`/projects`) to present the data from Snyk. +For this tutorial, we'll keep things simple. Since our end goal is to provide users with a list of their Projects in Snyk, assume we'll want at least two routes: an index route (`/`) to handle any initial connections and a projects route (`/projects`) to present the data from Snyk. -To keep our project organized, we'll create a `routes` directory to house our collection of routes and we'll give each route its own subdirectory which will contain the main controller file for the route and any extras we might need. +To keep our project organized, we'll create a `routes` directory to house our collection of routes, and we'll give each route its own subdirectory that contains the main controller file for the route and any extras we need. We'll focus on the index route for this module: @@ -88,9 +88,9 @@ mkdir -p ./src/routes/index touch ./src/routes/index/indexController.ts ``` -Before we start working on the index controller, we should also create a [TypeScript interface](https://www.typescriptlang.org/docs/handbook/interfaces.html) definition to describe a common shape for controller data. This will help keep our controllers consistent and allow TypeScript to warn us early if a controller is missing something important. +Before we start working on the index controller, we should also create a [TypeScript interface](https://www.typescriptlang.org/docs/handbook/interfaces.html) definition to describe a common shape for controller data. This keeps our controllers consistent and lets TypeScript warn us early if a controller is missing something important. -Let's use a similar separation pattern to the one we decided on for routes. Since interface definitions in TypeScript are typically self-contained and descriptive, we'll skip creating a directory for each definition and store any interface files we create as siblings: +Let's use a separation pattern similar to the one we decided on for routes. Since interface definitions in TypeScript are typically self-contained and descriptive, we'll skip creating a directory for each definition and store any interface files we create as siblings: ```bash mkdir -p ./src/interfaces @@ -139,7 +139,7 @@ Here we've imported a handful of TypeScript type/interface definitions as well a We've set our `IndexController` to respond to `/` requests with the `indexPage` function, which renders 'index', but our App class doesn't yet have a way to register the route when it instantiates. Let's go back to our `./src/app.ts` file and add an `initRoutes()` function to establish that. -We'll also modify the App's constructor function to take an array of Controllers and a port value as arguments. +We'll also modify the constructor function for the App to take an array of Controllers and a port value as arguments. Edit `./src/app.ts` and update the contents to match the following: @@ -180,15 +180,15 @@ export default App; ## Running the Express server -So far, we've created an App class that, when instantiated, will run an Express server that responds to requests at `/` and we've added an interface definition to ensure all our controllers follow the same data pattern. +So far, we've created an App class that, when instantiated, runs an Express server that responds to requests at `/`, and we've added an interface definition to ensure all our controllers follow the same data pattern. -Let's run our project and try it out! +Let's run our project and try it out. -If you run the compiled `./dist/app.js` at this point, nothing interesting happens. This is because we've yet to instantiate our exported class. In the previous module, we initialized our `package.json`. During that command, we were presented with questions pertaining to our app. One of the questions asked what our project's entrypoint was. If you were following along and selected the default value, this should be set to `index.js` in your `package.json`. This entrypoint is where we'll instantiate the App class. +If you run the compiled `./dist/app.js` at this point, nothing interesting happens. This is because we've yet to instantiate our exported class. In the previous module, we initialized our `package.json`. During that command, questions about our app appeared. One of the questions asked what our project's entrypoint was. If you were following along and selected the default value, this should be set to `index.js` in your `package.json`. This entrypoint is where we'll instantiate the App class. Edit `./src/index.ts` (where we had that hello world code) and clear it out if there's any content left over, then add import statements for our App and other required objects. -Our entrypoint will only do one thing, instantiate the App class with the `new` keyword: +Our entrypoint does only one thing, instantiate the App class with the `new` keyword: ```typescript import IndexController from './routes/indexController'; @@ -202,16 +202,14 @@ new App( ); ``` -That's it! - -Build the project using `npx tsc` then run the compiled entrypoint with `node`: +Build the project using `npx tsc`, then run the compiled entrypoint with `node`: ```bash npx tsc && node ./dist/index.js ``` -Provided everything was successful, you'll see the message `App listening on port: 3000` in the console. +When everything is successful, you'll see the message `App listening on port: 3000` in the console. -Now visit http://localhost:3000 in your browser or use curl to check the response. If you see `index route!`, then congratulations! Express is serving the application and responding to routes! +Now visit http://localhost:3000 in your browser or use curl to check the response. If you see `index route!`, Express is serving the application and responding to routes. -In the next module of this tutorial, we'll dive deeper into routes and authentication and start working with the Snyk API. +In the next module of this tutorial, we'll go deeper into routes and authentication and start working with the Snyk API. diff --git a/developer-tools/snyk-api/using-specific-snyk-apis/snyk-apps-apis/tutorial-create-a-snyk-app/register-the-app-and-configure-user-authorization.md b/developer-tools/snyk-api/using-specific-snyk-apis/snyk-apps-apis/tutorial-create-a-snyk-app/register-the-app-and-configure-user-authorization.md index 33a7f2fe9d3a..b3dcf363238b 100644 --- a/developer-tools/snyk-api/using-specific-snyk-apis/snyk-apps-apis/tutorial-create-a-snyk-app/register-the-app-and-configure-user-authorization.md +++ b/developer-tools/snyk-api/using-specific-snyk-apis/snyk-apps-apis/tutorial-create-a-snyk-app/register-the-app-and-configure-user-authorization.md @@ -1,10 +1,10 @@ # Register the App and configure user authorization -In the previous sections of this tutorial, we set up our TypeScript project, added an Express server, and configured some basic routing. We'll be building on top of the project we created in the previous sections. It is highly recommended that you complete the previous portions of this tutorial before continuing if you have not done so already. +In the previous sections of this tutorial, we set up our TypeScript project, added an Express server, and configured some basic routing. We'll be building on top of the project we created in the previous sections. Snyk recommends that you complete the previous portions of this tutorial before continuing if you have not done so already. ## Creating and registering a Snyk App -We've made some good progress with our TypeScript application so far, but at the moment, that's all it is - a TypeScript application. To turn it into a bonafide Snyk App, we'll need to register our project as a new App using Snyk's API +We've made good progress with our TypeScript application so far, but at the moment, that's all it is - a TypeScript application. To turn it into a bonafide Snyk App, we'll need to register our project as a new App using the Snyk API. ### Prerequisites @@ -14,7 +14,7 @@ We've made some good progress with our TypeScript application so far, but at the ### Obtaining an `orgid` -There are two methods for retrieving an `orgid`. The first is to log in to your Snyk account and visit the Organization settings page of the Organization for which you wish to retrieve the ID. The path to the Organization settings page is: +There are two methods for retrieving an `orgid`. The first is to log in to your Snyk account and visit the Organization settings page of the Organization for which you want to retrieve the ID. The path to the Organization settings page is: ``` https://app.snyk.io/org/{your-org-name}/manage/settings @@ -28,21 +28,21 @@ Snyk Apps have first-class access to the API, regardless of whether users instal ### Registering our app with Snyk -Registration of a new Snyk App is performed through a simple POST request to Snyk's API. While we could configure the App we've been building throughout this tutorial to perform the request, we'll instead make the request directly using `curl` to avoid creating a function that can only be run a single time. +You register a new Snyk App through a POST request to the Snyk API. While we could configure the App we've been building throughout this tutorial to perform the request, we'll instead make the request directly using `curl` to avoid creating a function that can only be run a single time. The body of the request requires the following details: * `name`: The name of the Snyk App -* `redirectUris`: The accepted callback location(s) during end-user authentication -* `scopes`: The account permissions the Snyk App will ask a user to grant +* `redirectUris`: The accepted callback locations during end-user authentication +* `scopes`: The account permissions the Snyk App asks a user to grant -A note on scopes: Once registered, Snyk Apps scopes cannot currently be changed. The only recourse is deleting the Snyk App using the [Delete App](../../../reference/apps.md#orgs-org_id-apps-creations-app_id-2) API endpoint and registering the app again as a new Snyk App. +A note on scopes: after registration, Snyk Apps scopes cannot be changed. The only recourse is deleting the Snyk App using the [Delete App](../../../reference/apps.md#orgs-org_id-apps-creations-app_id-2) API endpoint and registering the app again as a new Snyk App. -At the time of this writing, **Snyk Apps is still in beta**. At the moment, t**here is only one available scope: `apps:beta`**. This scope **allows** the App to test and monitor existing projects, as well as read information about Snyk Organizations, existing Projects, issues, and reports. +At the time of this writing, **Snyk Apps is still in beta**. There is only one available scope: **`apps:beta`**. This scope **lets** the App test and monitor existing Projects, as well as read information about Snyk Organizations, existing Projects, issues, and reports. -One of the **limitations of the Snyk Apps beta** is that **a Snyk App may be authorized only by users who have administrator access to the Organization to which the Snyk App is registered**. +One of the **limitations of the Snyk Apps beta** is that **only users who have administrator access to the Organization to which the Snyk App is registered can authorize a Snyk App**. -With your API token and `orgid` in hand, perform the following command in your terminal, substituting the values as necessary. For this tutorial, use `http://localhost:3000/callback` for the `redirectUris` value. +With your API token and `orgid` in hand, run the following command in your terminal, substituting the values as necessary. For this tutorial, use `http://localhost:3000/callback` for the `redirectUris` value. {% hint style="info" %} You can avoid inputting your API Token and other secrets directly into your shell by adding them as export statements in a file and sourcing the file to set them as environment variables. @@ -63,13 +63,13 @@ curl --include \ The response from Snyk contains two important values needed to complete our Snyk App's integration: `clientId` and `clientSecret`. Store these values somewhere safe. This is the only time you will see your `clientSecret` from Snyk. As a warning, **never share your `clientSecret` publicly**. This is used to authenticate your App with Snyk. -Now that we've registered the app as a Snyk App, we can start adjusting our TypeScript project to allow users to authorize it. +Now that we've registered the app as a Snyk App, we can start adjusting our TypeScript project to let users authorize it. ## User authorization with a Snyk App -User authentication for Snyk Apps is done by way of a webpage URL containing query parameters that match up with our Snyk App's data. We'll need to replace the query parameter values in this URL and send users to the final link in a web browser. From there they can grant account access to the Snyk App. +User authentication for Snyk Apps works by way of a webpage URL containing query parameters that match up with the data for our Snyk App. We'll need to replace the query parameter values in this URL and send users to the final link in a web browser. From there they can grant account access to the Snyk App. -After access has been provisioned, the user will be kicked back to our app's registered `callbackURL`, which we defined as `http://localhost:3000/callback`. +After access is provisioned, the user returns to our app's registered `callbackURL`, which we defined as `http://localhost:3000/callback`. Essentially, our app needs to generate a link like the following and then send the user to it when it's time to authorize: @@ -77,13 +77,13 @@ Essentially, our app needs to generate a link like the following and then send t https://app.snyk.io/oauth2/authorize?response_type=code&client_id={clientId}&redirect_uri={redirectURI}&state={state}&code_challenge={codeChallenge}&code_challenge_method=S256 ``` -Though some of the query parameters may be somewhat obvious, we will go over them. We're going to modify our Snyk App to generate this URL for our users. +Though some of the query parameters may be obvious, we will go over them. We're going to modify our Snyk App to generate this URL for our users. -* `redirect_uri`: Optional values must match one of the values sent with our registration command from [Registering our app with Snyk](register-the-app-and-configure-user-authorization.md#registering-our-app-with-snyk). If not passed then the first value on the Snyk App is assumed. -* `state`: This is used to carry any App-specific state from this `/authorize` call to the callback on the `redirect_uri` (such as a user's ID). It must be verified in our callback to [prevent CSRF attacks](https://datatracker.ietf.org/doc/html/rfc6749#section-10.12). +* `redirect_uri`: Optional values must match one of the values sent with our registration command from [Registering our app with Snyk](register-the-app-and-configure-user-authorization.md#registering-our-app-with-snyk). If not passed, the first value on the Snyk App is assumed. +* `state`: This carries any App-specific state from this `/authorize` call to the callback on the `redirect_uri` (such as a user's ID). You must verify it in our callback to [prevent CSRF attacks](https://datatracker.ietf.org/doc/html/rfc6749#section-10.12). * `code_challenge`: A URL-safe base64-encodes string of the SHA256 hash of a code verifier. The code verifier is a highly randomized string stored alongside the app side before calling `/authorize`, then sent when exchanging the returned authorization code for a token pair. This is part of Proof Key for Code Exchange (PKCE) which helps prevent authorization code interception attacks. -Once a connection is complete, the user is redirected to the provided redirect URI (our `/callback` route in this case) with query string parameters `code` and `state` added on, which are necessary for the next steps of authorization. +After a connection is complete, the user is redirected to the provided redirect URI (our `/callback` route in this case) with query string parameters `code` and `state` added on, which are necessary for the next steps of authorization. That next step involves taking the authorization code received as a query parameter in the response of the previous step and turning it into an _access token_. To do this, a Snyk App makes a POST request to the token endpoint: `https://api.snyk.io/oauth2/token`. That POST request needs some specific data in its request body, including the _authorization code_, `client id`, `client secret`, `code_verifier` and so on. @@ -106,9 +106,9 @@ Based on the preceding information, our Snyk App has some new requirements. We w 5. Refresh those authorization tokens. 6. Handle errors and inform users of authorization success or failure. -From here on, we'll be doing a lot of refactoring in our Snyk App and we'll be jumping into a number of different files. To help make the process easier to follow, this tutorial uses the convention of adding a commented filepath to the first line of code snippets, describing where they belong. In your own code; these comments aren't necessary. +From here on, we'll be doing a lot of refactoring in our Snyk App and we'll be jumping into a number of different files. To help make the process easier to follow, this tutorial uses the convention of adding a commented filepath to the first line of code snippets, describing where they belong. In your own code, these comments aren't necessary. -We'll also add a number of new packages to help address our new requirements. For convenience, go ahead and run the following in the root of your Project: +We'll also add a number of new packages to help address our new requirements. For convenience, run the following in the root of your Project: ```bash npm install --save passport \ @@ -138,7 +138,7 @@ npm install --save-dev @types/cryptr \ #### Application configuration -Application config (for example, client secrets, api tokens, other config, and so on) should generally be stored securely and kept outside of the App itself. However, for brevity, this tutorial adds the configuration info as exportable constants in the `App.ts` file and leaves the actual implementation details to you. These are values that the Snyk App references in many different places. +Application config (for example, client secrets, api tokens, and other config) should generally be stored securely and kept outside of the App itself. However, for brevity, this tutorial adds the configuration info as exportable constants in the `App.ts` file and leaves the implementation details to you. These are values that the Snyk App references in many different places. ```typescript // ./src/app.ts @@ -294,11 +294,11 @@ export async function updateDb( ### Prepare for API calls -Earlier, we installed the popular `axios` package to handle API calls. We know that we'll need to make some repetitive calls to the same API, so we abstract some helper functions to make our code easily re-usable across the project. Create an `APIHelpers.ts` file in the `util` directory. +Earlier, we installed the popular `axios` package to handle API calls. We know that we'll need to make some repetitive calls to the same API, so we abstract some helper functions to make our code reusable across the project. Create an `APIHelpers.ts` file in the `util` directory. -Before we fill that out, take note that while we are consistently hitting Snyk's API, we'll likely need to make requests against multiple versions of the API, depending on the endpoint's status in the migration from Snyk API v1 to Snyk REST API. One way we can handle this is by defining a TypeScript Enum and within our functions, swapping any necessary query parameters by comparing an argument to the enum's possible values. +Before we fill that out, take note that while we are consistently hitting the Snyk API, we'll likely need to make requests against multiple versions of the API, depending on the endpoint's status in the migration from Snyk API v1 to Snyk REST API. One way we can handle this is by defining a TypeScript Enum and, within our functions, swapping any necessary query parameters by comparing an argument to the enum's possible values. -Add the following content to a new file, or to `APIHelpers.ts` if you prefer; just make sure to export it for later use. +Add the following content to a new file, or to `APIHelpers.ts` if you prefer. Make sure to export it for later use. ```typescript // ./interfaces/API.ts @@ -333,7 +333,7 @@ export function callSnykApi(tokenType: string, token: string, version: APIVersio } ``` -Because this function is an `AxiosInstance`, we can easily talk to the API's different endpoints by calling `.get()`, `.post()`, or any other methods usually available to such an object. +Because this function is an `AxiosInstance`, we can talk to the API's different endpoints by calling `.get()`, `.post()`, or any other methods usually available to such an object. We will see it in action by defining a second async function to retrieve our Snyk Apps' Organization ID: @@ -407,7 +407,7 @@ export class EncryptDecrypt { We've laid the groundwork; now it's time to start doing things. -As discussed in a previous section, our app needs to send would-be authorizers to a specific token URL. We'll add an `/auth` route in our Snyk App and add some authentication middleware to Express. For this, we'll use the excellent [passportjs](https://www.passportjs.org), the [passport-oauth2](https://www.passportjs.org/packages/passport-oauth2/) authentication strategy, along with Snyk's [@snyk/passport-snyk-oauth2](https://www.npmjs.com/package/@snyk/passport-snyk-oauth2). `passport` and its friends handle a large portion of what would otherwise be a lengthy and complicated authentication process. +As discussed in a previous section, our app needs to send would-be authorizers to a specific token URL. We'll add an `/auth` route in our Snyk App and add some authentication middleware to Express. For this, we'll use [passportjs](https://www.passportjs.org), the [passport-oauth2](https://www.passportjs.org/packages/passport-oauth2/) authentication strategy, along with the Snyk package [@snyk/passport-snyk-oauth2](https://www.npmjs.com/package/@snyk/passport-snyk-oauth2). `passport` and its friends handle a large portion of what would otherwise be a lengthy and complicated authentication process. Because `passport` takes its encapsulation philosophy seriously, we'll need to handle everything else about the auth process. We need to set up an instance of the passport strategy we'll be using. We'll put our database helpers from earlier to use here as well, adding an entry into our database when we receive successful authorization. @@ -571,7 +571,7 @@ touch ./src/routes/callback/callbackController.ts The `AuthController` handles authentication of the App via the previously described authorization flow. This is the third step of `passport` setup. Every controller class implements the controller interface which has two members: the path and the router. -This controller handles the `/auth` route, which is what we'll use to send users (via `passport`) to the Snyk website for authorization approval. +This controller handles the `/auth` route, which is what we'll use to send users (through `passport`) to the Snyk website for authorization approval. ```typescript // ./src/routes/auth/authController.ts @@ -602,7 +602,7 @@ class AuthController implements Controller { export default AuthController; ``` -Once a user approves authorization to our Snyk App via the Snyk website, the user is kicked back to our callback URI, `/callback`. We'll handle this route similarly, invoking passport again. This is the final step of user authorization. +After a user approves authorization to our Snyk App through the Snyk website, the user returns to our callback URI, `/callback`. We'll handle this route similarly, invoking passport again. This is the final step of user authorization. The `CallbackController` accepts requests on `/callback`, but also creates two sub-routes, `/callback/success` and `/callback/failure`, to handle the different possible outcomes it might receive from Snyk. @@ -670,7 +670,7 @@ new App([ ### Refresh token management -If we build and run our Snyk App at this point, hitting the `/auth` route will successfully jump us out to the Snyk authorization portal and, provided we confirm the authorization, we'll get kicked back to our local app's callback route at `/callback`. If we had a very simplistic, one-off use case, we could end things here. But there's one more piece of the puzzle we should figure out if we're going to keep our user's authorization fresh; that is token expiry. +If we build and run our Snyk App at this point, hitting the `/auth` route jumps us out to the Snyk authorization portal and, after we confirm the authorization, we return to our local app's callback route at `/callback`. If we had a simplistic, one-off use case, we could end things here. But there's one more piece of the puzzle we should figure out if we're going to keep our user's authorization fresh, that is token expiry. If you ran the app to test things, take a look at database entries. If you've been following along, you should see something like this: @@ -695,7 +695,7 @@ That `expires_in` value will continue to count down until 0. If it does, the use To keep our access token from going stale, we need to make a POST request using our `refresh_token` to get an updated `access_token`. See [Set up the refresh token exchange](../set-up-a-snyk-app-using-the-oauth2-api/set-up-the-refresh-token-exchange.md). -We can automate this process in our Snyk App by utilizing [Axios interceptors](https://axios-http.com/docs/interceptors) to _intercept_ the requests we make and ensure we have an up-to-date `access_token`. +We can automate this process in our Snyk App by using [Axios interceptors](https://axios-http.com/docs/interceptors) to _intercept_ the requests we make and ensure we have an up-to-date `access_token`. Create the file `./src/util/interceptors.ts`, importing all the packages, classes, and so on that we'll need at the top: @@ -802,7 +802,7 @@ async function refreshAndUpdateDb(data: AuthData): Promise { } ``` -With our interceptors defined, the only thing we need to do is update our `callSnykApi` function to utilize them. Interceptors are methods of the `axiosInstance` object, so we'll add them after the `axios.create()` call and before the function's `return`. +With our interceptors defined, the only thing we need to do is update our `callSnykApi` function to use them. Interceptors are methods of the `axiosInstance` object, so we'll add them after the `axios.create()` call and before the function's `return`. ```typescript // ./src/util/APIHelpers.ts @@ -837,6 +837,6 @@ export function callSnykApi(tokenType: string, token: string, version: APIVersio ## Wrap-up -If you've made it this far, congratulations! You've learned how to register a Snyk App with Snyk, configure the authorization flow, keep the `auth_token` from getting stale, and set up a great starting point using TypeScript. +You've now learned how to register a Snyk App with Snyk, configure the authorization flow, keep the `auth_token` from getting stale, and set up a starting point using TypeScript. -In the next module of this tutorial, we'll add a template system and configure our app to show users all of their projects from Snyk in our App. +In the next module of this tutorial, we'll add a template system and configure our app to show users all of their Projects from Snyk in our App. diff --git a/developer-tools/snyk-api/using-specific-snyk-apis/snyk-apps-apis/tutorial-create-a-snyk-app/render-content-for-users.md b/developer-tools/snyk-api/using-specific-snyk-apis/snyk-apps-apis/tutorial-create-a-snyk-app/render-content-for-users.md index 773329bc6df6..910de03aa28c 100644 --- a/developer-tools/snyk-api/using-specific-snyk-apis/snyk-apps-apis/tutorial-create-a-snyk-app/render-content-for-users.md +++ b/developer-tools/snyk-api/using-specific-snyk-apis/snyk-apps-apis/tutorial-create-a-snyk-app/render-content-for-users.md @@ -1,12 +1,12 @@ # Render content for users -In the previous module, we covered registering our Snyk App, setting up the authorization flow, and handling user authorization within our App. All of those topics are integral to the functionality of every Snyk App, but they're all what you might call "behind the scenes" topics. +In the previous module, we covered registering our Snyk App, setting up the authorization flow, and handling user authorization in our App. All of those topics are integral to the functionality of every Snyk App, but they're all what you might call "behind the scenes" topics. -In this module, we'll switch gears to focus on displaying content to the users who have authorized with our Snyk App. Specifically, we want to show unauthorized users a big button they can click to authorize and authorized users a list of their projects from Snyk. +In this module, we'll focus on displaying content to the users who have authorized with our Snyk App. Specifically, we want to show unauthorized users a button they can click to authorize and authorized users a list of their Projects from Snyk. ## Add a template engine to the Snyk App -While Express is perfectly capable of printing content to the screen and even rendering HTML server-side, life is much easier when using a template engine. For this tutorial we are using [EJS](https://ejs.co). +While Express is capable of printing content to the screen and even rendering HTML server-side, life is much easier when using a template engine. For this tutorial we are using [EJS](https://ejs.co). First, install the node packages needed in this part of the tutorial: @@ -50,7 +50,7 @@ class App { } ``` -For each route that we'll provide a template for, we'll need to modify the corresponding controller and ensure that we're using `res.render("