diff --git a/discover-snyk/getting-started/README.md b/discover-snyk/getting-started/README.md index 215dec795d14..363cc69ef80e 100644 --- a/discover-snyk/getting-started/README.md +++ b/discover-snyk/getting-started/README.md @@ -25,17 +25,17 @@ To create a free account or sign up for a pricing plan, navigate to [snyk.io](ht If your company has an existing Snyk account and uses single sign-on (SSO), use the SSO link provided by your administrators. -If your company requires an invitation to use Snyk, when you log in for the first time, you may see a list of Organizations, which in Snyk control access to Projects. To request access to an Organization, select the name of an Organization Admin in order to request access. +If your company requires an invitation to use Snyk, when you log in for the first time, you see a list of Organizations, which in Snyk control access to Projects. To request access to an Organization, select the name of an Organization Admin. {% hint style="info" %} -If you log in with a different authentication provider from the one your company uses for the Snyk account, you create a new account. You will not be logged in to the correct Organization for your company. +If you log in with a different authentication provider from the one your company uses for the Snyk account, you create a new account. You are not logged in to the correct Organization for your company. {% endhint %} When you log in to the Snyk Web UI, Snyk shows your preferred (default) Organization. Snyk also uses the settings for your preferred Organization when you test a Project locally using the CLI. ## Set up a Snyk integration -For Snyk to know where to scan, you must provide it with access to your environment. The type of integration you need depends on what systems you use, what you want to scan, and where you want to add the integrations - [Organization](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/integrations/integrate-with-snyk) or [Group](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/integrations/integrate-with-snyk). For information about available integrators, see [Snyk SCM integrations](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/integrations/scm-integrations/organization-level-integrations) and [Integrate with Snyk](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/integrations/integrate-with-snyk). +For Snyk to know where to scan, you must provide it with access to your environment. The type of integration you need depends on what systems you use, what you want to scan, and where you want to add the integrations — [Organization](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/integrations/integrate-with-snyk) or [Group](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/integrations/integrate-with-snyk). For information about available integrators, see [Snyk SCM integrations](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/integrations/scm-integrations/organization-level-integrations) and [Integrate with Snyk](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/integrations/integrate-with-snyk). To scan your code, you must first integrate Snyk with the repository holding that code. @@ -43,7 +43,7 @@ To scan your code, you must first integrate Snyk with the repository holding tha After creating a Snyk account, you can follow the optional getting-started walkthrough prompts to provide information and help Snyk guide your experience. This includes choosing an integration method, setting access permissions, configuring automation settings, and authenticating that integration. -Alternatively, if you want to scan your code without authenticating to your source code repository, you can select the CLI integration. This allows you to run scans from your local machine and upload results to your Organization in Snyk. +Alternatively, if you want to scan your code without authenticating to your source code repository, you can select the CLI integration. This lets you run scans from your local machine and upload results to your Organization in Snyk. ### Manual process @@ -61,7 +61,7 @@ Before authenticating, be sure you have set your region properly. For details, s Your Snyk API token is a personal token available under your user profile. The Snyk API token is associated with your Snyk Account and not with a specific Organization. -Free and Team plan and trial users have access only to tokens under the user profile. Your personal tokens can be used to authenticate with the Snyk CLI running on a local or a build machine and an IDE when you are setting a token manually. Use a personal token with caution if you are authenticating for CI/CD or with the API, which is available for Enterprise plan users only. +Free and Team plan and trial users have access only to tokens under the user profile. You can use your personal tokens to authenticate with the Snyk CLI running on a local or a build machine and an IDE when you are setting a token manually. Use a personal token with caution if you are authenticating for CI/CD or with the API, which is available for Enterprise plan users only. #### Personal Access Tokens (recommended) @@ -84,7 +84,7 @@ To obtain your personal Snyk API token: 2. In your **General** settings, under API Token, select **click to show**. 3. Highlight and copy your API key. -If you want a new API token, select **Revoke & Regenerate**, but this will make the previous API token invalid. +If you want a new API token, select **Revoke & Regenerate**, but this makes the previous API token invalid. {% hint style="info" %} For information on when to use an API token and when to use a service account token, available to Enterprise plan users only, visit [Authentication for API](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/snyk-api/authentication-for-api). @@ -107,7 +107,7 @@ Importing a Project also does the following: Snyk Essentials is available only with Enterprise plans. For more information, see [plans and pricing](https://snyk.io/plans/). {% endhint %} -Snyk Essentials enables Application Security teams to implement, manage, and scale a modern, high-performing, developer security program. It covers use cases under Application Security Posture Management (ASPM). +Snyk Essentials lets Application Security teams implement, manage, and scale a modern, high-performing, developer security program. It covers use cases under Application Security Posture Management (ASPM). For more information, see [Snyk Essentials](https://app.gitbook.com/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-essentials). diff --git a/discover-snyk/getting-started/glossary.md b/discover-snyk/getting-started/glossary.md index 81cc25c9a2e6..fd28be089e35 100644 --- a/discover-snyk/getting-started/glossary.md +++ b/discover-snyk/getting-started/glossary.md @@ -4,7 +4,7 @@ ### ADE -An Agentic Development Environment (ADE), also known as an Agentic IDE, is a engineering workspace where AI agents execute defined tasks. +An Agentic Development Environment (ADE), also known as an Agentic IDE, is an engineering workspace where AI agents execute defined tasks. ### Advisor @@ -104,7 +104,7 @@ A Command directive is a type of [Directive](glossary.md#directive) that is manu ### Container -Containers allow you to package applications and their dependencies together to be deployed as a single runnable unit. A container is an abstraction provided by the operating system kernel that allows a process to be isolated from other processes running on the system. See also [Snyk Container.](glossary.md#snyk-container) +Containers let you package applications and their dependencies together to be deployed as a single runnable unit. A container is an abstraction provided by the operating system kernel that allows a process to be isolated from other processes running on the system. See also [Snyk Container.](glossary.md#snyk-container) ### Container engine @@ -128,7 +128,7 @@ The security controls associated with the asset. Navigate to the Snyk Essentials ### Coverage (Snyk Essentials) -An assessment of whether applicable assets are scanned and tested by security tools (like Snyk Open Source, for instance), as it relates to an application security program. A type of policy that allows you to specify what controls should be applied and, optionally, how often it needs to be run. +An assessment of whether applicable assets are scanned and tested by security tools (like Snyk Open Source, for instance), as it relates to an application security program. A type of policy that lets you specify what controls to apply and, optionally, how often it needs to be run. ### Coverage gap (Snyk **Essentials**) @@ -136,7 +136,7 @@ An assessment of all assets that fall "out of policy" and do not satisfy the cov ### CVE -Common Vulnerabilities and Exposures. A widely-used identifier for a well-known vulnerability. +Common Vulnerabilities and Exposures. A widely used identifier for a well-known vulnerability. ### CVSS @@ -177,7 +177,7 @@ A set of cultural philosophies, practices, and tools that combine software devel ### DevSecOps -Integrate security seamlessly and transparently into emerging agile IT and DevOps development. +Integrate security transparently into emerging agile IT and DevOps development. ### Docker @@ -209,7 +209,7 @@ A measure of how practical an exploit for a vulnerability is, based on whether t ### Fixable / Partially fixable -A measure of whether a vulnerability can be fixed by Sny by applying a patch, upgrade, or pin. See [Vulnerability fix types](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-open-source/manage-vulnerabilities/vulnerability-fix-types). +A measure of whether Snyk can fix a vulnerability by applying a patch, upgrade, or pin. See [Vulnerability fix types](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-open-source/manage-vulnerabilities/vulnerability-fix-types). ### Fix PR @@ -327,7 +327,7 @@ Natural Language Processing.The technology that enables computers to understand, ### NPX -`npx` (Node Package Execute) is a command-line tool bundled with `npm` that allows you to run `Node.js` packages without requiring installation. +`npx` (Node Package Execute) is a command-line tool bundled with `npm` that lets you run `Node.js` packages without requiring installation. ## O @@ -503,7 +503,7 @@ A platform providing Cloud Native Application Security (CNAS) solutions, allowin ### Snyk Advisor -A free web application that allows you to compare software packages across open-source ecosystems. It provides insights into the overall health of a particular package by combining community and security data into a single unified view. See [Snyk Advisor](https://snyk.io/advisor/). +A free web application that lets you compare software packages across open-source ecosystems. It provides insights into the overall health of a particular package by combining community and security data into a single unified view. See [Snyk Advisor](https://snyk.io/advisor/). ### Snyk API @@ -551,14 +551,14 @@ A library used by the Snyk CLI to scan a certain language or build system. ### Snyk Studio -Snyk Studio embeds Snyk's AI security platform capabilities into any AI-native workflow. Snyk Studio is built on two core use cases: '[Secure at Inception](glossary.md#secure-at-inception),' which proactively prevents new, AI-generated vulnerabilities using configurable directives, and 'Intelligent Remediation,' which clears existing security backlogs at scale. +Snyk Studio embeds the AI security platform capabilities of Snyk into any AI-native workflow. Snyk Studio is built on two core use cases: '[Secure at Inception](glossary.md#secure-at-inception),' which proactively prevents new, AI-generated vulnerabilities using configurable directives, and 'Intelligent Remediation,' which clears existing security backlogs at scale. ### Snyk Security Intelligence A component powering the Snyk cloud-native application security platform.\ Incorporates the Snyk Intel Vulnerability DB: the Snyk database of vulnerabilities, providing detailed information and fix advice for known vulnerabilities. See [Vulnerability DB](https://snyk.io/vuln). -### Snyk web UI +### Snyk Web UI The browser-based environment that provides users access to Snyk functions. diff --git a/discover-snyk/getting-started/pilot-guide/access-and-deployment/configure-cloud-based-scm/README.md b/discover-snyk/getting-started/pilot-guide/access-and-deployment/configure-cloud-based-scm/README.md index 5f271ff87c5c..efd2f56d3f52 100644 --- a/discover-snyk/getting-started/pilot-guide/access-and-deployment/configure-cloud-based-scm/README.md +++ b/discover-snyk/getting-started/pilot-guide/access-and-deployment/configure-cloud-based-scm/README.md @@ -2,7 +2,7 @@ {% include "../../../../.gitbook/includes/pilot-guide-navigation.md" %} -### Set up SCM integrations and Snyk Essentials by following the steps for all relevant SCMs: +### Set up SCM integrations and Snyk Essentials by following the steps for all relevant SCMs * [GitHub](github.md) * [GitLab](gitlab.md) diff --git a/discover-snyk/getting-started/pilot-guide/access-and-deployment/configure-cloud-based-scm/azure-devops.md b/discover-snyk/getting-started/pilot-guide/access-and-deployment/configure-cloud-based-scm/azure-devops.md index 51afc49b1552..28e167443490 100644 --- a/discover-snyk/getting-started/pilot-guide/access-and-deployment/configure-cloud-based-scm/azure-devops.md +++ b/discover-snyk/getting-started/pilot-guide/access-and-deployment/configure-cloud-based-scm/azure-devops.md @@ -2,7 +2,7 @@ {% include "../../../../.gitbook/includes/pilot-guide-navigation.md" %} -Review the steps below to configure the Azure DevOps integration with Snyk. For more details about setting up the GitHub integration, contact your Snyk account team. +Review the following steps to configure the Azure DevOps integration with Snyk. For more details about setting up the integration, contact your Snyk account team. ## Generate an Azure DevOps PAT @@ -34,7 +34,7 @@ Configure the Group-level integration by following these steps: * If relevant, you can also include the Backstage catalog. See the [Backstage file for SCM integrations](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/integrations/scm-integrations/application-context-for-scm-integrations#backstage-file-for-scm-integrations) page for more details. {% hint style="info" %} -After the integration is configured, the Group-level integration shifts to a **Partially connected** status. During the next synchronization, it will transition to the connected state, and the Inventory view will be filled with data from the GitHub source. +After the integration is configured, the Group-level integration shifts to a **Partially connected** status. During the next synchronization, it transitions to the connected state, and the Inventory view fills with data from the Azure DevOps source. {% endhint %} ## Configure the Organization-level integration diff --git a/discover-snyk/getting-started/pilot-guide/access-and-deployment/configure-cloud-based-scm/bitbucket.md b/discover-snyk/getting-started/pilot-guide/access-and-deployment/configure-cloud-based-scm/bitbucket.md index dfa7dbdc3386..556cf21eadac 100644 --- a/discover-snyk/getting-started/pilot-guide/access-and-deployment/configure-cloud-based-scm/bitbucket.md +++ b/discover-snyk/getting-started/pilot-guide/access-and-deployment/configure-cloud-based-scm/bitbucket.md @@ -2,7 +2,7 @@ {% include "../../../../.gitbook/includes/pilot-guide-navigation.md" %} -‌Review the steps below to configure the Bitbucket integration with Snyk. For more details about setting up the GitHub integration, contact your Snyk account team.\\ +‌Review the following steps to configure the Bitbucket integration with Snyk. For more details about setting up the integration, contact your Snyk account team.\\ ## Generate a BitBucket PAT @@ -35,7 +35,7 @@ Configure the Group-level integration by following these steps: * If relevant, you can also include the Backstage catalog. See the [Backstage file for SCM integrations](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/integrations/scm-integrations/application-context-for-scm-integrations#backstage-file-for-scm-integrations) page for more details. {% hint style="info" %} -After the integration is configured, the Group-level integration shifts to a **Partially connected** status. During the next synchronization, it will transition to the connected state, and the Inventory view will be filled with data from the GitHub source. +After the integration is configured, the Group-level integration shifts to a **Partially connected** status. During the next synchronization, it transitions to the connected state, and the Inventory view fills with data from the Bitbucket source. {% endhint %} ## Configure the Organization-level integration diff --git a/discover-snyk/getting-started/pilot-guide/access-and-deployment/configure-cloud-based-scm/github.md b/discover-snyk/getting-started/pilot-guide/access-and-deployment/configure-cloud-based-scm/github.md index b605cfa3444c..99a53c9d1ab2 100644 --- a/discover-snyk/getting-started/pilot-guide/access-and-deployment/configure-cloud-based-scm/github.md +++ b/discover-snyk/getting-started/pilot-guide/access-and-deployment/configure-cloud-based-scm/github.md @@ -2,7 +2,7 @@ {% include "../../../../.gitbook/includes/pilot-guide-navigation.md" %} -‌Review the steps below to configure the GitHub integration with Snyk. For more details about setting up the GitHub integration, contact your Snyk account team. +‌Review the following steps to configure the GitHub integration with Snyk. For more details about setting up the integration, contact your Snyk account team. ## Generate a GitHub PAT @@ -32,7 +32,7 @@ Configure the Group-level integration by following these steps: * Configure the integration and populate all mandatory fields, including the PAT details. For more details, see the [Integrate GitHub using Snyk Essentials](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/integrations/scm-integrations/group-level-integrations/github-for-snyk-essentials#github-integrate-using-snyk-apprisk) page. {% hint style="info" %} -After the integration is configured, the Group-level integration shifts to a **Partially connected** status. During the next synchronization, it will transition to the connected state, and the Inventory view will be filled with data from the GitHub source. +After the integration is configured, the Group-level integration shifts to a **Partially connected** status. During the next synchronization, it transitions to the connected state, and the Inventory view fills with data from the GitHub source. {% endhint %} ## Configure the Organization-level integration diff --git a/discover-snyk/getting-started/pilot-guide/access-and-deployment/configure-cloud-based-scm/gitlab.md b/discover-snyk/getting-started/pilot-guide/access-and-deployment/configure-cloud-based-scm/gitlab.md index e60dfd6078b5..40cf976e5515 100644 --- a/discover-snyk/getting-started/pilot-guide/access-and-deployment/configure-cloud-based-scm/gitlab.md +++ b/discover-snyk/getting-started/pilot-guide/access-and-deployment/configure-cloud-based-scm/gitlab.md @@ -2,11 +2,11 @@ {% include "../../../../.gitbook/includes/pilot-guide-navigation.md" %} -Review the steps below to configure the GitLab integration with Snyk. For more details about setting up the GitHub integration, contact your Snyk account team. +Review the following steps to configure the GitLab integration with Snyk. For more details about setting up the integration, contact your Snyk account team. ## Generate a GitLab PAT -Generate a GitHub PAT with the following permissions enabled:\\ +Generate a GitLab PAT with the following permissions enabled:\\ * `api` * `read_api` @@ -26,12 +26,12 @@ Configure the Group-level integration by following these steps:
-* Search and select the GitHub integration +* Search and select the GitLab integration * Configure the integration and populate all mandatory fields, including the PAT details. For more details, see the [Integrate GitLab using Snyk Essentials](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/integrations/scm-integrations/group-level-integrations/gitlab-for-snyk-essentials#gitlab-integrate-using-snyk-apprisk) page. * If relevant, you can also include the Backstage catalog. See the [Backstage file for SCM integrations](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/integrations/scm-integrations/application-context-for-scm-integrations#backstage-file-for-scm-integrations) page for more details. {% hint style="info" %} -After the integration is configured, the Group-level integration shifts to a **Partially connected** status. During the next synchronization, it will transition to the connected state, and the Inventory view will be filled with data from the GitHub source. +After the integration is configured, the Group-level integration shifts to a **Partially connected** status. During the next synchronization, it transitions to the connected state, and the Inventory view fills with data from the GitLab source. {% endhint %} ## Configure the Organization-level integration diff --git a/discover-snyk/getting-started/pilot-guide/access-and-deployment/import-repositories.md b/discover-snyk/getting-started/pilot-guide/access-and-deployment/import-repositories.md index fb08aff4e9fa..0495358e743d 100644 --- a/discover-snyk/getting-started/pilot-guide/access-and-deployment/import-repositories.md +++ b/discover-snyk/getting-started/pilot-guide/access-and-deployment/import-repositories.md @@ -2,7 +2,7 @@ {% include "../../../.gitbook/includes/pilot-guide-navigation.md" %} -After setting up your SCM integration, you are ready to import repositories to Snyk. If you have not imported any repos yet, click on the **Import projects** button to start. +After setting up your SCM integration, you are ready to import repositories to Snyk. If you have not imported any repos yet, click **Import projects** to start. * Open the Snyk Web UI * Navigate to the Organization-level diff --git a/discover-snyk/getting-started/pilot-guide/access-and-deployment/invite-team-members.md b/discover-snyk/getting-started/pilot-guide/access-and-deployment/invite-team-members.md index 3bd005f71615..a710e60e4ea3 100644 --- a/discover-snyk/getting-started/pilot-guide/access-and-deployment/invite-team-members.md +++ b/discover-snyk/getting-started/pilot-guide/access-and-deployment/invite-team-members.md @@ -14,8 +14,8 @@ Invite members to the Organization you configured. Follow these steps to invite * Add the emails of all team members in the text box * Select their role from the dropdown menu. * Select **Send invite** -* New members will receive a welcome email from Snyk with a link to sign up and join your organization. +* New members receive a welcome email from Snyk with a link to sign up and join your Organization. ![](https://lh7-rt.googleusercontent.com/docsz/AD_4nXfZakhAyTXXqEigvhHYY0bH3jZ__Zx9kIbt8Dwa9erputbh1_4ZennUPqXzXFfvZBdHzlO6OOLJjUFzo35uDHUSvo5C1HV7HXK4EZ3wAT5zM6PhQWuutwH-DsDmyWVH4JlkGSj1?key=i_CNrr-DvB8PGUAzq09BT3pc) -Alternatively, SSO can be configured as self-serve in the Group settings. More details on that can be found on the [Configure Self-Serve Single Sign-On (SSO)](https://app.gitbook.com/s/IgtgtomLQ2TUgSKOMSAm/user-management/single-sign-on-sso-for-authentication-to-snyk) page. +Alternatively, you can configure SSO as self-serve in the Group settings. For more details, visit [Configure Self-Serve Single Sign-On (SSO)](https://app.gitbook.com/s/IgtgtomLQ2TUgSKOMSAm/user-management/single-sign-on-sso-for-authentication-to-snyk). diff --git a/discover-snyk/getting-started/pilot-guide/access-and-deployment/provision-your-account.md b/discover-snyk/getting-started/pilot-guide/access-and-deployment/provision-your-account.md index 6fa522ce9a32..56175413e4bb 100644 --- a/discover-snyk/getting-started/pilot-guide/access-and-deployment/provision-your-account.md +++ b/discover-snyk/getting-started/pilot-guide/access-and-deployment/provision-your-account.md @@ -4,4 +4,4 @@ Provide your Snyk account team with the email of the desired Snyk tenant admin. -Your account team will provision your Snyk tenant, which you will be able to access after receiving a welcome email from Snyk. More details on this process can be found in the [Auto-provisioning guide](../../../implementation-and-setup/enterprise-setup/auto-provisioning-guide.md). +Your account team provisions your Snyk tenant, which you can access after you receive a welcome email from Snyk. For more details on this process, visit the [Auto-provisioning guide](../../../implementation-and-setup/enterprise-setup/auto-provisioning-guide.md). diff --git a/discover-snyk/getting-started/pilot-guide/access-and-deployment/set-up-snyk-essentials.md b/discover-snyk/getting-started/pilot-guide/access-and-deployment/set-up-snyk-essentials.md index ef85ea66b1d5..010e61e84f7d 100644 --- a/discover-snyk/getting-started/pilot-guide/access-and-deployment/set-up-snyk-essentials.md +++ b/discover-snyk/getting-started/pilot-guide/access-and-deployment/set-up-snyk-essentials.md @@ -9,6 +9,6 @@ ## Configuration steps -Verify that Snyk Essentials is configured by navigating to the Group level > Integrations. If not set up yet, follow the in-product instructions for your SCM(s). +Verify that Snyk Essentials is configured. Navigate to the Group level and select **Integrations**. If you have not set up Snyk Essentials yet, follow the in-product instructions for your SCMs.
diff --git a/discover-snyk/getting-started/pilot-guide/during-the-pilot/assign-a-lesson-in-snyk-learn.md b/discover-snyk/getting-started/pilot-guide/during-the-pilot/assign-a-lesson-in-snyk-learn.md index 1c09f8925d5a..a37372a80b26 100644 --- a/discover-snyk/getting-started/pilot-guide/during-the-pilot/assign-a-lesson-in-snyk-learn.md +++ b/discover-snyk/getting-started/pilot-guide/during-the-pilot/assign-a-lesson-in-snyk-learn.md @@ -4,15 +4,15 @@ The Snyk platform includes access to Snyk Learn, the Snyk security education platform. With resources on Snyk Learn, developers can learn how to stay secure through interactive lessons that explore vulnerabilities across various languages and ecosystems. -Throughout the platform, such as in the IDE extensions, PR checks, and Web UI, Snyk links out to relevant lessons in Snyk Learn that help the developer fix that vulnerability. These lessons can also be accessed directly at [learn.snyk.io](http://learn.snyk.io). +Throughout the platform, such as in the IDE extensions, PR checks, and Web UI, Snyk links out to relevant lessons in Snyk Learn that help the developer fix that vulnerability. You can also access these lessons directly at [learn.snyk.io](http://learn.snyk.io). Start by navigating to [Snyk Learn](http://learn.snyk.io) and browsing the set of available lessons. You can then filter by category to see lessons related to your programming language or topic of interest. -Choose a lesson that interests you and complete it. You will see progress of the lesson on the right of the page and confirmation after the lesson has been completed. +Choose a lesson that interests you and complete it. Snyk shows the progress of the lesson and confirms when you complete the lesson. -Next, review all of your completed and in-progress lessons by clicking on “Learning progress”. +Next, review all of your completed and in-progress lessons by selecting **Learning progress**. Admins in Snyk can also review progress for the entire Organization by accessing the Reports. diff --git a/discover-snyk/getting-started/pilot-guide/during-the-pilot/fix-a-vulnerability.md b/discover-snyk/getting-started/pilot-guide/during-the-pilot/fix-a-vulnerability.md index efdcccb82dc1..2ac6d2f54c1d 100644 --- a/discover-snyk/getting-started/pilot-guide/during-the-pilot/fix-a-vulnerability.md +++ b/discover-snyk/getting-started/pilot-guide/during-the-pilot/fix-a-vulnerability.md @@ -2,7 +2,7 @@ {% include "../../../.gitbook/includes/pilot-guide-navigation.md" %} -Vulnerabilities can be fixed from multiple integration points in Snyk. This guide reviews how to fix vulnerabilities in the IDE and the Web UI. +You can fix vulnerabilities from multiple integration points in Snyk. This guide reviews how to fix vulnerabilities in the IDE and the Web UI. ## Fix issues using the IDE @@ -20,11 +20,11 @@ For Snyk Code issues, you can view fix examples. If available, you can automatic With Snyk Agent Fix, click **Generate AI fix** to generate up to five example fixes you can review and apply. After you apply the fix and rescan, Snyk resolves the vulnerability. -From the Web UI, any vulnerability that can be fixed with a Snyk-generated PR has a “Fix this vulnerability” button, which can be used to initiate a fix. +From the Web UI, any vulnerability that Snyk can fix with a generated PR has a **Fix this vulnerability** button to initiate a fix. -After confirming the fix-PR, Snyk opens a PR, which can be reviewed, approved, and merged to resolve the vulnerability. +After you confirm the fix-PR, Snyk opens a PR that you can review, approve, and merge to resolve the vulnerability. -Not all languages support fix-PRs, but fix data is still available. For language-specific details and support, please review the [Supported languages, package managers, and frameworks](../../../supported-languages/supported-languages-package-managers-and-frameworks.md) page. +Not all languages support fix-PRs, but fix data is still available. For language-specific details and support, review the [Supported languages, package managers, and frameworks](../../../supported-languages/supported-languages-package-managers-and-frameworks.md) page. {% hint style="info" %} Additional Resources diff --git a/discover-snyk/getting-started/pilot-guide/during-the-pilot/local-scanning-with-the-ide.md b/discover-snyk/getting-started/pilot-guide/during-the-pilot/local-scanning-with-the-ide.md index 17e8559a834f..d4c924648e0d 100644 --- a/discover-snyk/getting-started/pilot-guide/during-the-pilot/local-scanning-with-the-ide.md +++ b/discover-snyk/getting-started/pilot-guide/during-the-pilot/local-scanning-with-the-ide.md @@ -4,7 +4,7 @@ ## Configure the Snyk IDE -To start scanning code in the IDE, navigate to your IDE plugin or extension marketplace and search for Snyk. This guide focuses on VS Code, but the [other supported IDEs](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/integrations/snyk-ide-plugins-and-extensions) follow a very similar setup flow. +To start scanning code in the IDE, navigate to your IDE plugin or extension marketplace and search for Snyk. This guide focuses on VS Code, but the [other supported IDEs](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/integrations/snyk-ide-plugins-and-extensions) follow a similar setup flow. * Open VS Code, Extensions and search for Snyk. * Install the Snyk extension. @@ -15,7 +15,7 @@ To start scanning code in the IDE, navigate to your IDE plugin or extension mark
-* After being redirected to Snyk, you can click **Grant app access**. This authenticates your Snyk IDE extension. +* After Snyk redirects you, click **Grant app access**. This authenticates your Snyk IDE extension.
@@ -31,13 +31,13 @@ You can see the results are broken out by scan type. All the Open Source issues ### Filter issues -Issues can be filtered in a number of ways to tune what gets presented to you while coding. Two of the most common settings to adjust are ‌**Severity** and **Total vs. new**. +You can filter issues in a number of ways to tune what Snyk presents to you while coding. Two of the most common settings to adjust are ‌**Severity** and **Total vs. new**. To adjust which severity is shown, navigate to the **Severity** section in the extension settings.
-You can also change from looking at the total set of issues in the codebase to just new issues. This method scans the main branch and the version that the developer is working on, then reports only the new vulnerabilities. This mode can be easily toggled at the top of the extension menu. +You can also change from looking at the total set of issues in the codebase to new issues only. This method scans the main branch and the version that the developer is working on, then reports only the new vulnerabilities. You can toggle this mode at the top of the extension menu.
@@ -45,11 +45,11 @@ This option helps developers avoid introducing new vulnerabilities without getti ### Check the vulnerabilities -The results for each scan type and vulnerability type vary, but expect to see inline feedback as well as a more detailed window that can be accessed by clicking on the vulnerability. +The results for each scan type and vulnerability type vary, but expect to see inline feedback as well as a more detailed window that you can open by clicking the vulnerability.
-For Snyk Code issues, you can see the Fix Analysis, Data Flow, and an Issue Overview. You can also click “Learn about this issue type” which brings you to a more detailed lesson in Snyk’s developer education platform, [Snyk Learn](https://learn.snyk.io/). +For Snyk Code issues, you can see the Fix Analysis, Data Flow, and an Issue Overview. You can also click **Learn about this issue type**, which brings you to a more detailed lesson in the Snyk developer education platform, [Snyk Learn](https://learn.snyk.io/).
diff --git a/discover-snyk/getting-started/pilot-guide/during-the-pilot/review-reporting.md b/discover-snyk/getting-started/pilot-guide/during-the-pilot/review-reporting.md index 3b80c3098aac..6bd1580ec482 100644 --- a/discover-snyk/getting-started/pilot-guide/during-the-pilot/review-reporting.md +++ b/discover-snyk/getting-started/pilot-guide/during-the-pilot/review-reporting.md @@ -8,25 +8,25 @@ The Snyk platform has a variety of [available reports](https://app.gitbook.com/s ## Issues Detail -The Issues Detail report displays all known issues in all of your Projects that Snyk is monitoring. It is a great place to review and prioritize issues across all of your repositories. +The Issues Detail report displays all known issues in all of your Projects that Snyk is monitoring. Use it to review and prioritize issues across all of your repositories. -Applying filters such as fixability, exploit maturity, asset class, and severity are a great way to focus on the most important issues that affect your Organization. +Apply filters such as fixability, exploit maturity, asset class, and severity to focus on the most important issues that affect your Organization. ## SLA Management -The SLA Management report allows you to stay on top of any SLAs your company is required to adhere to. The SLA time can be adjusted for each severity and then saved as a new view to monitor in the future. +The SLA Management report lets you stay on top of any SLAs your company must adhere to. You can adjust the SLA time for each severity and then save it as a new view to monitor in the future. ## Analytics [Analytics](https://app.gitbook.com/s/BJO0IZx7zB6bOkotxQP2/prevent/analytics) can be accessed at the Group or Organization level. This view breaks down the total issue count into baseline, preventable, and non-preventable issues. The most important thing to know is that: * Baseline issues are the issues identified during the first import of the repository. -* Preventable issues are known issues that could have been identified earlier on in the SDLC. In other words, the issue could have been caught by a Snyk PR check. -* Non-preventable issues are the result of an external factor, such as a new vulnerability being published or a new security rule being created, in contrast to developers not shifting left. for example, a new zero-day vulnerability is identified. +* Preventable issues are known issues that Snyk could have identified earlier in the SDLC. That is, a Snyk PR check could have caught the issue. +* Non-preventable issues are the result of an external factor, such as a new vulnerability being published or a new security rule being created, in contrast to developers not shifting left. For example, Snyk identifies a new zero-day vulnerability.
-This is a small taste of what reporting has to offer. Check out more of the Snyk reports, available at both the Organization and Group levels by clicking “Change Report”:\ +This is a small taste of what reporting has to offer. To see more of the Snyk reports, available at both the Organization and Group levels, click **Change Report**:\ ![](https://lh7-rt.googleusercontent.com/docsz/AD_4nXfS5UzFsGMM5_N5fK6iFLN16rFFfSmj3W9BXkmDnZOvvOBoUjCIQD6j1afOaN9PySsB-MI4TNLtKdgFbVk1OMe5u1uCYDSKv1pjhkaUSqhGspmGqOggsPx5XCK7IZGVv7QQmN5NqQ?key=i_CNrr-DvB8PGUAzq09BT3pc) {% hint style="info" %} diff --git a/discover-snyk/getting-started/pilot-guide/during-the-pilot/review-scan-coverage.md b/discover-snyk/getting-started/pilot-guide/during-the-pilot/review-scan-coverage.md index 993ed233a5c9..8bb2688a53f5 100644 --- a/discover-snyk/getting-started/pilot-guide/during-the-pilot/review-scan-coverage.md +++ b/discover-snyk/getting-started/pilot-guide/during-the-pilot/review-scan-coverage.md @@ -18,13 +18,13 @@ The **All Assets** page shows a complete list of all repositories, including the
-Click on the 'Not tested' section of the first pie chart on the overview page, or use coverage filters on the 'All Assets' page to view all repositories that the selected Snyk product has not tested. +Click the 'Not tested' section of the first pie chart on the overview page, or use coverage filters on the 'All Assets' page to view all repositories that the selected Snyk product has not tested.
-## Classifying Assets +## Classifying assets -The Class column is available for each repository. This class is meant to reflect the business criticality of the asset from A (most critical) to D (least critical). Try setting a few of your most important repos manually to Class A. This attribute can be used in reporting to help focus on issues from your company’s most important repositories. +The Class column is available for each repository. This class reflects the business criticality of the asset from A (most critical) to D (least critical). Try setting a few of your most important repos manually to Class A. You can use this attribute in reporting to help focus on issues from your company’s most important repositories. \\ @@ -34,7 +34,7 @@ In the following example, the policy filters on all repositories where there is
-The asset class is a great way to filter on the most critical repositories in your organization, and help take a risk-based approach to prioritization by accounting for business impact. The asset class can be used when reviewing scan coverage and in all available Snyk reports. +The asset class lets you filter on the most critical repositories in your organization and helps you take a risk-based approach to prioritization by accounting for business impact. You can use the asset class when reviewing scan coverage and in all available Snyk reports. {% hint style="info" %} Additional Resources diff --git a/discover-snyk/getting-started/pilot-guide/during-the-pilot/test-pr-checks.md b/discover-snyk/getting-started/pilot-guide/during-the-pilot/test-pr-checks.md index bf3405fe880d..b7e8d1aba726 100644 --- a/discover-snyk/getting-started/pilot-guide/during-the-pilot/test-pr-checks.md +++ b/discover-snyk/getting-started/pilot-guide/during-the-pilot/test-pr-checks.md @@ -25,7 +25,7 @@ Follow these steps to enable the PR Checks feature: ## Use PR Checks -After PR Checks are enabled, you will begin to see new PRs decorated with three additional Snyk checks: +After you enable PR Checks, you see new PRs decorated with three additional Snyk checks: * code/snyk: Snyk Code vulnerabilities * license/snyk: Open Source license issues @@ -33,13 +33,13 @@ After PR Checks are enabled, you will begin to see new PRs decorated with three
-Try introducing a vulnerability in the PR so that you can walk through a scenario where a check fails. From the PR, clicking on the details of any failed check presents the list of issues that have been introduced in the PR. +Try introducing a vulnerability in the PR so that you can walk through a scenario where a check fails. From the PR, click the details of any failed check to see the list of issues introduced in the PR. Click into the full details of the issue to better understand the vulnerability and get remediation advice. In the situation where you need to force the check to pass, either to get a hotfix out or if you accept the risk, you can click **Mark as successful in SCM**. This button is only available to Org Admins. For Org Collaborators, this option is grayed out. See the [User role management](https://app.gitbook.com/s/IgtgtomLQ2TUgSKOMSAm/user-management/user-role-management) page for more details.
-With ‌inline comments enabled, you will see comments added for each Snyk Code vulnerability identified. +With ‌inline comments enabled, you see comments added for each Snyk Code vulnerability identified.
diff --git a/discover-snyk/getting-started/snyk-2.0-platform-improvements.md b/discover-snyk/getting-started/snyk-2.0-platform-improvements.md index 98445f1bc3e2..25758c622374 100644 --- a/discover-snyk/getting-started/snyk-2.0-platform-improvements.md +++ b/discover-snyk/getting-started/snyk-2.0-platform-improvements.md @@ -2,7 +2,7 @@ ## What is Snyk 2.0? -Snyk 2.0 is a series of platform improvements rolling out gradually from April 2026 throughout the year to address navigation complexity, asset visibility, and triage inefficiency. As Snyk completes each component, users will gradually see Snyk platform interface updates. During the transition period, users can toggle between the new and classic interfaces. +Snyk 2.0 is a series of platform improvements rolling out gradually from April 2026 throughout the year to address navigation complexity, asset visibility, and triage inefficiency. As Snyk completes each component, you gradually see Snyk platform interface updates. During the transition period, you can toggle between the new and classic interfaces. | Improvement | Description | Availability | | ---------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------- | @@ -10,7 +10,7 @@ Snyk 2.0 is a series of platform improvements rolling out gradually from April 2 | Dark mode | Full dark mode across the platform. | In development | | Asset management | View all repositories, containers, configurations, and AI models in a single inventory. | In development | | Issue triage |

Snyk prioritizes issues based on exploitability, reachability, and business impact.

Use bulk actions to fix similar issues across Snyk Projects.

| In development | -| Day2Operations | Snyk 2.0 rduces operational friction between finding a vulnerability and acting on it, through grouped navigation, issue deduplication, and bulk triage actions. | In development | +| Day2Operations | Snyk 2.0 reduces operational friction between finding a vulnerability and acting on it, through grouped navigation, issue deduplication, and bulk triage actions. | In development | ## What is Snyk 2.0 trying to solve? diff --git a/discover-snyk/getting-started/snyk-release-process.md b/discover-snyk/getting-started/snyk-release-process.md index 1dc2c29f9b61..45d5f352a190 100644 --- a/discover-snyk/getting-started/snyk-release-process.md +++ b/discover-snyk/getting-started/snyk-release-process.md @@ -40,7 +40,7 @@ Brownouts occur when Snyk temporarily suspends an API endpoint or a feature, mak ### Deprecated features -Deprecated features are outdated and will be removed in the future. The documentation page will announce the transition of a feature to Deprecated six months before its start date. +Deprecated features are outdated and Snyk removes them in the future. The documentation page announces the transition of a feature to Deprecated six months before its start date. * Snyk Code Quality is deprecated. * Snyk Code Local Engine is deprecated. @@ -73,9 +73,9 @@ Deprecated features are outdated and will be removed in the future. The document ### End of support features -When a feature transitions to end-of-support, both development and support work are terminated. +When a feature transitions to end-of-support, Snyk terminates both development and support work. -The documentation page will announce the transition of a feature to End of Support six months before its start date. +The documentation page announces the transition of a feature to End of Support six months before its start date. ### End of Life features diff --git a/discover-snyk/implementation-and-setup/enterprise-implementation-guide/README.md b/discover-snyk/implementation-and-setup/enterprise-implementation-guide/README.md index 9111edba7b52..20acfa3cceaf 100644 --- a/discover-snyk/implementation-and-setup/enterprise-implementation-guide/README.md +++ b/discover-snyk/implementation-and-setup/enterprise-implementation-guide/README.md @@ -1,6 +1,6 @@ # Enterprise implementation guide -Rolling out a developer security platform across a large organization requires a consistent, repeatable approach to account configuration. In this guide, you will learn how to streamline your enterprise rollout in Snyk by creating a dedicated template Organization and altering settings for each individual Organization created from that original template. +Rolling out a developer security platform across a large organization requires a consistent, repeatable approach to account configuration. This guide shows you how to streamline your enterprise rollout in Snyk by creating a dedicated template Organization and altering settings for each individual Organization created from that original template. To have a successful Snyk rollout, you need to: @@ -18,7 +18,7 @@ To have a successful Snyk rollout, you need to: 6. [Initial team rollout](initial-team-rollout.md). 7. [Automate prevention measures](automate-prevention-measures.md). -By the end of this guide, you will have successfully configured a baseline template Org, used it to easily copy your global settings and integrations to provision new Organizations, and learned how to customize individual settings in those new environments to support specific team workflows. +By the end of this guide, you will have configured a baseline template Org, used it to copy your global settings and integrations to provision new Organizations, and learned how to customize individual settings in those new environments to support specific team workflows. {% hint style="info" %} To understand how AI is used at Snyk and how this may affect your implementation decisions, visit [AI Data and Governance](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/ELvljsaLKPkSpffOkmsQ/how-snyk-incorporates-generative-ai-into-the-platform). @@ -102,13 +102,13 @@ Depending on your tech stack and workflows, you can choose from three primary im * Snyk CLI for granular control within your CI/CD pipelines * Snyk API for large-scale programmatic automation -Once you import your Projects, you can apply specific tags and attributes to easily categorize, filter, and generate targeted reports across your entire portfolio. +After you import your Projects, you can apply specific tags and attributes to categorize, filter, and generate targeted reports across your entire portfolio. To learn more, visit [Gain visibility by importing repositories](phase-3-gain-visibility/). ## Initial team rollout -Successfully rolling out Snyk to your development team requires clear communication, targeted education, and seamless workflow integration. +Successfully rolling out Snyk to your development team requires clear communication, targeted education, and smooth workflow integration. Start by using customizable templates to announce the launch, tailoring your messaging and feature rollout to match your team's comfort level with security automation. diff --git a/discover-snyk/implementation-and-setup/enterprise-implementation-guide/automate-prevention-measures.md b/discover-snyk/implementation-and-setup/enterprise-implementation-guide/automate-prevention-measures.md index dee1ebe56ff8..6da7447833db 100644 --- a/discover-snyk/implementation-and-setup/enterprise-implementation-guide/automate-prevention-measures.md +++ b/discover-snyk/implementation-and-setup/enterprise-implementation-guide/automate-prevention-measures.md @@ -1,6 +1,6 @@ # Automate prevention measures -Once you have visibility into your existing security posture, implement prevention and gating systems to stop new vulnerabilities from entering your applications. By automating these checks, you empower developers to take responsibility for the security of their specific changes without manually triaging every issue. +After you have visibility into your existing security posture, implement prevention and gating systems to stop new vulnerabilities from entering your applications. By automating these checks, you empower developers to take responsibility for the security of their specific changes without manually triaging every issue. Implementing prevention measures involves the following key stages: @@ -19,13 +19,13 @@ Implementing prevention measures involves the following key stages: You can prevent new issues using two main functions: -* **PR/MR checks**: Available for Snyk Open Source and Snyk Code. These test code changes are immediately upon submission. +* **PR/MR checks**: Available for Snyk Open Source and Snyk Code. These test code changes immediately upon submission. * **CI/CD pipelines**: Integrate Snyk into your build pipeline to gate Open Source, Code, IaC, and Container vulnerabilities. ## Establish exception processes {% hint style="success" %} -**Key decision**: Define who can override security gates. Clear authority prevents development bottlenecks during urgent releases.: +**Key decision**: Define who can override security gates. Clear authority prevents development bottlenecks during urgent releases. {% endhint %} Ensure teams understand how to address blocked PRs or failed builds: @@ -52,7 +52,7 @@ PR checks prevent issues from entering the codebase. Adding Snyk to your pipeline acts as a gatekeeper: -* **No import is required**: Unlike PR checks, pipeline tests do not require repositories to be imported via SCM integration. +* **No import is required**: Unlike PR checks, pipeline tests do not require repositories to be imported through SCM integration. * **Use CLI tools**: Use `snyk-delta` to identify only the new vulnerabilities introduced in a specific build. ## Secure custom images and IaC diff --git a/discover-snyk/implementation-and-setup/enterprise-implementation-guide/configure-group-settings-and-policies/README.md b/discover-snyk/implementation-and-setup/enterprise-implementation-guide/configure-group-settings-and-policies/README.md index 110bf08c25ee..35dbee06ee25 100644 --- a/discover-snyk/implementation-and-setup/enterprise-implementation-guide/configure-group-settings-and-policies/README.md +++ b/discover-snyk/implementation-and-setup/enterprise-implementation-guide/configure-group-settings-and-policies/README.md @@ -1,6 +1,6 @@ # Configure Group settings and policies -This page is designed to help you plan your Snyk account structure and policies at Group-level to ensure efficient asset management, precise access control, and accurate reporting. +This page helps you plan your Snyk account structure and policies at Group level to ensure efficient asset management, precise access control, and accurate reporting. ## Confirm points of contact @@ -37,7 +37,7 @@ To identify priority applications, categorize them based on: * Define who can provision users and grant Snyk access to external platforms, such as Git repositories. {% endhint %} -Snyk uses a hierarchical structure to manage all assets and security policies. This section will help you map your business to the Snyk architecture. +Snyk uses a hierarchical structure to manage all assets and security policies. This section helps you map your business to the Snyk architecture. * **Understanding the hierarchy:** Learn the purpose of the Tenant, Group, Organization, and Project levels. * **Group structure:** Decide how many top-level Group accounts your company requires. @@ -46,7 +46,7 @@ To learn more, visit [Structure your account](structure-your-account.md). ## Authentication and access: set up SSO -Implement Single Sign-On (SSO) at the Group level before rolling Snyk out to your organization. While pilot teams often start with personal authentication, transitioning to SSO is required for broad adoption, consistent login access, and centralized control. +Implement Single Sign-On (SSO) at the Group level before rolling Snyk out to your organization. While pilot teams often start with personal authentication, you must transition to SSO for broad adoption, consistent login access, and centralized control. Choose a provisioning strategy that defines the user experience and access level for new users. @@ -88,7 +88,7 @@ To learn more, visit [Authentication and access.](authentication-and-access.md) * Decide how to automate the governance, tracking, and remediation workflows for your assets to ensure continuous security visibility and compliance {% endhint %} -Policies allow you to automate business context, compliance checks, and notification workflows. +Policies let you automate business context, compliance checks, and notification workflows. * **License policies:** Decide which specific license types to explicitly allow or disallow to match your specific legal and compliance requirements. * **License severity:** Understand and configure how Snyk assigns High or Medium severity to problematic commercial licenses. diff --git a/discover-snyk/implementation-and-setup/enterprise-implementation-guide/configure-group-settings-and-policies/authentication-and-access.md b/discover-snyk/implementation-and-setup/enterprise-implementation-guide/configure-group-settings-and-policies/authentication-and-access.md index 133e51cc1ee0..98cc1c668626 100644 --- a/discover-snyk/implementation-and-setup/enterprise-implementation-guide/configure-group-settings-and-policies/authentication-and-access.md +++ b/discover-snyk/implementation-and-setup/enterprise-implementation-guide/configure-group-settings-and-policies/authentication-and-access.md @@ -46,7 +46,7 @@ Custom mapping requires Snyk professional services. Contact your account team fo **Key decision**: Determine if you need to pre-allocate users to specific Organizations and roles before their first login to prevent broad default access. {% endhint %} -If you need to define specific permissions before users first log in, use the Snyk API. This allows you to: +If you need to define specific permissions before users first log in, use the Snyk API. This lets you: * Assign a specific role to each user. * Grant access to specific Organizations automatically. @@ -70,7 +70,7 @@ The Tenant is the highest level of the Snyk hierarchy, and it encompasses all Gr * **Tenant Admin:** Can manage users across the entire Tenant, assign roles, and remove members. * **Tenant Viewer:** Provides read-only access to Tenant-level features like Snyk Analytics. -* **Tenant Member**: Allows access to the Tenant level but requires specific Group or Organization permissions to take action. +* **Tenant Member**: Provides access to the Tenant level but requires specific Group or Organization permissions to take action. {% hint style="info" %} Features like Snyk Analytics are available only on Enterprise plans. You can switch between Tenants by selecting the Tenant name in the navigation menu. @@ -89,7 +89,7 @@ Pre-defined roles at these levels have fixed permissions that cannot be modified **Group-level roles** * **Group Admin**: Provides full permissions at the Group and Organization levels. Assign this role to Snyk administrators. -* **Group Member**: Allows access to the Group but requires specific Organization-level permissions to interact with Projects. +* **Group Member**: Provides access to the Group but requires specific Organization-level permissions to interact with Projects. * **Group Viewer**: Provides read-only access to the Group level. Use this to audit Group settings without making changes. {% endstep %} {% endstepper %} diff --git a/discover-snyk/implementation-and-setup/enterprise-implementation-guide/configure-group-settings-and-policies/define-policies.md b/discover-snyk/implementation-and-setup/enterprise-implementation-guide/configure-group-settings-and-policies/define-policies.md index 0bfd5e4a5ec4..4ebbc416d54a 100644 --- a/discover-snyk/implementation-and-setup/enterprise-implementation-guide/configure-group-settings-and-policies/define-policies.md +++ b/discover-snyk/implementation-and-setup/enterprise-implementation-guide/configure-group-settings-and-policies/define-policies.md @@ -1,6 +1,6 @@ # Define policies -Policies define how Snyk behaves when identifying issues. Policies give you a quick and automated way to identify, prioritize, and triage issues. This saves valuable development time and allows developers to take more responsibility and ownership for security, reducing the “noise” level. +Policies define how Snyk behaves when identifying issues. Policies give you an automated way to identify, prioritize, and triage issues. This saves development time and lets developers take more responsibility and ownership for security, reducing the “noise” level. ## Security policies @@ -8,10 +8,10 @@ Policies define how Snyk behaves when identifying issues. Policies give you a qu **Key decision:** Decide which conditions automatically increase or decrease the priority or severity of an issue to match your risk appetite, and which specific issues or types of issues are automatically ignored to reduce "noise" and save development time. {% endhint %} -Group administrators can define security policies, thus providing an automated way to identify certain issues or types of issues, and apply actions like changing the severity or ignoring the issue based on your conditions. +Group administrators can define security policies, providing an automated way to identify certain issues or types of issues, and apply actions like changing the severity or ignoring the issue based on your conditions. * Configure policies to increase priority or decrease it as needed. -* Create ignores where needed +* Create ignores where needed. ## License policies @@ -24,14 +24,14 @@ Group administrators can set license policies to define Snyk behavior for treati By default, Snyk determines the severity of licenses as follows: * **High severity**: licenses that definitely present issues for commercial software. -* **Medium severity**: licenses that have clauses that may be of concern and should be reviewed. +* **Medium severity**: licenses that have clauses that may be of concern and that you should review. Configure policies to match your requirements. ## Asset policies {% hint style="success" %} -**Key decision:** Decide how to automate the governance, tracking, and remediation workflows for your assets to ensure continuous security visibility and compliance +**Key decision:** Decide how to automate the governance, tracking, and remediation workflows for your assets to ensure continuous security visibility and compliance. {% endhint %} Asset policies in Snyk Essentials automate business context and notification workflows. Use policies to identify coverage gaps and manage assets at scale. @@ -42,7 +42,7 @@ Asset policies in Snyk Essentials automate business context and notification wor A policy consists of the following elements: -* Filters: Define criteria (for example tags or asset names) to group specific assets. +* Filters: Define criteria (for example, tags or asset names) to group specific assets. * Actions: Define what happens to filtered assets, for example, assigning a classification or sending a Slack notification. ### Key filter types diff --git a/discover-snyk/implementation-and-setup/enterprise-implementation-guide/create-a-template-organization/README.md b/discover-snyk/implementation-and-setup/enterprise-implementation-guide/create-a-template-organization/README.md index 08cda11c3cb8..34f1f8a16af3 100644 --- a/discover-snyk/implementation-and-setup/enterprise-implementation-guide/create-a-template-organization/README.md +++ b/discover-snyk/implementation-and-setup/enterprise-implementation-guide/create-a-template-organization/README.md @@ -1,6 +1,6 @@ # Create a template Organization -This guide section is designed to help you plan your Snyk account structure at the Organization-level to ensure efficient asset management, precise access control, and accurate reporting. This Organization will be the template you copy to create additional Organizations from which have standards settings for all your Orgs. +This guide section helps you plan your Snyk account structure at the Organization level to ensure efficient asset management, precise access control, and accurate reporting. This Organization is the template you copy to create additional Organizations that have standard settings for all your Orgs. {% embed url="https://res.cloudinary.com/snyk/video/upload/v1775661970/4._Creating_your_Template_Organization_vf1x0b.mp4" %} Create a template Organization video guide @@ -17,7 +17,7 @@ Below is an outline of the key topics and decisions covered in this guide. * Define who can provision users and grant Snyk access to external platforms, such as Git repositories. {% endhint %} -Snyk uses a hierarchical structure to manage all assets and security policies. This section will help you map your business to the Snyk architecture. +Snyk uses a hierarchical structure to manage all assets and security policies. This section helps you map your business to the Snyk architecture. * **Organization structure:** Determine if your Organization structure should be team-based, product-based, or SCM organization-based to best support your policy and access needs. @@ -47,9 +47,9 @@ To learn more, visit [Authentication and access](authentication-and-access.md). * **Architecture and connectivity:** Select your primary SCM platform and identify where your production container registries (for example, Docker Hub, Amazon ECR) reside. Determine if you need to deploy Snyk Broker (using Docker or Kubernetes) to securely bypass firewalls, segment network traffic, or if you require custom proxy/CA configurations. * **Authentication and access management:** Commit to using dedicated, least-privilege service accounts rather than personal tokens (OAuth/PAT) to guarantee stable connections. Decide whether to use broad, centralized Group-level credentials for global asset discovery or require unique tokens at the Organization level. Verify you have the correct administrative roles to manage this inventory. -* **Developer workflow & remediation:** Define your PR check behaviors and automated fix strategies to match specific team workflows. Establish a monitoring frequency that provides adequate security visibility without overwhelming your developers' capacity to remediate. -* **Snyk Code enablement:** Decide whether to roll out Snyk Code globally or phase it in for high-priority teams. It's crucial to enable Snyk Code before importing your first Projects. If managing at a massive scale, plan to use the Snyk API rather than the UI for this step. +* **Developer workflow and remediation:** Define your PR check behaviors and automated fix strategies to match specific team workflows. Establish a monitoring frequency that provides adequate security visibility without overwhelming your developers' capacity to remediate. +* **Snyk Code enablement:** Decide whether to roll out Snyk Code globally or phase it in for high-priority teams. Enable Snyk Code before importing your first Projects. If managing at a massive scale, plan to use the Snyk API rather than the UI for this step. * **Project import strategy:** Choose the import method that provides the best dependency resolution for your specific programming languages to ensure accurate scanning. {% endhint %} -By configuring your core tools, source control integrations, and default security behaviors now, you establish a standardized baseline that can be easily cloned: either manually or using the API, across your entire business. +By configuring your core tools, source control integrations, and default security behaviors now, you establish a standardized baseline that you can clone, either manually or using the API, across your entire business. diff --git a/discover-snyk/implementation-and-setup/enterprise-implementation-guide/create-a-template-organization/authentication-and-access.md b/discover-snyk/implementation-and-setup/enterprise-implementation-guide/create-a-template-organization/authentication-and-access.md index af066be92002..b63f98466dba 100644 --- a/discover-snyk/implementation-and-setup/enterprise-implementation-guide/create-a-template-organization/authentication-and-access.md +++ b/discover-snyk/implementation-and-setup/enterprise-implementation-guide/create-a-template-organization/authentication-and-access.md @@ -12,7 +12,7 @@ Determine if Snyk pre-defined roles meet your requirements or if you must create Pre-defined roles at these levels have fixed permissions that cannot be modified. -* **Organization Admin**: Allows users to add or delete Projects, override Snyk checks, and provision users. Assign this role to Team Leads. +* **Organization Admin**: Lets users add or delete Projects, override Snyk checks, and provision users. Assign this role to Team Leads. * **Organization Collaborator**: Grants standard developer access. Use this for small teams or a developer-first rollout. ## Align roles with your Organization structure diff --git a/discover-snyk/implementation-and-setup/enterprise-implementation-guide/create-a-template-organization/connect-your-development-tools.md b/discover-snyk/implementation-and-setup/enterprise-implementation-guide/create-a-template-organization/connect-your-development-tools.md index 9f76ee15e69d..24c254fff670 100644 --- a/discover-snyk/implementation-and-setup/enterprise-implementation-guide/create-a-template-organization/connect-your-development-tools.md +++ b/discover-snyk/implementation-and-setup/enterprise-implementation-guide/create-a-template-organization/connect-your-development-tools.md @@ -1,8 +1,8 @@ # Connect your development tools -To roll out Snyk efficiently at scale, your first major milestone is configuring a Template Organization. Rather than setting up every new team from scratch, this template acts as your master blueprint. By configuring your core tools, source control integrations, and default security behaviors here first, you establish a standardized baseline that can be easily cloned, either manually or using the API, across your entire business. +To roll out Snyk efficiently at scale, your first major milestone is configuring a Template Organization. Rather than setting up every new team from scratch, this template acts as your master blueprint. By configuring your core tools, source control integrations, and default security behaviors here first, you establish a standardized baseline that you can clone, either manually or using the API, across your entire business. -As you work through this page, you will: +As you work through this page, you complete these tasks: 1. [Configure SCM integrations for Groups.](connect-your-development-tools.md#configure-scm-integrations-for-groups) 2. [Configure SCM integrations for Organizations.](connect-your-development-tools.md#configure-scm-integrations-for-organizations) @@ -26,7 +26,7 @@ The following table outlines the difference between these two implementation lev ### Configure SCM integrations for Groups -Configure your Source Control Manager (SCM) at the Group level to centralize authentication. This allows Snyk to access your repositories across multiple Organizations without requiring individual configuration for each one. +Configure your Source Control Manager (SCM) at the Group level to centralize authentication. This lets Snyk access your repositories across multiple Organizations without requiring individual configuration for each one. {% embed url="https://res.cloudinary.com/snyk/video/upload/v1775661962/3._Group-Level_Repository_Discovery_jvicn7.mp4" %} Group level repository discovery video guide @@ -69,7 +69,7 @@ Your integration approach should match the structure you selected during the pla * **SCM organization-based structure**: If you have 10+ SCM organizations and are using the `snyk-api-import` tool, ensure your Group-level integration has the scope to access all relevant repositories. * **Team-based structure**: Use Group-level authentication to ensure consistency across different developer teams while maintaining isolated Organizations. -* **Product-based structure**: Centralizing at the Group level allows developers to seamlessly access Projects across multiple product Organizations. +* **Product-based structure**: Centralizing at the Group level lets developers access Projects across multiple product Organizations. | Structure type | Integration strategy | | ----------------- | --------------------------------------------------------------------------- | @@ -95,7 +95,7 @@ If you are using multiple SCMs, Snyk recommends using separate Organizations for **Key decision:** Determine if this specific Organization requires a unique access token or a different service account than the one used at the Group level. {% endhint %} -Unlike Group-level setup, Organization-level integrations allow you to: +Unlike Group-level setup, Organization-level integrations let you: * **Isolate access:** Use a unique Personal Access Token (PAT) or OAuth connection that only has access to a specific team's repositories. * **Override Group defaults:** If a specific business unit uses a different SCM instance (for example, a separate GitHub Org or GitLab Group), you can configure it here without affecting the rest of the company. @@ -113,7 +113,7 @@ Set up your Org-level integrations by navigating to your Organization **Integrat When configuring at the Organization level, consider: * **Token segmentation:** You can assign a unique Broker token to an Organization. This is useful if different teams operate in different VPCs or data centers. -* **Granular troubleshooting:** Dedicated tokens allow you to monitor and troubleshoot connectivity issues for a specific team without impacting the entire Group. +* **Granular troubleshooting:** Dedicated tokens let you monitor and troubleshoot connectivity issues for a specific team without impacting the entire Group. {% hint style="info" %} If you are using Azure Repos, Snyk recommends using Universal Broker to avoid Azure limitations on organization mapping. @@ -136,7 +136,7 @@ While the Group integration provides the connection, the Organization level is w | ------------------- | ---------------------------------------------------------------------- | | Access control | Limits repository visibility to only the members of that Organization. | | Snyk Broker mapping | Maps specific SCM instances to specific internal network segments. | -| Customized rollout | Allows for different "prevention" settings (PR checks) per team. | +| Customized rollout | Allows different "prevention" settings (PR checks) per team. | {% endstep %} {% endstepper %} @@ -180,7 +180,7 @@ For Amazon ECR, Snyk recommends using Cross-Account Role authentication for enha **Key decision:** Decide on a monitoring frequency that balances security visibility with your team's remediation capacity. {% endhint %} -Once integrated, Snyk allows you to manage how often images are re-tested: +After integration, Snyk lets you manage how often images are re-tested: * **Continuous monitoring**: Snyk automatically rescans imported images daily to detect new vulnerabilities. * **Avoid duplication**: If you already scan images in your CI/CD pipeline using the Snyk CLI, decide if you also need registry-level monitoring. Registry integration provides a last line of defense for images currently in storage. @@ -199,9 +199,9 @@ As with SCM integrations, ensure email notifications are disabled at the Organiz Snyk strongly recommends integrating your container registry if your organization fits any of the following profiles: -* **Empowering AppSec autonomy**: This solution enables Application Security (AppSec) teams to manage and scan container images independently. It allows security teams to maintain oversight without bottlenecking developers or requiring them to change existing workflows. +* **Empowering AppSec autonomy**: This solution lets Application Security (AppSec) teams manage and scan container images independently. It lets security teams maintain oversight without bottlenecking developers or requiring them to change existing workflows. * **Scanning legacy and offline images:** If you have a large number of older images or multiple legacy tags that no longer have an active build pipeline, registry integration is the most efficient way to ensure they are still scanned for vulnerabilities. -* **Small-scale repositories:** Direct integration and UI management work best for smaller volumes of images (under 1,000). A smaller inventory makes the import process seamless and keeps the user interface fast and responsive. +* **Small-scale repositories:** Direct integration and UI management work best for smaller volumes of images (under 1,000). A smaller inventory simplifies the import process and keeps the user interface responsive. * **Limited developer bandwidth:** If your development team lacks the availability to update build pipelines or integrate new security tools into their current processes, direct registry scanning provides a frictionless alternative. ### Use cases for CI/CD or CLI @@ -251,7 +251,7 @@ This configuration is specific to asset management and is separate from the Orga **Key decision**: Choose which metadata (tags) and application structures are most critical for your risk assessment and reporting. {% endhint %} -Once assets are imported, use the following features to organize your inventory: +After you import assets, use the following features to organize your inventory: * **Automatic tags**: Snyk automatically adds tags for detected technologies (for example, Python, Terraform). @@ -303,7 +303,7 @@ Before installation, verify your environment: 1. Install the setup CLI tool: `npm install -g snyk-broker-config` 2. Start the interactive creation workflow: `snyk-broker-config workflows connections create` 3. Follow the on-screen prompts to input your Snyk Token, Tenant or Org ID, and select the specific integration type you want to connect (for example, GitHub Enterprise, GitLab, or Artifactory). -4. The CLI will generate your `DEPLOYMENT_ID`, `CLIENT_ID`, and `CLIENT_SECRET`. It will also prompt you to create a credential reference name (for example, `MY_GITHUB_TOKEN`) that maps to your actual secret. Keep these values secure for the next step. +4. The CLI generates your `DEPLOYMENT_ID`, `CLIENT_ID`, and `CLIENT_SECRET`. It also prompts you to create a credential reference name (for example, `MY_GITHUB_TOKEN`) that maps to your actual secret. Keep these values secure for the next step. {% hint style="info" %} If you are setting up Snyk Essentials for asset management with over 1,000 repositories, Snyk recommends a dedicated Broker and Organization. diff --git a/discover-snyk/implementation-and-setup/enterprise-implementation-guide/create-a-template-organization/structure-your-account.md b/discover-snyk/implementation-and-setup/enterprise-implementation-guide/create-a-template-organization/structure-your-account.md index bc4ef05b4ebd..74cc5965dad5 100644 --- a/discover-snyk/implementation-and-setup/enterprise-implementation-guide/create-a-template-organization/structure-your-account.md +++ b/discover-snyk/implementation-and-setup/enterprise-implementation-guide/create-a-template-organization/structure-your-account.md @@ -12,4 +12,4 @@ Snyk Organizations (Orgs) are the primary level for managing Projects and user a | -------------------------- | --------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------- | | **Team-based** | Linked to a specific developer or security team. | Strict security ownership and reporting by team. | Multiple teams need access to the exact same set of projects (leads to complexity). | | **Product-based** | Set up for distinct applications or product lines (for example, product a front-end, product a back-end). | Product-centric reporting and access control. | You have hundreds of small, unrelated products. | -| **SCM Organization-based** | Mimics your SCM hosting platform structure (for example Github orgs, Gitlab groups). | Automated onboarding using the Snyk API, when you have more than 10 SCM-related integrations. | Your SCM organization names are not intuitive or don't align with business units. | +| **SCM Organization-based** | Mimics your SCM hosting platform structure (for example, GitHub orgs, GitLab groups). | Automated onboarding using the Snyk API, when you have more than 10 SCM-related integrations. | Your SCM organization names are not intuitive or don't align with business units. | diff --git a/discover-snyk/implementation-and-setup/enterprise-implementation-guide/create-your-snyk-structure.md b/discover-snyk/implementation-and-setup/enterprise-implementation-guide/create-your-snyk-structure.md index 6f11dabdfee6..431ffbc2c254 100644 --- a/discover-snyk/implementation-and-setup/enterprise-implementation-guide/create-your-snyk-structure.md +++ b/discover-snyk/implementation-and-setup/enterprise-implementation-guide/create-your-snyk-structure.md @@ -27,7 +27,7 @@ Use the following table to understand which configurations transfer to the new O | ------------------------------------------------------ | --------------------------------------------------- | | All integrations and settings | Members and Service Accounts | | SCM and Container settings | Existing Projects | -| Notification integrations (for example Slack, or Jira) | Custom policies and ignore settings | +| Notification integrations (for example, Slack or Jira) | Custom policies and ignore settings | | PaaS and serverless integrations | Infrastructure as Code (IaC) and Snyk Code settings | ## Configure scan and notification behavior diff --git a/discover-snyk/implementation-and-setup/enterprise-implementation-guide/initial-team-rollout.md b/discover-snyk/implementation-and-setup/enterprise-implementation-guide/initial-team-rollout.md index 670700af9d11..071729d39fd5 100644 --- a/discover-snyk/implementation-and-setup/enterprise-implementation-guide/initial-team-rollout.md +++ b/discover-snyk/implementation-and-setup/enterprise-implementation-guide/initial-team-rollout.md @@ -18,7 +18,7 @@ Follow these steps to roll out Snyk to your teams: Managing notifications ensures that developers only see high-priority issues that require action. * Instruct administrators to manually enable the critical alerts through their personal settings if they need to monitor progress. -* Once the environment is stable, enable notifications in bulk for **High** and **Critical** severities only. +* After the environment is stable, enable notifications in bulk for **High** and **Critical** severities only. * Disable all email notifications for new Organizations. Navigate to **Group** > **Settings** to view the notification defaults overview. @@ -58,7 +58,7 @@ Use these templates to introduce Snyk. Replace the bracketed text with your spec **Key decision**: Evaluate the maturity of your AppSec program. For new programs, introduce plugins as a tool to validate fixes for prioritized issues. For mature programs, provide immediate access to prevent new issues from entering the codebase. {% endhint %} -Snyk IDE plugins allow developers to find and fix vulnerabilities before they reach the CI/CD pipeline. This shift-left approach reduces the time spent on security reviews. +Snyk IDE plugins let developers find and fix vulnerabilities before they reach the CI/CD pipeline. This shift-left approach reduces the time spent on security reviews. 1. Identify the primary IDEs used by your teams (VS Code, JetBrains, Visual Studio, or Eclipse). 2. Provide installation guides for the relevant Snyk IDE extension. diff --git a/discover-snyk/implementation-and-setup/enterprise-implementation-guide/manage-and-remediate-issues.md b/discover-snyk/implementation-and-setup/enterprise-implementation-guide/manage-and-remediate-issues.md index da4021a7341d..5f173e2b0071 100644 --- a/discover-snyk/implementation-and-setup/enterprise-implementation-guide/manage-and-remediate-issues.md +++ b/discover-snyk/implementation-and-setup/enterprise-implementation-guide/manage-and-remediate-issues.md @@ -1,6 +1,6 @@ # Manage and remediate issues -After establishing visibility and prevention measures, focus on managing your existing vulnerability backlog. This stage involves defining a fix strategy, prioritizing issues based on risk, and operationalizing the remediation process in your development teams. Effective management ensures that your security posture improves over time rather than just maintaining the status quo. +After establishing visibility and prevention measures, focus on managing your existing vulnerability backlog. This stage involves defining a fix strategy, prioritizing issues based on risk, and operationalizing the remediation process in your development teams. Effective management ensures that your security posture improves over time rather than maintaining the status quo. To manage and remediate issues, follow these stages: @@ -30,7 +30,7 @@ Key decision: Choose a primary metric for triage. Use **Priority Score** (900+) Use Snyk filters iteratively to build your plan: * **Risk and priority scores**: Start with scores of 900–1000 and work downward. -* **Severity**: filter for **Critical** and **High** issues. +* **Severity**: Filter for **Critical** and **High** issues. {% hint style="info" %} For Snyk Open Source, prioritize critical issues with a **Fixable** filter to identify quick wins. @@ -51,7 +51,7 @@ Operationalize the fix process using: * **Ignore policy**: Use the **Ignore** feature for issues that cannot be fixed immediately due to environmental context or breaking changes. {% hint style="info" %} -Ensure to always include a detailed reason and always set an expiration date (monthly or quarterly) for review. +Always include a detailed reason and set an expiration date (monthly or quarterly) for review. {% endhint %} * **Permissions**: Restrict ignore permissions to Organization admins in the general settings to maintain oversight. diff --git a/discover-snyk/implementation-and-setup/enterprise-implementation-guide/phase-3-gain-visibility/README.md b/discover-snyk/implementation-and-setup/enterprise-implementation-guide/phase-3-gain-visibility/README.md index ca41b4f9989a..9dee76ee7043 100644 --- a/discover-snyk/implementation-and-setup/enterprise-implementation-guide/phase-3-gain-visibility/README.md +++ b/discover-snyk/implementation-and-setup/enterprise-implementation-guide/phase-3-gain-visibility/README.md @@ -1,6 +1,6 @@ # Gain visibility by importing repositories -Gaining visibility over your Organization security begins with importing Projects. This process allows Snyk to monitor your code, dependencies, containers, and infrastructure. +Gaining visibility over your Organization security begins with importing Projects. This process lets Snyk monitor your code, dependencies, containers, and infrastructure. There are several ways you can import Projects, depending on your tech stack and package managers: @@ -63,11 +63,11 @@ Use the API to trigger scans and handle results programmatically across a large ## Add Projects tags and attributes -After importing Projects, use Project attributes and tags to categorize your data. This metadata allows you to filter and report on specific subsets of your Organization. +After importing Projects, use Project attributes and tags to categorize your data. This metadata lets you filter and report on specific subsets of your Organization. For example, apply the `frontend` attribute and a `Team:Unicorn` tag to your Projects. You can then generate a report specifically for critical frontend vulnerabilities in production owned by Team Unicorn. -Attributes and tags also allow you to: +Attributes and tags also let you: * Group related Projects for easier management. * Customize how you view and access Project data. diff --git a/discover-snyk/implementation-and-setup/enterprise-implementation-guide/trial-limitations.md b/discover-snyk/implementation-and-setup/enterprise-implementation-guide/trial-limitations.md index 2f7419a5fd8b..4d71d6a2d176 100644 --- a/discover-snyk/implementation-and-setup/enterprise-implementation-guide/trial-limitations.md +++ b/discover-snyk/implementation-and-setup/enterprise-implementation-guide/trial-limitations.md @@ -1,12 +1,12 @@ # Trial limitations -You can try out Snyk functionalities in several ways: +You can try out Snyk functionality in several ways: * Using the limited Free plan * Using a self-serve 14-day trial -* By piloting the full product with the Enterprise plan +* Piloting the full product with the Enterprise plan -The Snyk 14-day trial offers a sample of the features available in the paid Enterprise plan. However, certain features will have limited functionality or be entirely unavailable in order to provide a seamless experience when the trial concludes. +The Snyk 14-day trial offers a sample of the features available in the paid Enterprise plan. However, certain features have limited functionality or are entirely unavailable to provide a smooth experience when the trial concludes. {% hint style="info" %} After implementing Snyk Essentials, you must access the Inventory page to ensure it is populated with all the necessary information. Depending on the number of repositories you have imported, the update may take up to several hours. diff --git a/discover-snyk/implementation-and-setup/enterprise-setup/auto-provisioning-guide.md b/discover-snyk/implementation-and-setup/enterprise-setup/auto-provisioning-guide.md index 9e3a03b03a85..bdfaef429390 100644 --- a/discover-snyk/implementation-and-setup/enterprise-setup/auto-provisioning-guide.md +++ b/discover-snyk/implementation-and-setup/enterprise-setup/auto-provisioning-guide.md @@ -32,26 +32,26 @@ This email contains two links: 2. **Create and activate a new account** - To be used if you're entirely new to Snyk or want to start from scratch with a different user. {% hint style="warning" %} -Once provisioning is complete, these links will become invalid and you will see an "Access denied" error page. +After provisioning is complete, these links become invalid and you see an "Access denied" error page. -If you have not completed provisioning but still see this error, make sure someone else in your organization has not already completed the flow themselves, in case the welcome email has more recipients. +If you have not completed provisioning but still see this error, ensure someone else in your organization has not already completed the flow themselves, in case the welcome email has more recipients. {% endhint %} ## Sign up - start from scratch -Clicking the sign-up link in your welcome email will take you to the sign-up page in the provisioning app. +Clicking the sign-up link in your welcome email takes you to the sign-up page in the provisioning app. {% hint style="warning" %} -The provisioning app is only accessible through a unique link, all other access is disabled and will show an error page. +The provisioning app is only accessible through a unique link. All other access is disabled and shows an error page. {% endhint %}
Sign up page on provision.snyk.io

Sign up page on provision.snyk.io

### Step 1: Enter the company name -The company name you enter here will be used to create the [Tenant](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/snyk-hierarchy/tenant), the top-level instance you'll see in the Snyk Platform. It is a required field and has 60-character limit. +The company name you enter here creates the [Tenant](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/snyk-hierarchy/tenant), the top-level instance you'll see in the Snyk Platform. It is a required field and has a 60-character limit. -Provisioning will also create a [Group](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/snyk-hierarchy/groups) and a default [Organization](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/snyk-hierarchy/organizations) using the same name. +Provisioning also creates a [Group](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/snyk-hierarchy/groups) and a default [Organization](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/snyk-hierarchy/organizations) using the same name. ### Step 2: Choose where to host the account @@ -65,10 +65,10 @@ Provisioning is enabled for these [three regions](https://app.gitbook.com/o/-M4t * :flag\_eu: **Europe**: SNYK-EU-01 * :flag\_au: **Australia**: SNYK-AU-01 -In the case of [multiple instances](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/ELvljsaLKPkSpffOkmsQ/regional-hosting-and-data-residency#regional-multi-and-single-tenant-hosting) being available in a chosen region (United States), Snyk reserves the right to chose the specific instance where your account will be created. For more information see [Regional Hosting and data residency](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/ELvljsaLKPkSpffOkmsQ/regional-hosting-and-data-residency). +In the case of [multiple instances](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/ELvljsaLKPkSpffOkmsQ/regional-hosting-and-data-residency#regional-multi-and-single-tenant-hosting) being available in a chosen region (United States), Snyk reserves the right to choose the specific instance where Snyk creates your account. For more information see [Regional Hosting and data residency](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/ELvljsaLKPkSpffOkmsQ/regional-hosting-and-data-residency). {% hint style="warning" %} -Automated provisioning is only possible for multi-tenant environments. For single-tenant availability (Snyk Private Cloud), reach out to your account team in advance of provisioning. +Automated provisioning is only possible for multi-tenant environments. For single-tenant availability (Snyk Private Cloud), reach out to your account team before provisioning. {% endhint %} ### Step 3: Select an authentication method @@ -88,7 +88,7 @@ The available authentication methods are either Single sign-on (SSO) or Third-pa | :flag\_eu: Europe | :heavy\_check\_mark: | :heavy\_multiplication\_x: | | :flag\_au: Australia | :heavy\_check\_mark: | :heavy\_multiplication\_x: | -Snyk recommends selecting SSO since it is best supported across all environments. Selecting this option will then prompt you to enter a valid, work-issued email address, used to create an initial Snyk Admin user. No extra configuration for SSO is required at this point. +Snyk recommends selecting SSO since it is best supported across all environments. Selecting this option then prompts you to enter a valid, work-issued email address, used to create an initial Snyk Admin user. No extra configuration for SSO is required at this point.
Email address input

Email address input

@@ -96,32 +96,32 @@ Snyk recommends selecting SSO since it is best supported across all environments As a final step, you must confirm the details entered are correct. -* If you have selected SSO as the authentication method, clicking "Sign up" will then show a loading page while Snyk does the background work. -* If you have selected Third-party authentication, clicking "Continue to sign up options" will redirect you to the Snyk Login page where you can choose your identity provider (Github, Google, and so on.). Once you have completed signing up you will be redirected back to the provisioning application where the loading page will indicate in-progress background work. +* If you have selected SSO as the authentication method, clicking "Sign up" then shows a loading page while Snyk does the background work. +* If you have selected Third-party authentication, clicking "Continue to sign up options" redirects you to the Snyk Login page where you can choose your identity provider (GitHub, Google, and so on). After you complete signing up, Snyk redirects you back to the provisioning application, where the loading page indicates in-progress background work. Snyk advises you to not close the page, otherwise you risk not seeing the process complete successfully. ### Step 5: Access the Snyk platform -If you have selected SSO as the authentication method, once plan activation is done, you will see a success message and a verification button. Snyk also sends an email to indicate a successful provisioning containing the same login verification link. This link does not expire and it can be used for multiple authentications if needed.\ +If you have selected SSO as the authentication method, after plan activation is done, you see a success message and a verification button. Snyk also sends an email to indicate a successful provisioning containing the same login verification link. This link does not expire and you can use it for multiple authentications if needed.\ \ -Once clicked, a login code will be sent to the email address previously entered. This is known as a Passwordless Login. Enter the code where prompted and you are ready to start using Snyk! +After you click it, Snyk sends a login code to the email address you previously entered. This is known as a Passwordless Login. Enter the code where prompted and you are ready to start using Snyk.
Successful provisioning for SSO

Successful provisioning for SSO

-If you have selected **Third-party authentication**, once plan activation is done you are all set! You can click "Continue to your account" and start using the platform. +If you have selected **Third-party authentication**, after plan activation is done you are all set. You can click "Continue to your account" and start using the platform. {% hint style="info" %} -Your plan might not have all the features enabled if your contract's start date is in the future. You will gain full access to all features when the start date is met. +Your plan might not have all the features enabled if your contract's start date is in the future. You gain full access to all features when the start date is met. {% endhint %} ## Logging in - provision using an existing user account -Clicking the sign-up link in your welcome email will take you to the log in page in the provisioning app. +Clicking the sign-up link in your welcome email takes you to the log in page in the provisioning app. ### Step 1: Logging in -If you have a user account connected through a third-party provider, you will need to use SNYK-US-01 +If you have a user account connected through a third-party provider, you must use SNYK-US-01 You can find the links for all the regions in the [Login and Web UI URLs section](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/ELvljsaLKPkSpffOkmsQ/regional-hosting-and-data-residency#login-and-web-ui-urls). @@ -140,17 +140,17 @@ If you already have a Snyk User, you can choose how you activate your Enterprise ### **Step 3: Access the Snyk platform** -This step is the same as [#step-5-access-the-snyk-platform](auto-provisioning-guide.md#step-5-access-the-snyk-platform "mention") when signing up. Once the process is done you can "Continue to your account" and begin using Snyk. +This step is the same as [#step-5-access-the-snyk-platform](auto-provisioning-guide.md#step-5-access-the-snyk-platform "mention") when signing up. After the process is done you can "Continue to your account" and begin using Snyk. {% hint style="info" %} -Your plan might not have all the features enabled if your contract's start date is in the future. You will gain full access to all features when the start date is met. +Your plan might not have all the features enabled if your contract's start date is in the future. You gain full access to all features when the start date is met. {% endhint %} ## Error types and solutions ### Validation errors -When creating a new Tenant or User Snyk checks for duplicates and surfaces any issues. +When creating a new Tenant or User, Snyk checks for duplicates and surfaces any issues. * **The business name provided is already in use.** - Use a different name or reach out to your account executive if you want to link your plan to that existing Tenant but you are not a member of it. diff --git a/discover-snyk/implementation-and-setup/implement-snyk.md b/discover-snyk/implementation-and-setup/implement-snyk.md index 6a9e7fc88e7a..4f0e5c389c63 100644 --- a/discover-snyk/implementation-and-setup/implement-snyk.md +++ b/discover-snyk/implementation-and-setup/implement-snyk.md @@ -5,8 +5,8 @@ Implementing a developer security tool like Snyk is critical to ensuring the sec Here is a brief overview of the process: 1. **Assessment**: Evaluate your current security practices and identify areas for improvement. -2. **Planning**: use the provided Project plans to outline your goals, timelines, and necessary resources. -3. **Configuration**: Follow configuration guidance to tailor the security platform to your needs, ensuring it integrates seamlessly with your existing tools and workflows. +2. **Planning**: Use the provided Project plans to outline your goals, timelines, and necessary resources. +3. **Configuration**: Follow configuration guidance to tailor the security platform to your needs, ensuring it integrates with your existing tools and workflows. 4. **Rollout**: Implement the platform across your development teams, following the specific guidance for small teams or enterprise environments. 5. **Training**: Educate your developers on the importance of security and how to use the platform effectively. 6. **Monitoring and iteration**: Continuously monitor the health and performance of your applications and make adjustments as needed to maintain optimal security. diff --git a/discover-snyk/implementation-and-setup/team-implementation-guide/README.md b/discover-snyk/implementation-and-setup/team-implementation-guide/README.md index b7eea6f097b0..d154cfec2146 100644 --- a/discover-snyk/implementation-and-setup/team-implementation-guide/README.md +++ b/discover-snyk/implementation-and-setup/team-implementation-guide/README.md @@ -9,7 +9,7 @@ We start with the awareness that most businesses: ## **Typical timelines** -Once your Snyk Organization is set up, you can immediately start gaining visibility into your code by integrating your code repositories (with PR checks disabled), CI/CD pipelines, or container registries. +After you set up your Snyk Organization, you can immediately start gaining visibility into your code by integrating your code repositories (with PR checks disabled), CI/CD pipelines, or container registries. To minimize disruption, Snyk recommends a gradual rollout of your "shift left" security strategy, focusing on backlog remediation and prevention. Key recommendations include providing developers with access to the IDE and piloting on a single Project before expanding best practices to the wider team. @@ -35,15 +35,15 @@ This visibility helps build trust while rolling out Snyk. With the Team plan, th ### Achieve prevention and drive developer adoption -Next is the prevention stage. You should stop new security issues from being added to your applications. During this stage, you can put controls in place to allow developers to see issues in their pipelines using Pull Request (PR)/Merge Request (MR) checks, and checks in the pipeline that may block. +Next is the prevention stage. Stop new security issues from being added to your applications. During this stage, you can put controls in place to let developers see issues in their pipelines using Pull Request (PR)/Merge Request (MR) checks, and checks in the pipeline that can block. -As part of this, developers may use IDE plugins and other tools like [Snyk Advisor](https://snyk.io/advisor) to select secure packages and [Snyk Learn](https://learn.snyk.io/) to educate on secure coding, security, and the product. It's quite common to see developers download and use IDE plugins. Provide guides indicating the settings they should use and guidelines on what they should fix to start often Criticals and Highs, where fixes are available. +As part of this, developers can use IDE plugins and other tools like [Snyk Advisor](https://snyk.io/advisor) to select secure packages and [Snyk Learn](https://learn.snyk.io/) to educate on secure coding, security, and the product. Developers commonly download and use IDE plugins. Provide guides indicating the settings they should use and guidelines on what to fix to start, often Criticals and Highs, where fixes are available. ### Fix the backlog and triage issues Finally, you can focus on fixing your backlog of security issues. This can take several forms: -* As part of the initial rollout, security or initial stakeholder may triage the initial results for the existing portfolio, create tickets for priority items to investigate or address, or have the teams do that for their applications as part of the weekly triage process. +* As part of the initial rollout, security or initial stakeholders can triage the initial results for the existing portfolio, create tickets for priority items to investigate or address, or have the teams do that for their applications as part of the weekly triage process. * After gaining visibility and achieving prevention, you can review your backlog of issues. For example, a weekly triage process with the key stakeholders can guide the teams on what to address. ## Use enhanced resources with Snyk diff --git a/discover-snyk/implementation-and-setup/team-implementation-guide/invite-users.md b/discover-snyk/implementation-and-setup/team-implementation-guide/invite-users.md index f685a21bdd1d..193b3d6a06f6 100644 --- a/discover-snyk/implementation-and-setup/team-implementation-guide/invite-users.md +++ b/discover-snyk/implementation-and-setup/team-implementation-guide/invite-users.md @@ -1,7 +1,7 @@ -# Invite Users +# Invite users Click **Members** and invite your team members, applying the role alignments decided in Phase 1 for each member. {% hint style="info" %} -Inviting members is generally suggested after importing your Projects. You may bring in a few initial members to start and then do a wider rollout. This can be done at any time as part of stages four and five. It is strongly recommended to communicate what is expected prior to the actual invitation and then communicate throughout the various stages as pull request checks are turned on, pipelines enabled, and as policies/practices change. +Inviting members is generally suggested after importing your Projects. You can bring in a few initial members to start and then do a wider rollout at any time as part of stages four and five. Communicate what is expected before the invitation, then communicate throughout the various stages as pull request checks are turned on, pipelines enabled, and policies and practices change. {% endhint %} diff --git a/discover-snyk/implementation-and-setup/team-implementation-guide/phase-1-discovery-and-planning/choose-rollout-integrations.md b/discover-snyk/implementation-and-setup/team-implementation-guide/phase-1-discovery-and-planning/choose-rollout-integrations.md index 1a9d4a0b0a32..28d0b65040a6 100644 --- a/discover-snyk/implementation-and-setup/team-implementation-guide/phase-1-discovery-and-planning/choose-rollout-integrations.md +++ b/discover-snyk/implementation-and-setup/team-implementation-guide/phase-1-discovery-and-planning/choose-rollout-integrations.md @@ -2,7 +2,7 @@ ## **SDLC integration points** -Snyk offers many integrations that seamlessly integrate into every stage of the SDLC. +Snyk offers many integrations across every stage of the SDLC. Many businesses typically roll out automated solutions first, then slowly introduce tools to enable the developers. In addition, gating features are gradually turned on over a period of time to minimize disruption. @@ -16,7 +16,7 @@ Below are typical early integrations. ### Source Code Management (SCM) integrations -Integrations with popular version control platforms like GitHub, GitLab, Azure Repos, and Bitbucket seamlessly integrate Snyk security checks into the code review process. This ensures that potential vulnerabilities are identified and addressed before the code is merged into the main branch. Important features include: +Integrations with popular version control platforms like GitHub, GitLab, Azure Repos, and Bitbucket integrate Snyk security checks into the code review process. This ensures that Snyk identifies and addresses potential vulnerabilities before the code is merged into the main branch. Important features include: * Daily testing/monitoring of a specified branch (typically "development" branch), * (optional) Pull Request/Merge Request checks against any branch of the repository. @@ -43,7 +43,7 @@ If you have a non-cloud-facing or your own instance of a Git SCM: ### Continuous Integration/Continuous Deployment (CI/CD) pipeline integrations -Integrating Snyk into CI/CD pipelines, such as Jenkins, Travis CI, or CircleCI, automates security checks during the build and deployment process. This ensures that vulnerabilities are detected early in the software development lifecycle and prevents their propagation into production. Typical features include: +Integrating Snyk into CI/CD pipelines, such as Jenkins, Travis CI, or CircleCI, automates security checks during the build and deployment process. This ensures that Snyk detects vulnerabilities early in the software development lifecycle and prevents their propagation into production. Typical features include: * (Optional) Ability to passively monitor results during build and view results in Snyk * (Optional) Ability to test and potentially break the build based on criteria you specified @@ -59,13 +59,13 @@ For more details, see [Snyk CI/CD integrations](https://app.gitbook.com/o/-M4tdx ### Integrated Development Environment (IDE) integrations -IDE integrations like Visual Studio Code, IntelliJ IDEA, and Eclipse allow developers to access Snyk's security features directly within their coding environment. This enables real-time scanning and issue remediation as developers write code at the earliest possible stages. +IDE integrations like Visual Studio Code, IntelliJ IDEA, and Eclipse let developers access the security features in Snyk directly within their coding environment. This enables real-time scanning and issue remediation as developers write code at the earliest possible stages. For more details, see [Use Snyk in your IDE](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/snyk-ide-plugins-and-extensions). ## Considerations for import strategies -
Project Import StrategyConsiderationsAdvantagesDisadvantages
CLI (automated CI/CD)Must be configured for each application within CI/CD.
  • Can select what to test and when (i.e. which package managers, where in the process, which language to analyze.
  • May need development effort for integration.
It requires configuration per application.
CLI (Run locally by user)User can use CLI to perform testing locally while working on an application, very configurable per scan type.Local use caseNot meant for visibility or automation. Can require buildable code or dependencies to be installed (For example Gradle without Lockfile, Scala).
Git Code Repository IntegrationOnboarding and daily monitoring: rapid vulnerability assessment across application portfolio.
  • Continuous monitoring of repositories (even when you are not working on it).
  • Centralized visibility for teams.
  • Monitors specified branch
  • Code does not need to be built.
  • Can be initiated via UI
  • Some languages/package managers have better resolution utilizing the CLI (Gradle without lockfile, Scala).
Pull request (PR)/merge request (MR) scanningImmediate feedback on introduced issues on the PR/MR against any branch on repository.Configurable rules for pass/fail
+
Project Import StrategyConsiderationsAdvantagesDisadvantages
CLI (automated CI/CD)Must be configured for each application within CI/CD.
  • Can select what to test and when (that is, which package managers, where in the process, which language to analyze).
  • May need development effort for integration.
It requires configuration per application.
CLI (Run locally by user)User can use CLI to perform testing locally while working on an application, configurable per scan type.Local use caseNot meant for visibility or automation. Can require buildable code or dependencies to be installed (For example Gradle without Lockfile, Scala).
Git Code Repository IntegrationOnboarding and daily monitoring: rapid vulnerability assessment across application portfolio.
  • Continuous monitoring of repositories (even when you are not working on it).
  • Centralized visibility for teams.
  • Monitors specified branch
  • Code does not need to be built.
  • Can be initiated through the UI
  • Some languages/package managers have better resolution using the CLI (Gradle without lockfile, Scala).
Pull request (PR)/merge request (MR) scanningImmediate feedback on introduced issues on the PR/MR against any branch on repository.Configurable rules for pass/fail
## Additional considerations @@ -73,8 +73,8 @@ For more details, see [Use Snyk in your IDE](https://app.gitbook.com/o/-M4tdxG8q For Snyk Infrastructure as Code, it is common that your Terraform or YAML configuration files are held in your SCM, but they may be in a separate area or repository. As a result, consider if there are other areas you need to import. You may also want to integrate with Terraform Cloud (if applicable) to enable Snyk tests as part of your "Terraform run" processes. -For complex environments, modules, and highly templated implementations, utilizing the CLI on your Terraform Plan file may provide the best results. +For complex environments, modules, and highly templated implementations, using the CLI on your Terraform Plan file can provide the best results. ### CR (Container Registries) -Snyk also integrates with various [Container Registries](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-container/container-registry-integrations) to enable you to import and monitor your containers for vulnerabilities. Snyk tests the containers you have imported for any known security vulnerabilities found at a frequency you control. +Snyk also integrates with various [Container Registries](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-container/container-registry-integrations) so you can import and monitor your containers for vulnerabilities. Snyk tests the containers you have imported for any known security vulnerabilities found at a frequency you control. diff --git a/discover-snyk/implementation-and-setup/team-implementation-guide/phase-1-discovery-and-planning/create-rollout-plan.md b/discover-snyk/implementation-and-setup/team-implementation-guide/phase-1-discovery-and-planning/create-rollout-plan.md index d6f7bfff5721..985ee383174c 100644 --- a/discover-snyk/implementation-and-setup/team-implementation-guide/phase-1-discovery-and-planning/create-rollout-plan.md +++ b/discover-snyk/implementation-and-setup/team-implementation-guide/phase-1-discovery-and-planning/create-rollout-plan.md @@ -4,7 +4,7 @@ Every business is different. If your teams have already used security tools and ## Suggested onboarding approach -When you are introducing Snyk to your business, Snyk suggests the following phased rollout after configuring integrations. +When you are introducing Snyk to your business, Snyk suggests the following phased rollout after configuring integrations. ### 1. Kick off with a pilot team @@ -14,14 +14,14 @@ Start by selecting a small group of engaged pilot users from: * Project teams building new applications * Developers of business-critical applications. -This allows you to: +This lets you: * Thoroughly onboard initial users * Gather feedback to refine processes * Identify issues before the broader rollout * Build success stories to promote Snyk. -Typically, importing everything using a repository integration for visibility and working through the rollout with a small pilot team allows you to identify the best processes and ways to implement Snyk within your environment. +Typically, importing everything using a repository integration for visibility and working through the rollout with a small pilot team lets you identify the best processes and ways to implement Snyk in your environment. ### 2. Gain visibility with Git repository integration @@ -51,7 +51,7 @@ The key advantages of using this process are: With priorities addressed and processes refined, start expanding access more broadly across teams. -This phased approach allows thoughtful onboarding while rapidly gaining visibility and control. +This phased approach supports thoughtful onboarding while rapidly gaining visibility and control. ### 5. Turn on gating @@ -60,7 +60,7 @@ After the first month, gradually turn on gating measures. * Pull Request/Merge Request Checks using criteria such as `severity` and `is fixable`. * Fail builds based on criteria such as `High` or `Critical`, `CVSS`, `Mature Exploit` for Open Source and other criteria using the [Snyk Filter](https://github.com/snyk-labs/snyk-filter) plugin. -It's recommended to start with a few applications, especially during the pilot team phase, work through the processes then roll out more widely. +Snyk recommends starting with a few applications, especially during the pilot team phase, working through the processes, then rolling out more widely. ## Exception handling diff --git a/discover-snyk/implementation-and-setup/team-implementation-guide/phase-1-discovery-and-planning/determine-member-roles.md b/discover-snyk/implementation-and-setup/team-implementation-guide/phase-1-discovery-and-planning/determine-member-roles.md index a8cd1b0fc11b..91091011819b 100644 --- a/discover-snyk/implementation-and-setup/team-implementation-guide/phase-1-discovery-and-planning/determine-member-roles.md +++ b/discover-snyk/implementation-and-setup/team-implementation-guide/phase-1-discovery-and-planning/determine-member-roles.md @@ -1,6 +1,6 @@ # Determine user roles -## Default roles +## Default roles A key consideration when setting up Snyk is determining which [default user roles](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/snyk-platform-administration/user-roles/pre-defined-roles) align with your needs. @@ -9,7 +9,7 @@ The Team plan has the following fixed roles in Snyk, each with a fixed set of pe The following are the default roles: * **Org Admin**: Typically assigned to team leads. Users with this role can add/delete Projects, override Snyk checks, and provision users. It is common to assign this to team leads, admins, and security team users. -* **Org Collaborator**: This is the default role in Snyk used for developers. This role is ideal for small teams or for a very developer-first organizational approach. +* **Org Collaborator**: This is the default role in Snyk used for developers. This role is ideal for small teams or for a developer-first organizational approach. {% hint style="info" %} If you need more granularity in roles/permissions, consider upgrading to Snyk Enterprise Plan to access Custom Roles and SSO functionality. diff --git a/discover-snyk/implementation-and-setup/team-implementation-guide/phase-1-discovery-and-planning/discovery.md b/discover-snyk/implementation-and-setup/team-implementation-guide/phase-1-discovery-and-planning/discovery.md index 02ec62a42825..0f637117a9d2 100644 --- a/discover-snyk/implementation-and-setup/team-implementation-guide/phase-1-discovery-and-planning/discovery.md +++ b/discover-snyk/implementation-and-setup/team-implementation-guide/phase-1-discovery-and-planning/discovery.md @@ -4,7 +4,7 @@ Identifying key applications early helps you identify important contacts to make, helps define success metrics, and helps early prioritization. Your business may have thousands of applications, but can you identify a few key applications to benchmark progress and priority? -For large enterprises, you can import everything, but that additional information can be collected in parallel to help prioritize work and measure success. This should not be a blocker or delay, it can be done in parallel in the planning and implementation phases. +For large enterprises, you can import everything, but you can collect that additional information in parallel to help prioritize work and measure success. This should not be a blocker or delay. You can do it in parallel in the planning and implementation phases. ## For implementations in smaller organizations/startups - confirm internal points of contact and roles @@ -19,7 +19,7 @@ To successfully implement Snyk, you must identify the skills needed and the stak ## For implementations for a Team plan within an Enterprise - identify stakeholders with a RACI matrix -In smaller organizations where a few individuals may have the necessary access, involving the stakeholders can be quick and easy. For a small team, early startup, it can be as simple as finding who can create credentials for Snyk to access the system or update a CI/CD script. In a larger enterprise, where you may have a single team using Snyk, this tends to be more organizationally complex, and the following RACI matrix can assist in determining: +In smaller organizations where a few individuals have the necessary access, involving the stakeholders can be quick. For a small team or early startup, it can be as simple as finding who can create credentials for Snyk to access the system or update a CI/CD script. In a larger enterprise, where you may have a single team using Snyk, this tends to be more organizationally complex, and the following RACI matrix can assist in determining: * **R**esponsible: the person ultimately accountable for carrying out the task or deliverable. * **A**ccountable: the approver who must sign off on work before it is considered complete. @@ -30,6 +30,6 @@ For large enterprises, the following RACI matrix is useful to clearly define rol
TaskChampionAdminSecurityDevOps
OnboardingResponsibleResponsibleResponsibleResponsible
Admin TrainingAccountableResponsibleConsultedResponsible
Security TrainingResponsibleConsultedAccountableResponsible
DevOps TrainingResponsibleConsultedConsultedAccountable
Source Control/IDE/PIPELINE SetupResponsibleResponsibleResponsibleAccountable
License Policy ManagementResponsibleResponsibleResponsibleAccountable
Security TriageResponsibleConsultedAccountableConsulted
-This ensures all stakeholders are engaged in suitable capacities without duplicated or neglected efforts. Following the matrix enables smooth collaboration, with individuals contributing specialized skills within their designated areas. +This ensures all stakeholders are engaged in suitable capacities without duplicated or neglected efforts. Following the matrix enables smooth collaboration, with individuals contributing specialized skills in their designated areas. -The clear delineation of duties promotes productivity, efficiency, and accountability. Overall, the RACI framework is an effective method for orchestrating a structured, well-coordinated onboarding process resulting in the successful implementation of Snyk. +The clear delineation of duties promotes productivity, efficiency, and accountability. Overall, the RACI framework is an effective method for orchestrating a structured, well-coordinated onboarding process that results in the successful implementation of Snyk. diff --git a/discover-snyk/implementation-and-setup/team-implementation-guide/phase-1-discovery-and-planning/name-your-organization.md b/discover-snyk/implementation-and-setup/team-implementation-guide/phase-1-discovery-and-planning/name-your-organization.md index 70256ebb5e4f..8c761cff487b 100644 --- a/discover-snyk/implementation-and-setup/team-implementation-guide/phase-1-discovery-and-planning/name-your-organization.md +++ b/discover-snyk/implementation-and-setup/team-implementation-guide/phase-1-discovery-and-planning/name-your-organization.md @@ -24,5 +24,5 @@ All customers have a Group and at least one Organization. On the Free and Team p For more details, visit [Manage Groups and Organizations](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/snyk-hierarchy/groups-and-organizations). {% hint style="info" %} -If you have hundreds or thousands of repositories, consider the Snyk Enterprise plan for access to additional organizations to restrict access, separate reporting, and manageable lists to interact with. +If you have hundreds or thousands of repositories, consider the Snyk Enterprise plan for access to additional Organizations to restrict access, separate reporting, and manageable lists to interact with. {% endhint %} diff --git a/discover-snyk/implementation-and-setup/team-implementation-guide/phase-1-discovery-and-planning/plan-for-success.md b/discover-snyk/implementation-and-setup/team-implementation-guide/phase-1-discovery-and-planning/plan-for-success.md index a6a4054842c3..1145c861484e 100644 --- a/discover-snyk/implementation-and-setup/team-implementation-guide/phase-1-discovery-and-planning/plan-for-success.md +++ b/discover-snyk/implementation-and-setup/team-implementation-guide/phase-1-discovery-and-planning/plan-for-success.md @@ -2,19 +2,19 @@ ## Determine success metrics with Snyk -Implementing Snyk provides an opportunity to enhance your application security. But how do you know if you're getting the most out of it? Key Performance Indicators (KPIs) are essential measurements that track Snyk's impact and help guide your security journey. +Implementing Snyk provides an opportunity to enhance your application security. But how do you know if you're getting the most out of it? Key Performance Indicators (KPIs) are essential measurements that track the impact of Snyk and help guide your security journey. KPIs give you valuable insights by monitoring key metrics at each adoption phase - from raising awareness to preventing new issues. They help you: * Assess progress toward security goals * Identify areas needing improvement -* Demonstrate Snyk's value to stakeholders +* Demonstrate the value of Snyk to stakeholders Tracking metrics aligned to each stage provides tangible insights into what's working well and where improvements may be needed. KPIs help optimize your use of Snyk and progress your application security program. ## Example metrics -These are just some potential examples of success metrics to consider. Analyzing relevant data points at each stage can provide insight into what's working well and identify areas for improvement. +These are some potential examples of success metrics to consider. Analyzing relevant data points at each stage can provide insight into what's working well and identify areas for improvement. ### Gain visibility diff --git a/discover-snyk/implementation-and-setup/team-implementation-guide/phase-1-discovery-and-planning/validate-your-snyk-plan.md b/discover-snyk/implementation-and-setup/team-implementation-guide/phase-1-discovery-and-planning/validate-your-snyk-plan.md index cdb4f7aa41d0..4c33bec5850e 100644 --- a/discover-snyk/implementation-and-setup/team-implementation-guide/phase-1-discovery-and-planning/validate-your-snyk-plan.md +++ b/discover-snyk/implementation-and-setup/team-implementation-guide/phase-1-discovery-and-planning/validate-your-snyk-plan.md @@ -1,5 +1,5 @@ # Validate your Snyk plan -Confirm your Snyk license has been applied correctly. Navigate to your Organization by clicking the Organization name on the left menu and click **Settings**. Confirm the license has been applied to this Organization by reviewing Usage, Plans, and Billing. Tests should be unlimited for the products purchased, and a Team plan should be indicated. +Confirm your Snyk license is applied correctly. Navigate to your Organization by clicking the Organization name in the menu and click **Settings**. Confirm the license is applied to this Organization by reviewing Usage, Plans, and Billing. Tests should be unlimited for the products purchased, and a Team plan should be indicated. -The proper license setup ensures you can fully use Snyk capabilities without limitations. It also guarantees you remain compliant with Snyk terms of use. If the license was incorrectly assigned, contact Snyk support. +The proper license setup ensures you can fully use Snyk capabilities without limitations. It also guarantees you remain compliant with Snyk terms of use. If the license was incorrectly assigned, contact Snyk support. diff --git a/discover-snyk/implementation-and-setup/team-implementation-guide/phase-2-configure-your-organization/README.md b/discover-snyk/implementation-and-setup/team-implementation-guide/phase-2-configure-your-organization/README.md index ae0275f7036a..2de3c1e25ad4 100644 --- a/discover-snyk/implementation-and-setup/team-implementation-guide/phase-2-configure-your-organization/README.md +++ b/discover-snyk/implementation-and-setup/team-implementation-guide/phase-2-configure-your-organization/README.md @@ -2,9 +2,9 @@ ## Name your Organization -This step is easiest performed prior to purchasing the license. If you did not, Snyk support can assist you. +This step is easiest performed before purchasing the license. If you did not, Snyk support can assist you. -### Changing the name prior to purchase +### Changing the name before purchase Click the arrows next to your Organization name, click **Create New Organization**. From the **Settings-Plans and Billing** page, purchase a team plan. diff --git a/discover-snyk/implementation-and-setup/team-implementation-guide/phase-2-configure-your-organization/configure-integrations.md b/discover-snyk/implementation-and-setup/team-implementation-guide/phase-2-configure-your-organization/configure-integrations.md index 4c326dd0705e..fb1b4eea0503 100644 --- a/discover-snyk/implementation-and-setup/team-implementation-guide/phase-2-configure-your-organization/configure-integrations.md +++ b/discover-snyk/implementation-and-setup/team-implementation-guide/phase-2-configure-your-organization/configure-integrations.md @@ -26,14 +26,14 @@ The CLI provides: * Supports private packages without having to configure an additional integration, providing that your build environment will have access to your private packages. * Give visibility to components that are pushed to production by either breaking builds and reporting to Snyk or only reporting to Snyk. -There are several [CI/CD integrations](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/snyk-ci-cd-integrations) available, or you can use the [Snyk CLI](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli) as part of your pipeline, in order to have more flexibility in the tests you are running. +There are several [CI/CD integrations](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/snyk-ci-cd-integrations) available, or you can use the [Snyk CLI](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli) as part of your pipeline, to have more flexibility in the tests you are running. In the initial phase, Snyk recommends using the “monitor” feature to import information into Snyk so you can see any discovered issues (unless you are already importing your repos using a source control integration to achieve this). Later, when you want to start gating/blocking new vulnerabilities from being added, you can introduce “test” features - initially failing builds on critical issues and then gradually adapting the fail criteria over time. {% hint style="info" %} For `snyk iac test --report`, finding issues will result in the build possibly stopping with a non-zero response code. \ \ -If you want to test passively, the inclusion of the `--report` argument requires either setting the build step to always continue or an alternative like concatenating logic equating to "or true" (for example `snyk iac test --report || true`). The exact syntax depends on the ecosystem the CLI is run in. +If you want to test passively, the inclusion of the `--report` argument requires either setting the build step to always continue or an alternative like concatenating logic equating to "or true" (for example `snyk iac test --report || true`). The exact syntax depends on the ecosystem the CLI is run in. {% endhint %} When configuring pipelines, you can use popular plugins like [`snyk-filter`](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/scan-and-maintain-projects-using-the-cli/cli-tools/snyk-filter) for advanced filtering. diff --git a/discover-snyk/implementation-and-setup/team-implementation-guide/phase-3-gain-visibility/add-project-attributes.md b/discover-snyk/implementation-and-setup/team-implementation-guide/phase-3-gain-visibility/add-project-attributes.md index 7bbcd81c8d2d..8485841ad6a4 100644 --- a/discover-snyk/implementation-and-setup/team-implementation-guide/phase-3-gain-visibility/add-project-attributes.md +++ b/discover-snyk/implementation-and-setup/team-implementation-guide/phase-3-gain-visibility/add-project-attributes.md @@ -1,6 +1,6 @@ # Add project attributes -After importing your projects, you can add metadata to your Projects using [Project Attributes](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-projects/project-attributes). This allows you to filter and report on specific subsets of your Organization. +After importing your Projects, you can add metadata to your Projects using [Project Attributes](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-projects/project-attributes). This lets you filter and report on specific subsets of your Organization. -For example, if you add Project Attributes to all of your Projects, you can easily filter Projects to those that are "frontend critical vulnerabilities in production" from the Projects page. +For example, if you add Project Attributes to all of your Projects, you can filter Projects to those that are "frontend critical vulnerabilities in production" from the Projects page. diff --git a/discover-snyk/implementation-and-setup/team-implementation-guide/phase-3-gain-visibility/import-projects.md b/discover-snyk/implementation-and-setup/team-implementation-guide/phase-3-gain-visibility/import-projects.md index 5428de59a71b..15ef7a50620e 100644 --- a/discover-snyk/implementation-and-setup/team-implementation-guide/phase-3-gain-visibility/import-projects.md +++ b/discover-snyk/implementation-and-setup/team-implementation-guide/phase-3-gain-visibility/import-projects.md @@ -1,6 +1,6 @@ # Import Projects -Depending on the integrations you have configured, and the language / package managers in your tech stack, you can import Projects into Snyk using: +Depending on the integrations you have configured, and the languages and package managers in your tech stack, you can import Projects into Snyk using: * A source control integration with your Git repositories * The Snyk CLI with CI/CD. @@ -35,14 +35,14 @@ For a small number of applications, typically under a hundred: For hundreds or thousands of repositories: * At scale, Snyk recommends using the API. APIs are available with the Snyk Enterprise plan. - * Use the [Snyk API](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/snyk-api) to import your Projects. This leverages an existing source control integration and can be used to automate processes. - * The [API-import](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-apps/tool-snyk-api-import) tool uses the API to manage onboarding at scale for large enterprises and is the suggested tool to use at scale. The source control structure will need to be mirrored. + * Use the [Snyk API](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/snyk-api) to import your Projects. This uses an existing source control integration and can automate processes. + * The [API-import](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-apps/tool-snyk-api-import) tool uses the API to manage onboarding at scale for large enterprises and is the suggested tool to use at scale. You must mirror the source control structure. ## Snyk CLI For details, see [Snyk CLI](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli). -The CLI allows granular scanning of individual Projects. +The CLI lets you scan individual Projects granularly. {% hint style="info" %} A command must be formulated for each type of test to perform (open source, code, infrastructure as code, and container). @@ -55,9 +55,9 @@ To use the Snyk CLI: 3. In the script, navigate to the Project folder. 4. Run the appropriate `snyk test` or `snyk monitor` commands and options for the type of scan you want to run.\ \ - Where to implement testing in your scripts is generally flexible but most commonly prior to deployment. Use the monitor command alone for Snyk Open Source and Snyk Container to passively report. When you are using gating through the `test` command, the purpose is to break the build if issues are found that meet particular criteria like `--severity-threshold` or any number of options in the CLI or the `snyk-filter` plugin.\ + Where to implement testing in your scripts is generally flexible but most commonly before deployment. Use the monitor command alone for Snyk Open Source and Snyk Container to passively report. When you are using gating through the `test` command, the purpose is to break the build if issues are found that meet particular criteria like `--severity-threshold` or any number of options in the CLI or the `snyk-filter` plugin.\ \ - In general, Snyk Open source is typically run in `test` and/or `monitor` after the dependencies are installed on the build system.\ + In general, Snyk Open Source is typically run in `test` and `monitor` after the dependencies are installed on the build system.\ \ A typical command can look as follows: * Code: `snyk code test --org=[org-id]` @@ -65,7 +65,7 @@ To use the Snyk CLI: * `snyk test --all-projects --org=[org-id]` * `snyk monitor --all-projects --org=[org-id]`\ Replace `[org-id]` with the ID of your Organization. - * For Container and Infrastructure as Code scans, see [Container](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-container/scan-container-images) and [Infrastructure as Code](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-iac), as this will vary based on the type being scanned. + * For Container and Infrastructure as Code scans, see [Container](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-container/scan-container-images) and [Infrastructure as Code](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-iac), as this varies based on the type being scanned. 5. Review results either locally when running `snyk test`, or on the Snyk Web UI when using `monitor` or report. For demonstrations of various pipeline integrations, see [Snyk-Labs](https://github.com/snyk-labs/snyk-cicd-integration-examples). diff --git a/discover-snyk/implementation-and-setup/team-implementation-guide/phase-4-create-a-fix-strategy.md b/discover-snyk/implementation-and-setup/team-implementation-guide/phase-4-create-a-fix-strategy.md index b95672f22f8f..03da0a0c8e8a 100644 --- a/discover-snyk/implementation-and-setup/team-implementation-guide/phase-4-create-a-fix-strategy.md +++ b/discover-snyk/implementation-and-setup/team-implementation-guide/phase-4-create-a-fix-strategy.md @@ -9,7 +9,7 @@ Before diving into specific vulnerabilities, consider your Organizations and rep In your Organization, you can then consider the repositories that make up the application's different parts. Areas that handle sensitive data or are public-facing may be more important to secure, so this could be another way to narrow down your initial list of Projects to review. {% hint style="info" %} -If you have used **Attributes** to add metadata to your Projects, these can be a great way to filter down the number of Projects that you are considering. +If you have used **Attributes** to add metadata to your Projects, these can help you filter down the number of Projects that you are considering. {% endhint %} ## Group work by development teams @@ -20,17 +20,17 @@ After you have your reduced set of Projects to prioritize, you may want to split Filters are available to help prioritize what issues need to be fixed more urgently. The following search criteria are most commonly used when building a prioritization plan and can be used iteratively or in combination as you analyze results. -* Severity (Start with **High** and **Critical**). It is common to filter by critical severity. However, Snyk Code, Snyk code only goes up to High, so if you are using Snyk Code, start there for Code Analysis results. -* [Exploit Maturity](https://snyk.io/blog/whats-so-wild-about-exploits-in-the-wild-and-how-can-we-prioritize-accordingly/) (Issues with **Mature** or **Proof of Concept** are more exploitable). By choosing this filter, you implicitly only filter the results to Open Source. -* Fixable (if there’s a fix available by upgrading a package, it’s much faster to fix). +* Severity (Start with **High** and **Critical**). It is common to filter by critical severity. However, Snyk Code only goes up to High, so if you are using Snyk Code, start there for Code Analysis results. +* [Exploit Maturity](https://snyk.io/blog/whats-so-wild-about-exploits-in-the-wild-and-how-can-we-prioritize-accordingly/) (Issues with **Mature** or **Proof of Concept** are more exploitable). By choosing this filter, you implicitly filter the results to Open Source only. +* Fixable (if there’s a fix available by upgrading a package, it’s much faster to fix) * CVSS Score for Open Source Vulnerabilities -* [Priority Score](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/fix/prioritize-issues-for-fixing/priority-score) (The above values are used to calculate this score). One strategy is to eliminate the vulnerabilities with a score of 900-1000, and then move to vulnerabilities with a score of 800-900, and so on. +* [Priority Score](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/fix/prioritize-issues-for-fixing/priority-score) (Snyk uses the preceding values to calculate this score). One strategy is to eliminate the vulnerabilities with a score of 900-1000, and then move to vulnerabilities with a score of 800-900, and so on. -Decide which metrics will be used when planning your fix strategy, and get specific with your timeline. If you choose to fix by severity, for example, estimate the time it will take to resolve a vulnerability per severity. It’s recommended to be specific with your fix strategy. +Decide which metrics to use when planning your fix strategy, and get specific with your timeline. If you choose to fix by severity, for example, estimate the time it takes to resolve a vulnerability per severity. Snyk recommends being specific with your fix strategy. **Example** -If there are fifty critical-severity issues and one hundred high-severity issues, you may plan on two weeks to fix critical vulnerabilities and then four weeks to fix high-severity, based on the size of your team and workload. +If there are 50 critical-severity issues and 100 high-severity issues, you may plan on two weeks to fix critical vulnerabilities and then four weeks to fix high-severity, based on the size of your team and workload. Alternatively, you can fix by issue type. @@ -62,8 +62,8 @@ DevSecOps-led implementation, focusing on securing your custom images and enviro ## Targeted Vulnerabilities Campaigns -As you operationalize security testing in your development process, another option for your fix strategy is to have campaigns to eliminate vulnerability types, for example, SQL injection. Using CWE in your search filters can be very useful in reporting to identify and log issues. +As you operationalize security testing in your development process, another option for your fix strategy is to have campaigns to eliminate vulnerability types, for example, SQL injection. Using CWE in your search filters can be useful in reporting to identify and log issues. ## Update your timeline -Once you have created your fix strategy, update the timeline for Phase 7. +After you have created your fix strategy, update the timeline for Phase 7. diff --git a/discover-snyk/implementation-and-setup/team-implementation-guide/phase-5-rolling-out-the-prevention-stage/README.md b/discover-snyk/implementation-and-setup/team-implementation-guide/phase-5-rolling-out-the-prevention-stage/README.md index 4831f895f481..bc1deccee241 100644 --- a/discover-snyk/implementation-and-setup/team-implementation-guide/phase-5-rolling-out-the-prevention-stage/README.md +++ b/discover-snyk/implementation-and-setup/team-implementation-guide/phase-5-rolling-out-the-prevention-stage/README.md @@ -4,11 +4,11 @@ After you gain visibility on your security issues, you can now start to implemen ## Common prevention methods -Below are the two common areas that allow you to "prevent new issues": +The two common areas that let you "prevent new issues" are: -* Snyk tests on pull request (PR)/merge checks (MR), currently available for Open Source. +* Snyk tests on pull request (PR)/merge checks (MR), available for Open Source. * Adding "Snyk test" to your CI/CD pipelines (you may have already implemented "Snyk monitor" to import your Projects as part of the pipeline). - * Additionally, open source, code, infrastructure as code, and container vulnerabilities can all be gated. + * Additionally, Snyk can gate open source, code, infrastructure as code, and container vulnerabilities. In either case, Snyk suggests that you communicate these changes clearly to your developers before implementing any form of gating. @@ -24,7 +24,7 @@ To block new issues, you can use PR checks. For details, see [Run PR Checks](htt ### Communicate exception processes -It is important to ensure the teams know the exception processes and how to address if a PR is blocked or a build fails. +Ensure the teams know the exception processes and how to respond if a PR is blocked or a build fails. For example: diff --git a/discover-snyk/implementation-and-setup/team-implementation-guide/phase-5-rolling-out-the-prevention-stage/add-and-configure-snyk-to-your-ci-cd-pipeline.md b/discover-snyk/implementation-and-setup/team-implementation-guide/phase-5-rolling-out-the-prevention-stage/add-and-configure-snyk-to-your-ci-cd-pipeline.md index 3723bd81c0ae..6da9a92ab15c 100644 --- a/discover-snyk/implementation-and-setup/team-implementation-guide/phase-5-rolling-out-the-prevention-stage/add-and-configure-snyk-to-your-ci-cd-pipeline.md +++ b/discover-snyk/implementation-and-setup/team-implementation-guide/phase-5-rolling-out-the-prevention-stage/add-and-configure-snyk-to-your-ci-cd-pipeline.md @@ -6,7 +6,7 @@ After your teams understand the vulnerabilities in their applications and develo ## No import requirement -A benefit of adding tests to your pipeline is that you do not need to import the repository to Snyk using the source control integration (which is required for Snyk PR Checks). It can also be used as an additional gate, even if you are testing PRs, to further decrease the chance of new vulnerabilities entering your production builds. +A benefit of adding tests to your pipeline is that you do not need to import the repository to Snyk using the source control integration (which Snyk PR Checks require). You can also use it as an additional gate, even if you are testing PRs, to further decrease the chance of new vulnerabilities entering your production builds. ## Pipeline options @@ -15,7 +15,7 @@ When adding Snyk to a build pipeline, there are common options: * Using the specific [pipeline integration](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/snyk-ci-cd-integrations) for your tool. * Using the [Snyk CLI](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli) and running the specific commands directly. -Each option has benefits - using an existing pipeline integration may be faster and easier to configure, but using the Snyk CLI will give you a greater range of options and flexibility in your "fail" criteria. +Each option has benefits — using an existing pipeline integration may be faster to configure, but using the Snyk CLI gives you a greater range of options and flexibility in your "fail" criteria. ## Pipeline test filters @@ -23,7 +23,7 @@ When running a test in your pipeline, there are filters available to determine w ## CLI supporting tools -If you use the Snyk CLI in your pipeline, a range of supporting [Snyk Tools](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-apps/snyk-tools) provide additional functionality, including [`snyk-filter`](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/scan-and-maintain-projects-using-the-cli/cli-tools/snyk-filter), which can be used for more complex "fail" criteria, such as “fail if more than three High severity vulnerabilities are found”. +If you use the Snyk CLI in your pipeline, a range of supporting [Snyk Tools](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-apps/snyk-tools) provide additional functionality, including [`snyk-filter`](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/scan-and-maintain-projects-using-the-cli/cli-tools/snyk-filter), which you can use for more complex "fail" criteria, such as “fail if more than three High severity vulnerabilities are found”. ## Also see diff --git a/discover-snyk/implementation-and-setup/team-implementation-guide/phase-5-rolling-out-the-prevention-stage/enable-and-configure-snyk-on-prs.md b/discover-snyk/implementation-and-setup/team-implementation-guide/phase-5-rolling-out-the-prevention-stage/enable-and-configure-snyk-on-prs.md index 93be26a462f6..51a7508b7a72 100644 --- a/discover-snyk/implementation-and-setup/team-implementation-guide/phase-5-rolling-out-the-prevention-stage/enable-and-configure-snyk-on-prs.md +++ b/discover-snyk/implementation-and-setup/team-implementation-guide/phase-5-rolling-out-the-prevention-stage/enable-and-configure-snyk-on-prs.md @@ -2,40 +2,40 @@ ## Use PR Checks to introduce gating -[Snyk Pull Request(PR)/Merge Request (MR) Checks](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/prevent/pull-request-checks) allow you to prevent new security issues from entering your codebase, by automatically scanning code changes when you submit a pull request (PR). PR Checks are available for open-source vulnerabilities, license compliance issues, and your own code issues. +[Snyk Pull Request(PR)/Merge Request (MR) Checks](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/prevent/pull-request-checks) let you prevent new security issues from entering your codebase, by automatically scanning code changes when you submit a pull request (PR). PR Checks are available for open-source vulnerabilities, license compliance issues, and your own code issues. If you import Projects through a source control integration, then Snyk Open Source and Snyk Code PR Checks is a good place to start introducing gating. {% hint style="info" %} -Snyk recommendes announcing the changes prior to rolling out the changes. See [Announce prevention measures](../../enterprise-implementation-guide/automate-prevention-measures.md#announce-prevention-measures) for examples of how to message your developers. +Snyk recommends announcing the changes before rolling out the changes. See [Announce prevention measures](../../enterprise-implementation-guide/automate-prevention-measures.md#announce-prevention-measures) for examples of how to message your developers. {% endhint %} ### Implementing Open Source PR Checks There are a number of different features available that can be used to help you gradually introduce the feature to avoid friction with your development teams: -* Fail conditions: You can control whether the test will "fail" if the PR itself is adding a dependency with issues (most common) or if the repository as a whole has any issues. +* Fail conditions: You can control whether the test "fails" if the PR itself is adding a dependency with issues (most common) or if the repository as a whole has any issues. -The criteria of what constitutes a "failed test" can also be customized. By default, the test does not filter based on severity or fixability, which can mean that PR tests will regularly fail. For Snyk Open Source you can customize what the criteria are to fail the test: +You can also customize the criteria of what constitutes a "failed test". By default, the test does not filter based on severity or fixability, which can mean that PR tests regularly fail. For Snyk Open Source you can customize the criteria to fail the test: * **Only fail for high or critical severity issues** * **Only fail when the issues found have a fix available** -When you first enable this feature, Snyk suggests ticking both of these boxes so that a test would fail if a **High or Critical** and **fixable** issue is found. In this case, you would want to encourage to developer to fix the issue before proceeding. +When you first enable this feature, Snyk suggests selecting both of these check boxes so that a test fails if a **High or Critical** and **fixable** issue is found. In this case, encourage the developer to fix the issue before proceeding. -These PR tests are optional by default, meaning that even if the test fails, the developer may be able to continue and merge the PR. Controlling whether a PR test is optional or blocking is configured within your source control management platform, such as GitHub’s branch protection rules. +These PR tests are optional by default, meaning that even if the test fails, the developer can continue and merge the PR. You configure whether a PR test is optional or blocking in your source control management platform, such as GitHub’s branch protection rules. ### Implementing Code PR Checks When enabling static analysis of code changes and therefore new vulnerabilities, you can select the fail criteria to be **High** (the highest severity). -When you first enable this feature, Snyk suggests selecting **High** if an issue is found. In this case, you would want to encourage developers to fix the issue before proceeding. As your code base stabilizes and you have worked through the backlog, you can change the fail criteria to lower the severity (to either **Medium** or **Low)** in order to address broader issues or to match your internal policies. +When you first enable this feature, Snyk suggests selecting **High** if an issue is found. In this case, encourage developers to fix the issue before proceeding. As your codebase stabilizes and you have worked through the backlog, you can change the fail criteria to lower the severity (to either **Medium** or **Low)** to address broader issues or to match your internal policies. ### Using PR Checks for a phased rollout It is common to have a phased rollout of these features. Using PR checks as an example: -* You may initially run Snyk tests and set, via your source control settings, as optional checks. The results are displayed, but the developer is not blocked from merging the PR. +* You may initially run Snyk tests and set them, through your source control settings, as optional checks. The results are displayed, but the developer is not blocked from merging the PR. * Over time, as developers adapt to seeing these results and begin addressing the high issues proactively, you can choose to start blocking PRs from being merged if there are any new highest severity issues or, in the case of Snyk Open Source, if a fix is available. This phased rollout helps to decrease friction between your security and development teams. diff --git a/discover-snyk/implementation-and-setup/team-implementation-guide/phase-6-triages-ignores-and-fixes.md b/discover-snyk/implementation-and-setup/team-implementation-guide/phase-6-triages-ignores-and-fixes.md index e7837c456854..308e4daa5e4a 100644 --- a/discover-snyk/implementation-and-setup/team-implementation-guide/phase-6-triages-ignores-and-fixes.md +++ b/discover-snyk/implementation-and-setup/team-implementation-guide/phase-6-triages-ignores-and-fixes.md @@ -5,7 +5,7 @@ After you implement a strategy to prevent new issues from entering your repositories, whether blocking builds or running in a non-blocking/advisory mode, the next step is to prioritize and start fixing issues in your backlog. * In [Phase 4: Create a Fix strategy](phase-4-create-a-fix-strategy.md), you created a plan for prioritizing your Projects and issues. To implement this, you can schedule regular meetings with development team leads, to assist them with this process. -* If you use Jira Cloud, you can download and install the [Snyk Security in Jira Cloud](https://marketplace.atlassian.com/apps/1230482/snyk-security-in-jira-cloud) plugin from the Atlassian marketplace. This allows you to view information on your Snyk Vulnerabilities directly in Jira, and use Jira Automation to create new tickets when new vulnerabilities are identified. +* If you use Jira Cloud, you can download and install the [Snyk Security in Jira Cloud](https://marketplace.atlassian.com/apps/1230482/snyk-security-in-jira-cloud) plugin from the Atlassian marketplace. This lets you view information on your Snyk Vulnerabilities directly in Jira, and use Jira Automation to create new tickets when new vulnerabilities are identified. ## When should you ignore an issue? @@ -25,7 +25,7 @@ Confirm ignore with an Organization Admin (they may need to complete this step t When adding the ignore: * Ensure you add a detailed reason, so the ignore reason is clear to others who see this issue. -* Set an expiration date for the ignored rather than having a permanent ignore. This is essential, as whilst the issue may not be fixable/relevant today, it should be reviewed regularly (monthly or quarterly) to see if it is possible to implement a fix. +* Set an expiration date for the ignore rather than having a permanent ignore. This is essential, as while the issue may not be fixable or relevant today, review it regularly (monthly or quarterly) to see if it is possible to implement a fix. {% hint style="info" %} In **Settings-General** it's common to limit access to who can ignore an issue and require a reason. diff --git a/discover-snyk/implementation-and-setup/team-implementation-guide/prerequisites-project-plan-templates.md b/discover-snyk/implementation-and-setup/team-implementation-guide/prerequisites-project-plan-templates.md index 7c916cbb9b2c..87493033abce 100644 --- a/discover-snyk/implementation-and-setup/team-implementation-guide/prerequisites-project-plan-templates.md +++ b/discover-snyk/implementation-and-setup/team-implementation-guide/prerequisites-project-plan-templates.md @@ -4,7 +4,7 @@ The templates provided below are the basis of the following sections of this gui You can download and use these templates in your project management system. {% hint style="info" %} -The suggested timelines are typically for individual teams and small companies, which may involve a small team or company. Adjust accordingly for what makes sense for your company. +The suggested timelines are typically for individual teams and small companies. Adjust accordingly for what makes sense for your company. {% endhint %} You can download or import these plans: diff --git a/discover-snyk/snyk-api/rest-api/getting-started-with-the-rest-api.md b/discover-snyk/snyk-api/rest-api/getting-started-with-the-rest-api.md index ccb760027f8b..5f57bd157ba7 100644 --- a/discover-snyk/snyk-api/rest-api/getting-started-with-the-rest-api.md +++ b/discover-snyk/snyk-api/rest-api/getting-started-with-the-rest-api.md @@ -6,7 +6,7 @@ Follow these steps to make a simple call to the REST API using `curl` in the com 2. In your account, use the left navigation to find an **Organization** where you have Projects you can list. 3. Navigate to your **Organization Settings**, and on the **General** settings page, find your **Organization ID** and copy the value. 4. Navigate to your personal [General Account Settings](https://app.snyk.io/account/) and copy your **API Token**. For instructions, see [Authentication for API](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/authentication-for-api). -5. Use a `curl` command to make your request. Replace the `{orgId}` and API\_TOKEN with your **Organization ID** and **API Token**, respectively. Snyk recommends using 2024-10-15 for the version number unless you are using an earlier version for a specific reason. Using the current day's date will call the most recent version of the API. An example follows: +5. Use a `curl` command to make your request. Replace the `{orgId}` and API\_TOKEN with your **Organization ID** and **API Token**, respectively. Snyk recommends using 2024-10-15 for the version number unless you are using an earlier version for a specific reason. Using the current day's date calls the most recent version of the API. An example follows: ```sh curl --request GET \ diff --git a/discover-snyk/snyk-learn/README.md b/discover-snyk/snyk-learn/README.md index e7a902234e64..97b3dc70ea44 100644 --- a/discover-snyk/snyk-learn/README.md +++ b/discover-snyk/snyk-learn/README.md @@ -2,7 +2,7 @@ [Snyk Learn](https://learn.snyk.io) offers lessons for developer [security education](./#security-education) and Snyk [product training](./#product-training) with short and interactive content. Snyk Learn also has[ learning paths](https://learn.snyk.io/catalog/?format=learning_path\&type=security-education) for learners to take a predefined set of lessons following a structured flow. These lessons and learning plans are designed to help you start using Snyk, implement a [DevSecOps](../getting-started/glossary.md#devsecops) framework, and also to help you implement an ongoing security education and training program. -Snyk Learn is one component of learning available for users and customers. The Snyk [customer resource page](https://snyk.io/customer-resources/) will help you learn the best practices for implementing Snyk in your Organization. +Snyk Learn is one component of learning available for users and customers. The Snyk [customer resource page](https://snyk.io/customer-resources/) helps you learn the best practices for implementing Snyk in your Organization. Snyk Learn is integrated into the Snyk Platform, giving learners the ability to [track their progress](your-learning/) and Organizations the ability to manage users through Snyk. @@ -14,13 +14,13 @@ The following table shows the features available for each plan. For more informa ### Learning Management add-on -The Snyk Learning Management add-on allows AppSec and compliance teams to easily [assign](snyk-learn-assignments.md) lessons, track progress, and download reports for proof of completion. These capabilities are also supported through the [Snyk Learn API](snyk-learn-api.md). +The Snyk Learning Management add-on lets AppSec and compliance teams [assign](snyk-learn-assignments.md) lessons, track progress, and download reports for proof of completion. The [Snyk Learn API](snyk-learn-api.md) also supports these capabilities. For more information and to add this capability to your Snyk plan, contact your Snyk account team. ## Regional hosting -Snyk Learn also allows for regional hosting and data residency. Multi-tenant support enables seamless operation across multiple deployment environments, specifically tailored to meet the needs of Snyk users in the US, AU, and EU. +Snyk Learn also supports regional hosting and data residency. Multi-tenant support enables operation across multiple deployment environments, specifically tailored to meet the needs of Snyk users in the US, AU, and EU. Snyk customers have access to Snyk Learn resources according to their region in the Snyk application. There is no need to create an additional user. For more information, see [Regional hosting and data residency](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/ELvljsaLKPkSpffOkmsQ/regional-hosting-and-data-residency). @@ -44,6 +44,6 @@ Snyk[ product training](https://learn.snyk.io/catalog/?type=product-training) pr * How to configure and manage Snyk organizations * How to use Snyk to find and fix issues -The platform provides an easy way for teams to get an introduction to Snyk tools and user best practices. Most courses take between three and ten minutes. +The platform provides a way for teams to get an introduction to Snyk tools and user best practices. Most courses take between three and 10 minutes. Snyk offers product training[ learning paths](https://learn.snyk.io/catalog/?type=product-training\&format=learning_path), including Implementing Snyk, Managing application security with Snyk, and Developing using Snyk. diff --git a/discover-snyk/snyk-learn/snyk-assist.md b/discover-snyk/snyk-learn/snyk-assist.md index 163ab34106d7..3d23b352b6d1 100644 --- a/discover-snyk/snyk-learn/snyk-assist.md +++ b/discover-snyk/snyk-learn/snyk-assist.md @@ -9,21 +9,21 @@ Snyk Assist for Learn is an AI-powered learning assistant integrated into the Sn Snyk Assist enhances your learning experience within the Snyk Learn platform by: * Providing immediate answers to questions about Snyk products, features, and general application security concepts. -* Delivering context-aware replies based on Snyk's extensive knowledge base. +* Delivering context-aware replies based on the extensive knowledge base in Snyk. * Suggesting relevant follow-on learning opportunities available within Snyk Learn, Snyk Docs and the Snyk Blog.

Snyk Assist on Snyk Learn

## How Snyk Assist works -Snyk Assist utilizes Generative AI to respond to questions based on information retrieved from trusted Snyk sources: +Snyk Assist uses Generative AI to respond to questions based on information retrieved from trusted Snyk sources: * [Snyk Learn lessons](https://learn.snyk.io/catalog/?format=lesson) * [Snyk Documentation](../) Snyk Assist **does not** have access to your Snyk tenant data, such as issue and asset information, or Snyk Learn learning history. While interacting with Snyk Assist, we collect and process your queries and conversation history to provide responses and improve our service. -The technology leverages Snyk-managed services and selected third-party Large Language Model (LLM) providers to respond with helpful and informative answers. +The technology uses Snyk-managed services and selected third-party Large Language Model (LLM) providers to respond with helpful and informative answers. {% hint style="info" %} **Capabilities and Limitations** @@ -32,7 +32,7 @@ The technology leverages Snyk-managed services and selected third-party Large La * Snyk Assist **does not** perform security analysis, check your code for vulnerabilities, comment on code quality, or provide specific code samples. For code scanning and analysis, continue using the Snyk CLI, Snyk IDE extensions, or recurring SCM tests integrated with your repositories. * Snyk Assist provides information from its body of knowledge, but responses should not be considered legal, security, or compliance advice. While we strive for accuracy, Snyk is not liable for decisions made based on information provided by Snyk Assist. Always verify critical security information through official Snyk documentation and tools. -See the usage disclaimer [here](https://snyk.io/policies/snyk-assist-disclaimer). +See the [usage disclaimer](https://snyk.io/policies/snyk-assist-disclaimer). {% endhint %} ## Using Snyk Assist @@ -43,7 +43,7 @@ Snyk Assist is accessible directly within the Snyk Learn interface for users wit 2. Click the **Snyk Assist** icon to open the chat window. This is found in the bottom right of the page. 3. Type your questions about Snyk products or application security concepts into the chat prompt. -Snyk Assist will answer based on its knowledge base, potentially including links to relevant documentation, Learn lessons, and Snyk blogs. +Snyk Assist answers based on its knowledge base, potentially including links to relevant documentation, Learn lessons, and Snyk blogs. {% hint style="info" %} If you do not see the chat icon, your Snyk admin may not have enabled this functionality for your Group. Additionally, ensure that the default Org in your Snyk settings is set to your company's Snyk Org and not a personal Snyk Org. @@ -63,6 +63,6 @@ After Snyk Assist is enabled, it is visible and accessible on Snyk Learn for the

Snyk Assist settings page

-## Data Handling and Safeguards +## Data handling and safeguards See [How Snyk handles your data](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/ELvljsaLKPkSpffOkmsQ/how-snyk-handles-your-data#snyk-learn) for more information on this topic. diff --git a/discover-snyk/snyk-learn/snyk-learn-access-controls.md b/discover-snyk/snyk-learn/snyk-learn-access-controls.md index 5ecf262e5a5f..1389a6e05394 100644 --- a/discover-snyk/snyk-learn/snyk-learn-access-controls.md +++ b/discover-snyk/snyk-learn/snyk-learn-access-controls.md @@ -12,7 +12,7 @@ description: >- Assignment permissions are available in the Snyk Learning Management add-on offering. Report permissions are available to Snyk Enterprise plan customers. For more information, contact your Snyk account team. {% endhint %} -**Snyk Learn Access Controls** functionality enables you to manage user permissions for Snyk Learn using the same [access control model](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/snyk-platform-administration/user-roles/user-role-management) as the Snyk Platform. A Group Admin can create custom roles with a set of permissions related to Snyk Learn Assignments. These roles can reflect users and functions in the Organization. For example, you can limit permissions for education and training management functionality for Snyk Learn to the user who is the education and training manager at your organization. +**Snyk Learn Access Controls** functionality lets you manage user permissions for Snyk Learn using the same [access control model](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/snyk-platform-administration/user-roles/user-role-management) as the Snyk Platform. A Group Admin can create custom roles with a set of permissions related to Snyk Learn Assignments. These roles can reflect users and functions in the Organization. For example, you can limit permissions for education and training management functionality for Snyk Learn to the user who is the education and training manager at your organization. {% hint style="info" %} Group and Organization Admins have access to Snyk Learn Reports and Assignments by default without extra permissions. @@ -20,7 +20,7 @@ Group and Organization Admins have access to Snyk Learn Reports and Assignments #### Assignments -To grant permissions for access to Assignments beyond the default Organization and Group Admin roles, you must create a [custom role](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/snyk-platform-administration/user-roles/custom-role-templates/snyk-learn-learning-admin) with a set of permissions for assignments. The custom role must have the View Users permission in order for managing assignments to work. The following lists the permissions for managing assignments: +To grant permissions for access to Assignments beyond the default Organization and Group Admin roles, you must create a [custom role](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/snyk-platform-administration/user-roles/custom-role-templates/snyk-learn-learning-admin) with a set of permissions for assignments. The custom role must have the View Users permission for managing assignments to work. The following lists the permissions for managing assignments: * View Organization assignments * Edit Organization assignments diff --git a/discover-snyk/snyk-learn/snyk-learn-api.md b/discover-snyk/snyk-learn/snyk-learn-api.md index a4bae19636a9..fe1f019956b0 100644 --- a/discover-snyk/snyk-learn/snyk-learn-api.md +++ b/discover-snyk/snyk-learn/snyk-learn-api.md @@ -6,7 +6,7 @@ The Snyk Learn API endpoints are [Beta](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/rest-api/about-the-rest-api#versioning) endpoints. {% endhint %} -The Snyk Learn API endpoints are part of the [Snyk REST API](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/rest-api/about-the-rest-api) and allow for programmatic interaction with Snyk Learn. +The Snyk Learn API endpoints are part of the [Snyk REST API](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/rest-api/about-the-rest-api) and let you interact programmatically with Snyk Learn. The Snyk REST API requires authentication. For information about authentication, see [Authentication for API](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/authentication-for-api). diff --git a/discover-snyk/snyk-learn/snyk-learn-assignments.md b/discover-snyk/snyk-learn/snyk-learn-assignments.md index cdb5f59472d1..82773cb30e2a 100644 --- a/discover-snyk/snyk-learn/snyk-learn-assignments.md +++ b/discover-snyk/snyk-learn/snyk-learn-assignments.md @@ -6,7 +6,7 @@ Assignments are available in the Snyk Learning Management add-on offering. For more information, contact your Snyk account team. {% endhint %} -Assignments streamline training management by empowering admins to assign, track, and manage learning efficiently. The Assignments feature enhances accountability by allowing customers to set due dates for completion and seamlessly integrate with organizational goals, for example, compliance timelines, ensuring alignment across training initiatives. +Assignments streamline training management by empowering admins to assign, track, and manage learning efficiently. The Assignments feature enhances accountability by letting you set due dates for completion and integrate with organizational goals, for example, compliance timelines, ensuring alignment across training initiatives. Using Assignments, your company can gain: @@ -17,7 +17,7 @@ Using Assignments, your company can gain: * Compliance: Get help with meeting regulatory requirements through the timely completion of mandatory training. {% hint style="info" %} -Snyk Learn Assignments support Organizations with up to 5000 members. +Snyk Learn Assignments support Organizations with up to 5,000 members. {% endhint %} ## Use cases for assignments @@ -66,7 +66,7 @@ By default, only Snyk Org or Group admins can create assignments. Group admins c

Creating new assignments button on the Assignments Dashboard page

-The **New Assignments** page opens, which allows you to create assignments for Snyk Organization users. On the **New Assignments** page: +The **New Assignments** page opens, where you can create assignments for Snyk Organization users. On the **New Assignments** page: 1. Verify that the selected Organization is correct. @@ -88,7 +88,7 @@ The **New Assignments** page opens, which allows you to create assignments for S
-6. Optionally reset user learning progress. If selected this forces users to retake lessons that have already been completed. +6. Optionally reset user learning progress. If selected, this forces users to retake lessons that have already been completed.

Optionally reset user learning progress

diff --git a/discover-snyk/snyk-learn/snyk-learn-learning-programs.md b/discover-snyk/snyk-learn/snyk-learn-learning-programs.md index 0e4b5d8d26f1..fdd2fe251f45 100644 --- a/discover-snyk/snyk-learn/snyk-learn-learning-programs.md +++ b/discover-snyk/snyk-learn/snyk-learn-learning-programs.md @@ -8,11 +8,11 @@ This feature is available in Early Access as part of the Snyk Learning Managemen Send feedback to your Snyk account team, or email [support@snyk.io](mailto:support@snyk.io). {% endhint %} -Learning programs allow Snyk administrators to curate specific paths of security education and Snyk product training, and assign them to groups of developers or Snyk users. By grouping lessons into programs and setting deadlines, organizations can automate security onboarding, meet compliance requirements, and drive targeted remediation. +Learning programs let Snyk administrators curate specific paths of security education and Snyk product training, and assign them to groups of developers or Snyk users. By grouping lessons into programs and setting deadlines, organizations can automate security onboarding, meet compliance requirements, and drive targeted remediation. ## Prerequisites -To create and manage learning programs, you must must be a [Tenant Admin](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/snyk-hierarchy/tenant) or have a custom role with the `tenant.learning_program.edit` and `tenant.learning_program.read` permissions. +To create and manage learning programs, you must be a [Tenant Admin](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/snyk-hierarchy/tenant) or have a custom role with the `tenant.learning_program.edit` and `tenant.learning_program.read` permissions. ### Example: Creating a custom role @@ -52,7 +52,7 @@ curl --location --globoff --request POST "https://api.snyk.io/rest/tenants/{tena ## Creating a new learning program {% hint style="info" %} -Programs cannot be edited once they have started. Ensure your lesson list and participant list are final before the start date of the program. +Programs cannot be edited after they have started. Ensure your lesson list and participant list are final before the start date of the program. During Early Access, there is a limit to 300 participants per program. {% endhint %} @@ -61,7 +61,7 @@ Follow these steps to build and launch a new training initiative: 1. Navigate to [Learning Programs](https://learn.snyk.io/admin/management/). 2. Click **Create new learning program**. Enter a unique name (for example, `New Joiners 2026`) and a description. -3. Browse the available Snyk Learn catalog and select the modules you wish to include in the learning program. +3. Browse the available Snyk Learn catalog and select the modules you want to include in the learning program. 4. Download the participants `.csv` template provided in the UI, add the email addresses of your learners, and upload the file. 5. Set the start date and duration for your learning program, and choose whether to send reminders to your users. 6. If needed, you can reset progress for lessons to have your users retake those lessons. @@ -97,6 +97,6 @@ The progress state for each user is displayed: ## Completing a learning program -Learning programs complete automatically once the scheduled end date is reached. +Learning programs complete automatically after the scheduled end date is reached. If needed, you can click **Mark as Completed** on the program details page to end the program early. diff --git a/discover-snyk/snyk-learn/snyk-learn-reports/README.md b/discover-snyk/snyk-learn/snyk-learn-reports/README.md index 57b776d0f726..673b23c20a3e 100644 --- a/discover-snyk/snyk-learn/snyk-learn-reports/README.md +++ b/discover-snyk/snyk-learn/snyk-learn-reports/README.md @@ -3,14 +3,14 @@ {% hint style="info" %} **Feature availability** -Snyk Learn organization reports are available only with Enterprise plans. Snyk Learn assignment reports and program reports are available only in the Learning Management add-on offering. +Snyk Learn organization reports are available only with Enterprise plans. Snyk Learn assignment reports and program reports are available only in the Learning Management add-on offering. -For more information, see [plans and pricing](https://snyk.io/plans/). +For more information, visit [plans and pricing](https://snyk.io/plans/). {% endhint %} Snyk Learn offers reports to help you track learning progress across your Snyk tenant. -Snyk Learn offers [organization-level reports](organization-reports.md) to understand on an org by org basis how your teams are engaging with the Snyk Learn content. This is useful for team leads or security champions to track the progress of their teams. +Snyk Learn offers [organization-level reports](organization-reports.md) to understand on an Organization by Organization basis how your teams are engaging with the Snyk Learn content. This is useful for team leads or security champions to track the progress of their teams. You can use the [assignments report](assignment-reports.md) to track individual [Snyk Learn assignments](../snyk-learn-assignments.md). diff --git a/discover-snyk/snyk-learn/snyk-learn-reports/assignment-reports.md b/discover-snyk/snyk-learn/snyk-learn-reports/assignment-reports.md index d66cc603e423..b407e3530c88 100644 --- a/discover-snyk/snyk-learn/snyk-learn-reports/assignment-reports.md +++ b/discover-snyk/snyk-learn/snyk-learn-reports/assignment-reports.md @@ -4,24 +4,24 @@ Snyk Learn assignment reporting is available only in the Learning Management add-on offering. For more information, contact your Snyk account team. {% endhint %} -After you have created your first [Assignments](../snyk-learn-assignments.md) with Snyk Learn, you can use the Assignment reporting to track progress at an organization level. This is useful for team managers, security champions, AppSec engineers, and compliance team members to follow up on detailed progress and to extract reports for compliance usage. +After you have created your first [Assignments](../snyk-learn-assignments.md) with Snyk Learn, you can use the Assignment reporting to track progress at an organization level. This is useful for team managers, security champions, AppSec engineers, and compliance team members to follow up on detailed progress and to extract reports for compliance use. ## Assignment report By navigating to your [assignment](https://learn.snyk.io/admin/assignments/) dashboard, you can find reports showing your organizational progress against assignments. -You can also use the filter to drill down further, and the buttons below the filter allow you to change the due date, delete assignments, and also trigger email reminders for your users. +You can also use the filter to drill down further. The buttons next to the filter let you change the due date, delete assignments, and trigger email reminders for your users.
### Changing the due date -First, select the assignments you would like to change the due date for, and then press the icon highlighted in the image below. You will then be asked to pick a new date. This updates the due date, and also updates the user's Learning Progress dashboard. +First, select the assignments you want to change the due date for, and then click the highlighted icon. Snyk asks you to pick a new date. This updates the due date and the Learning Progress dashboard of the user.
### Sending a reminder email -By selecting an assignment and then pressing the button highlighted you can trigger a reminder email to be sent. You will be offered the chance to add a custom message before the reminder is sent. +Select an assignment and then click the highlighted button to trigger a reminder email. You can add a custom message before Snyk sends the reminder.
diff --git a/discover-snyk/snyk-learn/snyk-learn-reports/organization-reports.md b/discover-snyk/snyk-learn/snyk-learn-reports/organization-reports.md index a023357202a8..572bd16b6392 100644 --- a/discover-snyk/snyk-learn/snyk-learn-reports/organization-reports.md +++ b/discover-snyk/snyk-learn/snyk-learn-reports/organization-reports.md @@ -9,7 +9,7 @@ Snyk Learn organization reports are available only with Enterprise plans. For mo By default, only Snyk Org or Group admins can view and export reports. Group admins can create custom roles by using the standard Snyk workflow. Learn more about the access controls for reports at [Snyk Learn Access Controls](../snyk-learn-access-controls.md). {% hint style="info" %} -Snyk Learn organization reports support Organizations with up to 5000 members. +Snyk Learn organization reports support Organizations with up to 5,000 members. {% endhint %} ## Organization Overview report diff --git a/discover-snyk/snyk-learn/snyk-learn-reports/program-reporting.md b/discover-snyk/snyk-learn/snyk-learn-reports/program-reporting.md index 2f5a876277ea..7e23e6418272 100644 --- a/discover-snyk/snyk-learn/snyk-learn-reports/program-reporting.md +++ b/discover-snyk/snyk-learn/snyk-learn-reports/program-reporting.md @@ -10,7 +10,7 @@ Snyk Learn provides a Snyk in-app reporting powered report to give you insights The goal of the engagement report is to provide insights into the overall progress of your security education and training programs, and give you insights into which parts of your Organization are engaging with Snyk Learn content. You can use the data and insights to better optimize your program, find security champions, generate reports for compliance, and show progress to your executive sponsors. This report is available at the Group level. -Read more about this report [here](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/prevent/analytics/reports-tab/education-reports#learn-engagement). +Learn more in the [Learn engagement report documentation](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/prevent/analytics/reports-tab/education-reports#learn-engagement). {% hint style="info" %} [Learning Programs](../snyk-learn-learning-programs.md) are not included in the Engagement Report @@ -24,9 +24,9 @@ Read more about this report [here](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpF The Learning Impact & Opportunities report is available in Early Access. {% endhint %} -The goal of the Impact and Opportunities report is to provide insights into the impact your security education and training programs have on code issue remediation and prevention. In addition, the report gives recommendations for future training based on your code issue backlog and issues that were introduced during the selected time period of the report. This report is available at the Group level. +The goal of the Impact and Opportunities report is to provide insights into the impact your security education and training programs have on code issue remediation and prevention. In addition, the report gives recommendations for future training based on your code issue backlog and issues introduced during the selected time period of the report. This report is available at the Group level. -Read more about this report [here](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/prevent/analytics/reports-tab/education-reports#learning-impact-and-opportunities). +Learn more in the [Learning Impact and Opportunities report documentation](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/prevent/analytics/reports-tab/education-reports#learning-impact-and-opportunities).
diff --git a/discover-snyk/snyk-learn/your-learning/README.md b/discover-snyk/snyk-learn/your-learning/README.md index f799cdd373cf..bcc5eaa59f5e 100644 --- a/discover-snyk/snyk-learn/your-learning/README.md +++ b/discover-snyk/snyk-learn/your-learning/README.md @@ -20,7 +20,7 @@ In your profile, you can set your learning preferences, including the preferred ## In progress learning -The [Learning Progress](https://learn.snyk.io/user/learning-progress/) area lets you see your in-progress learning and start where you left off. You will also receive recommendations for what to learn next. +The [Learning Progress](https://learn.snyk.io/user/learning-progress/) area lets you see your in-progress learning and start where you left off. You also receive recommendations for what to learn next. ## Vulnerabilities in your code @@ -58,4 +58,4 @@ Some Snyk Learn lessons include a quiz at the end to test your knowledge. You mu ## Certificates of completion -For all Snyk Learn security learning paths, you will be awarded a Certificate of Completion upon completion. The certificate recognizes your time and effort to improve your security skills and knowledge. You can download a PDF of the certificate from the Learning Path page. +For all Snyk Learn security learning paths, Snyk awards you a Certificate of Completion upon completion. The certificate recognizes your time and effort to improve your security skills and knowledge. You can download a PDF of the certificate from the Learning Path page. diff --git a/discover-snyk/snyk-learn/your-learning/claiming-cpe-credits-with-snyk-learn.md b/discover-snyk/snyk-learn/your-learning/claiming-cpe-credits-with-snyk-learn.md index cc93e2d957c8..3c4fed44e0a1 100644 --- a/discover-snyk/snyk-learn/your-learning/claiming-cpe-credits-with-snyk-learn.md +++ b/discover-snyk/snyk-learn/your-learning/claiming-cpe-credits-with-snyk-learn.md @@ -4,7 +4,7 @@ description: >- and learning paths. --- -# Claiming CPE Credits with Snyk Learn +# Claiming CPE credits with Snyk Learn Snyk Learn offers a range of security education lessons and learning paths designed to enhance your application security skills. While these lessons provide valuable knowledge, they do not automatically grant Continuing Professional Education (CPE) credits. To claim CPE credits for your participation in Snyk Learn lessons and learning paths, follow these steps. @@ -22,7 +22,7 @@ The specific process for claiming CPE credits may vary depending on your certify * Duration: Time spent on the module 3. Submit to your certification body. 1. Access the CPE submission portal of your certifying organization, such as ISC2 or ISACA. - 2. Enter the recorded details and provide any required documentation, such as completion certificates (available for Learning Paths) or screenshots of the completed lesson in your Learning Progress dashboard or the lesson page, see examples below. + 2. Enter the recorded details and provide any required documentation, such as completion certificates (available for Learning Paths) or screenshots of the completed lesson in your Learning Progress dashboard or the lesson page. See the following examples. 4. Provide additional information if requested. You may be asked to supply further details or respond to inquiries from your certifying body to verify your CPE claim. ### Examples diff --git a/discover-snyk/snyk-platform-administration/structure-your-account-for-high-application-performance.md b/discover-snyk/snyk-platform-administration/structure-your-account-for-high-application-performance.md index cee177b1526b..1feb7cfcf55d 100644 --- a/discover-snyk/snyk-platform-administration/structure-your-account-for-high-application-performance.md +++ b/discover-snyk/snyk-platform-administration/structure-your-account-for-high-application-performance.md @@ -10,11 +10,11 @@ Snyk recommends structuring your Organizations so that there are no more than 2, If you have more than 2,000 users in an Organization, you begin to risk performance issues. When the application must load a large number of users, performance is slowed for the dashboard and the Group members management page. -If users have a large number of memberships in a given Group, all requests--in the Snyk Web UI and through the CLI and the API, are slowed because, on most requests, calculations and queries occur to check access and permissions. +If users have a large number of memberships in a given Group, all requests — in the Snyk Web UI and through the CLI and the API — are slowed because, on most requests, calculations and queries occur to check access and permissions. ## Structure of Groups -A small number of Snyk customers have more than one Group, for example, to keep different business units completely separate. However, anyone considering multiple Groups must understand the limitations of setting up their account with multiple groups. +A small number of Snyk customers have more than one Group, for example, to keep different business units completely separate. However, anyone considering multiple Groups must understand the limitations of setting up their account with multiple Groups. Specifically, each Group is a standalone entity. This has the following consequences: diff --git a/discover-snyk/supported-languages-package-managers-and-frameworks/apex.md b/discover-snyk/supported-languages-package-managers-and-frameworks/apex.md index b81862429f37..a562e7553cd0 100644 --- a/discover-snyk/supported-languages-package-managers-and-frameworks/apex.md +++ b/discover-snyk/supported-languages-package-managers-and-frameworks/apex.md @@ -19,7 +19,7 @@ For Apex, Snyk supports the following features: * CLI and IDE: test or monitor your app. For more information, see [Snyk CLI for Snyk Code](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/scan-and-maintain-projects-using-the-cli/snyk-cli-for-snyk-code). {% hint style="info" %} -The **Snyk fix PR** feature is not available for Apex. This means that you will not be notified if the PR checks fail when the following conditions are met: +The **Snyk fix PR** feature is not available for Apex. This means that Snyk does not notify you if the PR checks fail when the following conditions are met: * The **PR checks** feature is enabled and configured to **Only fail when the issues found have a fix available.** * "**Fixed in" available** is set to **Yes.** diff --git a/discover-snyk/supported-languages-package-managers-and-frameworks/java-and-kotlin/README.md b/discover-snyk/supported-languages-package-managers-and-frameworks/java-and-kotlin/README.md index 8e7f18e389e2..fa7355cdbb1c 100644 --- a/discover-snyk/supported-languages-package-managers-and-frameworks/java-and-kotlin/README.md +++ b/discover-snyk/supported-languages-package-managers-and-frameworks/java-and-kotlin/README.md @@ -133,7 +133,7 @@ Available features: ## Validating, monitoring, alerting, and gating for Java and Kotlin -For SCM integrations, Snyk allows you to [run PR Checks](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/prevent/pull-request-checks) to validate submitted changes to code and open source packages before merging. Snyk can also retest and alert on the default branch on a scheduled basis. You can see the results on the **Projects** page. +For SCM integrations, Snyk lets you [run PR Checks](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/prevent/pull-request-checks) to validate submitted changes to code and open source packages before merging. Snyk can also retest and alert on the default branch on a scheduled basis. You can see the results on the **Projects** page. For CI/CD integrations, Snyk can passively monitor and provide a QA gate by failing build checks during testing for policy violations. @@ -150,7 +150,7 @@ Snyk provides flexible capabilities, including: Snyk can monitor container images and their open source or Linux based packages being used in production using Kubernetes integration, to notify customers of known vulnerabilities for applications in production. This feature is available for Enterprise plans only. -Where a production integration does not exist, use the [snyk monitor](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/commands/monitor) CLI command to take a snapshot and monitor what is being pushed to production (available for all plans). +Where a production integration does not exist, use the [snyk monitor](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/commands/monitor) CLI command to take a snapshot and monitor what you push to production (available for all plans). ## Java support for BOM @@ -198,7 +198,7 @@ Example of a BOM file: The `dependencyManagement` section contains dependency elements. Each dependency is a lookup reference for Maven to determine the version to select for transitive (and direct) dependencies. -Defining a dependency in the `dependencyManagement` section ia used only for lookup reference, it does not add it to the dependency tree of the Project. +Defining a dependency in the `dependencyManagement` section is used only for lookup reference. It does not add the dependency to the dependency tree of the Project. You can run `mvn dependency:tree` on the previous BOM example to show that Maven does not treat the contents as dependencies of the file itself. diff --git a/discover-snyk/supported-languages-package-managers-and-frameworks/java-and-kotlin/git-repositories-with-maven-and-gradle.md b/discover-snyk/supported-languages-package-managers-and-frameworks/java-and-kotlin/git-repositories-with-maven-and-gradle.md index b9e1c83daa8f..f35834ad46e1 100644 --- a/discover-snyk/supported-languages-package-managers-and-frameworks/java-and-kotlin/git-repositories-with-maven-and-gradle.md +++ b/discover-snyk/supported-languages-package-managers-and-frameworks/java-and-kotlin/git-repositories-with-maven-and-gradle.md @@ -40,7 +40,7 @@ If you are using Maven or Gradle with a gradle.lockfile, the Git code repository Typically you can instrument testing as part of a build system or adopt a lockfile as part of their process. -* It is quite common for large organizations to monitor applications via Git integration, to begin with, daily monitoring, turning on PR checks for only key applications at the start. +* It is quite common for large organizations to monitor applications through Git integration, to begin with, daily monitoring, turning on PR checks for only key applications at the start. * As developers become familiar with Snyk capabilities, they widen the scope of applications with PR checks for gating. * Use CI/CD to passively monitor and then turn on gating by using the [snyk \[product\] test and monitor commands](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/snyk-ci-cd-integrations/snyk-ci-cd-integration-deployment-and-strategies/snyk-test-and-snyk-monitor-in-ci-cd-integration). @@ -81,12 +81,12 @@ Improved Gradle SCM scanning is in Early Access. You can enable the feature by u The following Gradle features are not supported: * Custom configuration in [buildSrc](https://docs.gradle.org/current/userguide/organizing_gradle_projects.html#sec:build_sources) directories -* Dependencies introduced via [plugins](https://docs.gradle.org/current/userguide/plugins.html). +* Dependencies introduced through [plugins](https://docs.gradle.org/current/userguide/plugins.html). ### Enable improved Gradle SCM scanning {% hint style="warning" %} -Improved Gradle SCM scanning supports importing a maximum limit of 5,000 `build.gradle(.kts)` files per SCM repository. Attempts to import repos with more than 5,000 Gradle build files will fail. +Improved Gradle SCM scanning supports importing a maximum limit of 5,000 `build.gradle(.kts)` files per SCM repository. Attempts to import repos with more than 5,000 Gradle build files fail. {% endhint %} To enable this feature, follow these steps for your Snyk Organization: @@ -104,7 +104,7 @@ After Improved Gradle SCM scanning is enabled: If your application build uses private package repositories, you must configure the relevant Snyk integration to get the most accurate results. -To use package repository integrations with the Improved Gradle scanning feature, use the configuration instructions and settings for Maven. These will be detected and used in improved Gradle scans. +To use package repository integrations with the Improved Gradle scanning feature, use the configuration instructions and settings for Maven. Snyk detects and uses these in improved Gradle scans. In the Java language settings, you can integrate Snyk with your private package repositories (for example, Artifactory or Nexus). This enables Snyk to build a complete dependency tree when scanning Maven or Gradle Projects that reference private packages. @@ -145,4 +145,4 @@ You can configure language settings for your open source libraries and licensing Customers develop advanced dependency management strategies and can choose not to use the standard and frequently used package managers. -For on-time testing using the Snyk API, you can use the [Test](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/reference/test-v1) endpoints. Examples include [Test for issues in a (Maven) public package by group id, artifact id and version](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/reference/test-v1#test-maven-groupid-artifactid-version) and [List issues for a package](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/reference/issues#orgs-org_id-packages-purl-issues). +For one-time testing using the Snyk API, you can use the [Test](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/reference/test-v1) endpoints. Examples include [Test for issues in a (Maven) public package by group id, artifact id and version](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/reference/test-v1#test-maven-groupid-artifactid-version) and [List issues for a package](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/reference/issues#orgs-org_id-packages-purl-issues). diff --git a/discover-snyk/supported-languages/supported-languages-list/.net/README.md b/discover-snyk/supported-languages/supported-languages-list/.net/README.md index eea590219ad1..4c286351eca5 100644 --- a/discover-snyk/supported-languages/supported-languages-list/.net/README.md +++ b/discover-snyk/supported-languages/supported-languages-list/.net/README.md @@ -31,7 +31,7 @@ For .NET with Snyk Code, the following frameworks and libraries are supported: ### Supported file formats -* For C#, Snyk supports the `.aspx` & `.cs` file formats. +* For C#, Snyk supports the `.aspx` and `.cs` file formats. * For VB.NET, Snyk supports the `.vb` file format. ### Available features @@ -103,7 +103,7 @@ To include developer dependencies in NuGet SCM imports, navigate to **Settings** When scanning through an SCM integration, the methodology varies based on your Project format: -* Modern Projects (SDK-style): For modern `.csproj` formats, the scanner utilises the .NET SDK directly to resolve dependencies, resulting in higher accuracy. This also provides the capability of scanning any Project that can be successfully restored by the `dotnet` SDK itself including `Directory.Build.props` files, `global.json`, or Central Package Management (`Directory.Packages.props`). +* Modern Projects (SDK-style): For modern `.csproj` formats, the scanner uses the .NET SDK directly to resolve dependencies, resulting in higher accuracy. This also provides the capability of scanning any Project that can be successfully restored by the `dotnet` SDK itself including `Directory.Build.props` files, `global.json`, or Central Package Management (`Directory.Packages.props`). * Legacy Projects (Non-SDK style): For Projects relying on `packages.config`, `project.json`, or XML-style `*.csproj` , `*.vbproj` or `*.fproj` files. The scanner uses static analysis to approximate the dependency graph based on standard NuGet algorithms. To improve accuracy, migrate to the [Universal Broker](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/snyk-broker/universal-broker) and [enable](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/snyk-broker/universal-broker/basic-steps-to-install-and-configure-universal-broker#enabling-the-universal-broker-for-enhanced-sca-scanning) it for Open Source Scanning. @@ -116,7 +116,7 @@ By default, Microsoft enables the `RestoreEnablePackagePruning` property for the Snyk respects your Project configuration. If you set `RestoreEnablePackagePruning` to `false` in your Project file or `Directory.Build.props`, Snyk does not prune these references during the scan. -For Projects targeting .NET 10.0 and later, Snyk SCM and CLI scanners align with the default Microsoft build behaviour. +For Projects targeting .NET 10.0 and later, Snyk SCM and CLI scanners align with the default Microsoft build behavior. By default, Microsoft enables the `RestoreEnablePackagePruning` property for these target frameworks. This setting prunes framework-provided package references during the restore operation. diff --git a/discover-snyk/supported-languages/supported-languages-list/.net/snyk-cli-for-.net.md b/discover-snyk/supported-languages/supported-languages-list/.net/snyk-cli-for-.net.md index 259b7e07d695..dc9bc2dc6caa 100644 --- a/discover-snyk/supported-languages/supported-languages-list/.net/snyk-cli-for-.net.md +++ b/discover-snyk/supported-languages/supported-languages-list/.net/snyk-cli-for-.net.md @@ -36,10 +36,7 @@ Snyk supports `packages.config` files. To scan these Projects: 1. Run `nuget install -OutputDirectory packages` to install dependencies into the `packages` folder. 2. Ensure the command created the `packages` directory. -3. Run `snyk test` as follows: - 1. Install the dependencies into the packages folder by running `nuget install -OutputDirectory packages` - 2. Ensure that the packages directory has been created by the previous command. - 3. Run `snyk test`. +3. Run `snyk test`. ## Paket diff --git a/discover-snyk/supported-languages/supported-languages-list/.net/troubleshooting-snyk-for-.net.md b/discover-snyk/supported-languages/supported-languages-list/.net/troubleshooting-snyk-for-.net.md index d156c2457b74..731b15708bf7 100644 --- a/discover-snyk/supported-languages/supported-languages-list/.net/troubleshooting-snyk-for-.net.md +++ b/discover-snyk/supported-languages/supported-languages-list/.net/troubleshooting-snyk-for-.net.md @@ -11,19 +11,19 @@ To improve accuracy, migrate to the Universal Broker. ### Static analysis limitations -The following functionality is not supported when using static analysis: +Static analysis does not support the following functionality: * Private dependencies: Snyk cannot access private dependencies, including brokered and non-brokered. Transitive dependencies are not resolved. * Build configuration: Snyk ignores `Directory.Build.props`, `Directory.Build.targets`, and `global.json` files. -* Runtime precision: Snyk cannot reliably identify the specific runtime, which may increase false positives +* Runtime precision: Snyk cannot reliably identify the specific runtime, which can increase false positives. ### Handle runtime false positives -Static analysis may flag vulnerabilities already patched in your environment because it may not detect your specific runtime patch version. +Static analysis can flag vulnerabilities already patched in your environment because it might not detect your specific runtime patch version. #### Vulnerabilities in SCM -If your application runs on a system updated with the latest Microsoft patches, a flagged vulnerability may not be relevant. You can ignore these vulnerabilities in the Snyk Web UI. +If your application runs on a system updated with the latest Microsoft patches, a flagged vulnerability might not be relevant. You can ignore these vulnerabilities in the Snyk Web UI. #### Vulnerabilities in CLI diff --git a/discover-snyk/supported-languages/supported-languages-list/bazel.md b/discover-snyk/supported-languages/supported-languages-list/bazel.md index 83ff82dff847..17da8e01a4ba 100644 --- a/discover-snyk/supported-languages/supported-languages-list/bazel.md +++ b/discover-snyk/supported-languages/supported-languages-list/bazel.md @@ -28,7 +28,7 @@ The Dep Graph API requires specific permissions. If you do not have access, cont You can test Bazel dependencies across any supported ecosystem, except C++, which is not supported by these endpoints. -Use the Snyk Dep Graph API endpoints [Test Dep Graph](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/reference/test-v1) and [Monitor Dep Graph](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/reference/monitor-v1) to test and monitor dependencies managed by Bazel. The monitor capability allows you to submit a tree for Snyk to monitor for vulnerabilities. +Use the Snyk Dep Graph API endpoints [Test Dep Graph](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/reference/test-v1) and [Monitor Dep Graph](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/reference/monitor-v1) to test and monitor dependencies managed by Bazel. The monitor capability lets you submit a tree for Snyk to monitor for vulnerabilities. ### Test and monitor dependencies diff --git a/discover-snyk/supported-languages/supported-languages-list/c-c++.md b/discover-snyk/supported-languages/supported-languages-list/c-c++.md index 8477593399b5..85b918710703 100644 --- a/discover-snyk/supported-languages/supported-languages-list/c-c++.md +++ b/discover-snyk/supported-languages/supported-languages-list/c-c++.md @@ -17,7 +17,7 @@ For C/C++, the following frameworks and libraries are supported: * argparse parser * Asio Library * Boost Library -* Botan LIbrary +* Botan Library * C Standard Library * C++ Standard Library * Curl library @@ -36,7 +36,7 @@ For C/C++, the following frameworks and libraries are supported: {% column %} * MySQL framework * OpenSSL framework -* POSIX LIbrary +* POSIX Library * pugixml library * SQLite library * WinHTTP framework @@ -61,13 +61,13 @@ For C/C++ with Snyk Code, Snyk supports the following file formats: `.c`, `.cc`, * SCM import * Support for interfile analysis -If you use macros, it is possible that your results include false positives and false negatives. +If you use macros, your results can include false positives and false negatives. For C/C++ Projects: * Snyk does not require compilation or a build to perform analysis. * Snyk Code analyzes the source code directly. -* If you have precompile components, ensure the source code is available during the scan. +* If you have precompiled components, ensure the source code is available during the scan. When using the IDE, you do not need additional options. The Snyk plugin displays results in the IDE views. @@ -80,7 +80,7 @@ When using the IDE, you do not need additional options. The Snyk plugin displays * Test your app's SBOM and packages using `pkg:generic` or `pkg:conan` PURLs through [SBOM test](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/commands/sbom-test) CLI command. {% hint style="info" %} -The **Snyk FixPR** feature is not available for C/C++. This means that you will not be notified if the PR checks fail when the following conditions are met: +The **Snyk FixPR** feature is not available for C/C++. This means Snyk does not notify you if the PR checks fail when the following conditions are met: * The **PR checks** feature is enabled and configured to **Only fail when the issues found have a fix available.** * "**Fixed in" available** is set to **Yes.** @@ -103,7 +103,7 @@ To scan for C/C++ Open Source dependencies using the IDE, add the `--unmanaged` ### Troubleshooting -Your Snyk Open Source code is not sent to Snyk severs. Snyk converts the files to a list of hashes before sending them for scanning. +Snyk does not send your Snyk Open Source code to Snyk servers. Snyk converts the files to a list of hashes before sending them for scanning. Snyk matches your code against a database of official open-source releases. If a scan returns no results, check these common causes: @@ -152,7 +152,7 @@ To monitor and share reports, run the following command: snyk monitor --unmanaged --org=*org-id* ``` -Find your org-id under **Organization settings** in the Snyk web UI. Although the Organization ID is optional, Snyk recommends using it. You can use the `snyk-to-html` plugin to generate reports. +Find your org-id under **Organization settings** in the Snyk Web UI. Although the Organization ID is optional, Snyk recommends using it. You can use the `snyk-to-html` plugin to generate reports. For individual scans, use the CLI or IDE and run `snyk monitor --unmanaged` to upload results. This displays license and policy information. @@ -440,7 +440,7 @@ Explore this snapshot at https://app.snyk.io/org/example-org/project/8ac0e233-d0 Notifications about newly disclosed issues related to these dependencies will be emailed to you. ``` -Snyk creates a snapshot of dependencies and vulnerabilities and imports them into the Snyk web UI. You can review the issues and view them in your reports. +Snyk creates a snapshot of dependencies and vulnerabilities and imports them into the Snyk Web UI. You can review the issues and view them in your reports. Importing a Snyk Project with unmanaged dependencies creates a new Snyk Project on the **Projects** page: diff --git a/discover-snyk/supported-languages/supported-languages-list/dart-and-flutter.md b/discover-snyk/supported-languages/supported-languages-list/dart-and-flutter.md index 7c7cfef4a105..909175536efd 100644 --- a/discover-snyk/supported-languages/supported-languages-list/dart-and-flutter.md +++ b/discover-snyk/supported-languages/supported-languages-list/dart-and-flutter.md @@ -69,11 +69,11 @@ The following file formats are supported: `.dart` ### Available features * Test your app's SBOM and packages using `pkg:pub` PURLs through the [SBOM test](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/commands/sbom-test) CLI command -* Test & monitor your Flutter apps native platform dependencies using [`snyk test`](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/commands/test) and [`snyk monitor`](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/commands/monitor) commands +* Test and monitor your Flutter apps native platform dependencies using [`snyk test`](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/commands/test) and [`snyk monitor`](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/commands/monitor) commands ### Testing a Dart applications pub dependency tree -Activate the pub [`sbom`](https://pub.dev/packages/sbom) package & create a minimal `sbom.yaml` file in the root folder of the repository: +Activate the pub [`sbom`](https://pub.dev/packages/sbom) package and create a minimal `sbom.yaml` file in the root folder of the repository: ``` dart pub global activate sbom @@ -84,7 +84,7 @@ spdx: EOF ``` -Use the dart `sbom` command to create a SBOM file & test it using the [`sbom test`](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/commands/sbom-test) command: +Use the dart `sbom` command to create a SBOM file and test it using the [`sbom test`](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/commands/sbom-test) command: ``` dart pub global run sbom @@ -95,7 +95,7 @@ snyk sbom test --experimental --file sbom-pub.json Flutter applications rely on native platform dependencies to handle lower-level tasks, such as analytics, hardware access, or integrating existing functionality. These dependencies can be added through pub packages to extend functionality or integrated directly into build systems like Gradle or Cocoapods. -Snyk’s regular open-source support can scan these packages; however, a complete app build is necessary to make them available in the repository and accessible to CLI tools. +The regular open-source support in Snyk can scan these packages. However, a complete app build is necessary to make them available in the repository and accessible to CLI tools. You can start by building the application for all relevant platforms. This ensures that `pub` fetches all required packages, and the Flutter build system establishes the necessary links for the native build systems. @@ -113,6 +113,6 @@ snyk monitor --all-projects --exclude=example,.symlinks The `--exclude` parameter removes duplicates and ignores example applications, which are part of the plugin source code but not included in regular application builds. -You are now able to view in the Snyk Web UI all native dependencies, including those introduced by third-party plugins. +You can now view in the Snyk Web UI all native dependencies, including those introduced by third-party plugins.

Snyk Project page showing dependencies in Flutter apps

diff --git a/discover-snyk/supported-languages/supported-languages-list/elixir.md b/discover-snyk/supported-languages/supported-languages-list/elixir.md index 6f489e85b0ec..aaa5084b5266 100644 --- a/discover-snyk/supported-languages/supported-languages-list/elixir.md +++ b/discover-snyk/supported-languages/supported-languages-list/elixir.md @@ -19,7 +19,7 @@ For Elixir, the following features are available: * Test your app's SBOM and packages using `pkg:hex` PURLs through the [SBOM test](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/commands/sbom-test) CLI command {% hint style="info" %} -The **Snyk Fix PR** feature is not available for Elixir. This means that you will not be notified if the PR checks fail when the following conditions are met: +The **Snyk Fix PR** feature is not available for Elixir. This means Snyk does not notify you if the PR checks fail when the following conditions are met: * The **PR checks** feature is enabled and configured to **Only fail when the issues found have a fix available.** * "**Fixed in" available** is set to **Yes.** diff --git a/discover-snyk/supported-languages/supported-languages-list/go.md b/discover-snyk/supported-languages/supported-languages-list/go.md index bc9596eaaa69..2f74a1dbeb62 100644 --- a/discover-snyk/supported-languages/supported-languages-list/go.md +++ b/discover-snyk/supported-languages/supported-languages-list/go.md @@ -55,7 +55,7 @@ Available features for Go Projects with dependencies managed by Go Modules and d * Test your app's SBOM and packages using `pkg:golang` PURLs through the [SBOM test](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/commands/sbom-test) command. {% hint style="info" %} -If the **Snyk Fix PR** feature is enabled, this means that you will be notified if the PR checks fail when the following conditions are met: +If the **Snyk Fix PR** feature is enabled, this means Snyk notifies you if the PR checks fail when the following conditions are met: * The **PR checks** feature is enabled and configured to **Only fail when the issues found have a fix available.** * "**Fixed in" available** is set to **Yes.** @@ -63,12 +63,12 @@ If the **Snyk Fix PR** feature is enabled, this means that you will be notified Snyk supports all versions of Go, including the latest stable version listed on the Go [All releases](https://go.dev/dl/) page. -Snyk tracks only official releases. Snyk does not identify commits, including those in the default branch, unless they are included in an official release or tag. For Projects with a package manager, Snyk requires a release to the package manager. For Go and unamanaged scans (C/C++), Snyk requires an official release or tag in the GitHub repository. +Snyk tracks only official releases. Snyk does not identify commits, including those in the default branch, unless they are included in an official release or tag. For Projects with a package manager, Snyk requires a release to the package manager. For Go and unmanaged scans (C/C++), Snyk requires an official release or tag in the GitHub repository. {% hint style="warning" %} Since January 1, 2023, Snyk has not supported govendor Projects. As a general security best practice, Snyk recommends using tools that are consistently maintained and up-to-date. -Since Snyk no longer supports scanning of govendor Projects, a warning is issued and no results are provided. +Because Snyk no longer supports scanning of govendor Projects, Snyk issues a warning and provides no results. {% endhint %} ### Go Modules and dep support @@ -141,7 +141,7 @@ For more details on levels of access to your repository required by different Sn Go modules Projects that rely on modules from private SCM repositories are supported if those repositories are in the same SCM organization as the main project repository. -If you have private modules in repositories from other SCM organizations, it is possible that your Project imports do not work properly. The same is true if your code uses SCM submodules from another organization. +If you have private modules in repositories from other SCM organizations, your Project imports might not work properly. The same is true if your code uses SCM submodules from another organization. If your private modules have other private modules from another SCM organization, your Project imports do not work. All private modules, including the ones within other modules, need to be part of the same SCM organization as the main project repository. diff --git a/discover-snyk/supported-languages/supported-languages-list/java-and-kotlin/snyk-cli-for-java-and-kotlin.md b/discover-snyk/supported-languages/supported-languages-list/java-and-kotlin/snyk-cli-for-java-and-kotlin.md index b1b025610a44..c7f0b14cebaf 100644 --- a/discover-snyk/supported-languages/supported-languages-list/java-and-kotlin/snyk-cli-for-java-and-kotlin.md +++ b/discover-snyk/supported-languages/supported-languages-list/java-and-kotlin/snyk-cli-for-java-and-kotlin.md @@ -52,7 +52,7 @@ snyk test -- -Dpkg_version=1.4 ## CLI help for Gradle Projects -Gradle build can consist of several sub-projects, where each sub-project has its own build.gradle, while the root Project is the only one that also includes a `settings.gradle` file. Sub-projects depend on the root ProjectProjects but can be configured otherwise. +Gradle build can consist of several sub-projects, where each sub-project has its own build.gradle, while the root Project is the only one that also includes a `settings.gradle` file. Sub-projects depend on the root Project but you can configure them otherwise. By default, Snyk CLI scans only the current Project, the Project in the root of the current folder, or the Project that is specified by `--file=path/to/build.gradle`). @@ -62,7 +62,7 @@ To scan all Projects at once (recommended), use the `--all-sub-projects` option: snyk test --all-sub-projects ``` -Each of the individual sub-projects appears as a separate Snyk Project in the eb UI. +Each of the individual sub-projects appears as a separate Snyk Project in the Web UI. To scan a specific Project (for example, "myapp"), use the following command: @@ -136,7 +136,7 @@ By default, Snyk passes `gradle build --no-daemon` in the background when runnin If you see `snyk test` or `snyk monitor` fail on other operating systems because of daemon-related issues, try adding the `--no-daemon` flag to the Snyk command or set `GRADLE_OPTS: '-Dorg.gradle.daemon=false'`. -For tips on disabling the daemon, the [Gradle documentation](https://docs.gradle.org/current/userguide/gradle_daemon.html#sec:disabling_the_daemon). +For tips on disabling the daemon, visit the [Gradle documentation](https://docs.gradle.org/current/userguide/gradle_daemon.html#sec:disabling_the_daemon). ### Lockfiles @@ -190,7 +190,7 @@ Such a dependency file is typically evaluated using an `ant` task defined in `bu ``` -Using the command `ant resolve-dependencies`, dependencies will be downloaded from Maven Central, just like regular Maven dependencies. +Using the command `ant resolve-dependencies`, Maven Central downloads the dependencies, like regular Maven dependencies. To let Snyk know about the dependency tree, you must first convert to the Maven POM format. Start by configuring a new `makepom` task in `build.xml` @@ -210,7 +210,7 @@ ant makepom snyk test --file=pom.xml ``` -The `pom.xml` file does not need to be checked in and can be deleted after a test is done using `snyk`. Additionally, the dependency tree can be monitored using: +You do not need to check in the `pom.xml` file, and you can delete it after a test using `snyk`. You can also monitor the dependency tree using: ``` snyk monitor --file=pom.xml @@ -218,7 +218,7 @@ snyk monitor --file=pom.xml ## Snyk CLI tips and tricks -the [CLI commands and options summary](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/cli-commands-and-options-summary) and the [CLI cheat sheet](https://snyk.io/blog/snyk-cli-cheat-sheet/). Use the `--help` option in the CLI for details of Snyk CLI commands. +See the [CLI commands and options summary](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/cli-commands-and-options-summary) and the [CLI cheat sheet](https://snyk.io/blog/snyk-cli-cheat-sheet/). Use the `--help` option in the CLI for details of Snyk CLI commands. ### Testing your own code @@ -248,27 +248,27 @@ By default, Snyk CLI scans only the current project (the project in the root of `--all-projects` can be used across all package managers, which also includes the behaviors of `--all-sub-projects`, mentioned below. * To scan all projects at once (recommended), use the `--all-sub-projects` option:\ - (that is, `snyk test --all-sub-projects`). Each of the individual sub-projects appears as a separate Snyk Project in the eb UI. + (that is, `snyk test --all-sub-projects`). Each of the individual sub-projects appears as a separate Snyk Project in the Web UI. * To scan a specific project (for example, myapp), use `--sub-project=` (that is, `snyk test --sub-project=myapp`). -specific configurations, [Snyk for Java and Kotlin](../../../supported-languages-package-managers-and-frameworks/java-and-kotlin/). +For specific configurations, see [Snyk for Java and Kotlin](../../../supported-languages-package-managers-and-frameworks/java-and-kotlin/). #### Unmanaged -For more details on unmanaged Jars, [Scan all unmanaged JAR files](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/scan-and-maintain-projects-using-the-cli/scan-all-unmanaged-jar-files). +For more details on unmanaged Jars, see [Scan all unmanaged JAR files](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/scan-and-maintain-projects-using-the-cli/scan-all-unmanaged-jar-files). ### Testing containers -Snyk automatically looks for application (such as open source, maven, and npm) vulnerabilities as part of a container scan. Snyk recommends integrating via CLI or Registry earlier in the pipeline and use this as an additional signal or insight into what is in production. [Snyk CLI for container security](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/scan-and-maintain-projects-using-the-cli/snyk-cli-for-snyk-container). +Snyk automatically looks for application (such as open source, maven, and npm) vulnerabilities as part of a container scan. Snyk recommends integrating through the CLI or Registry earlier in the pipeline and using this as an additional signal or insight into what is in production. See [Snyk CLI for container security](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/scan-and-maintain-projects-using-the-cli/snyk-cli-for-snyk-container). -To test Infrastructure as Code, [Infrastructure as Code security](https://snyk.io/product/infrastructure-as-code-security/). +To test Infrastructure as Code, see [Infrastructure as Code security](https://snyk.io/product/infrastructure-as-code-security/). -To fix vulnerabilities, [Fixing vulnerabilities on Maven projects](https://snyk.io/blog/fixing-vulnerabilities-in-maven-projects/). +To fix vulnerabilities, see [Fixing vulnerabilities on Maven projects](https://snyk.io/blog/fixing-vulnerabilities-in-maven-projects/). ### Options and plugins -To help generate reports locally or at build time, [snyk-to-html plugin](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/scan-and-maintain-projects-using-the-cli/cli-tools/snyk-to-html). +To help generate reports locally or at build time, see the [snyk-to-html plugin](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/scan-and-maintain-projects-using-the-cli/cli-tools/snyk-to-html). -See `--json` and `--sarif` options for generating output that can be programmatically accessed. +Use the `--json` and `--sarif` options to generate output that you can access programmatically. -For advanced filtering options, [snyk-filter](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/scan-and-maintain-projects-using-the-cli/cli-tools/snyk-filter). +For advanced filtering options, see [snyk-filter](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/scan-and-maintain-projects-using-the-cli/cli-tools/snyk-filter). diff --git a/discover-snyk/supported-languages/supported-languages-list/javascript/README.md b/discover-snyk/supported-languages/supported-languages-list/javascript/README.md index be932b6401f7..10e5851a8b16 100644 --- a/discover-snyk/supported-languages/supported-languages-list/javascript/README.md +++ b/discover-snyk/supported-languages/supported-languages-list/javascript/README.md @@ -116,7 +116,7 @@ Snyk supports the following package managers and versions: * pnpm: `pnpm 7`, `pnpm 8`, `pnpm 9`, `pnpm 10` * Yarn: `Yarn 1`, `Yarn 2`, `Yarn 3`, `Yarn 4` -Snyk's default package registry is [npmjs.org](https://www.npmjs.org/). Private package registries are supported. For more information, visit [Package repository integrations.](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-open-source/package-repository-integrations) +The default package registry in Snyk is [npmjs.org](https://www.npmjs.org/). Snyk supports private package registries. For more information, visit [Package repository integrations.](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-open-source/package-repository-integrations) ### Available integrations @@ -143,9 +143,9 @@ Lerna is partially supported. ### Language and package manager considerations {% hint style="info" %} -Only official releases are tracked. Commits, including into the default branch, are not identified unless included in an official release or tag. +Snyk tracks only official releases. Snyk does not identify commits, including those into the default branch, unless they are included in an official release or tag. -In the case of JavaScript packages this means a release to the npmjs.org package registry. +For JavaScript packages, this means a release to the npmjs.org package registry. {% endhint %} #### devDependencies analysis @@ -161,7 +161,7 @@ optionalDependencies are included by default for CLI and CI/CD, as well as SCM i #### Unmanaged JavaScript -If you are on the Enterprise plan and thus have access to the Snyk API, can use the API to get a full list of dependencies and their transitive dependencies. +If you are on the Enterprise plan and have access to the Snyk API, you can use the API to get a full list of dependencies and their transitive dependencies. To test for vulnerabilities, you can use the following API endpoints: @@ -171,7 +171,7 @@ To test for vulnerabilities, you can use the following API endpoints: #### Out of sync lockfiles -Control behavior when the lockfile and package file are in sync can be done using: +Control the behavior for when the lockfile and package file are in sync using: * CLI additional values: `--strict-out-of-sync`, `--fail-on` * Web UI for SCM scans: **Settings** > **Language** > **JavaScript** @@ -188,7 +188,7 @@ For all supported lockfile versions, the following features are available: Snyk can build a dependency tree with or without a lockfile. If a lockfile is present, Snyk uses it as follows: * Locally and with CI/CD: if a lockfile is not present and the scan is performed with the CLI or an IDE, Snyk looks at `node_modules` to determine what is installed. -* With SCM integrations: if a lockfile is not present, Snyk approximates what the tree will look like at build time. This is highly valuable for getting insights into Projects in development or what the next build will look like when there is no lockfile present +* With SCM integrations: if a lockfile is not present, Snyk approximates what the tree looks like at build time. This is valuable for getting insights into Projects in development or what the next build looks like when no lockfile is present. As a user of npm, even though npm-audit is at hand anytime you are working with your dependencies, Snyk provides the following capabilities. These are designed for both individuals and companies: @@ -273,7 +273,7 @@ Snyk uses the Yarn lockfile (`yarn.lock`) to generate a representation of Projec The files Snyk relies on to scan a Project may change on version upgrades of the package manager. Snyk lists only versions verified internally as supported. -If you are using a newer version of Yarn than is not listed on this page, it is possible that Snyk performs as expected because Yarn is using a lockfile version that is already supported. That version of Yarn has likely not been evaluated and, thus not added to this page. +If you are using a newer version of Yarn that is not listed on this page, Snyk might perform as expected because Yarn is using a lockfile version that is already supported. That version of Yarn has likely not been evaluated and so was not added to this page. For all supported Yarn versions, the following features are available: @@ -283,7 +283,7 @@ For all supported Yarn versions, the following features are available: * Automatic and Manual Fix PRs {% hint style="info" %} -Because different versions of Yarn have different feature sets, there are differences in Snyk support in order to match how the package manager works. +Because different versions of Yarn have different feature sets, Snyk support differs to match how the package manager works. Resolutions are supported in Yarn v2 and above. Yarn v1 resolutions are not supported. {% endhint %} @@ -341,11 +341,11 @@ Pnpm workspaces must have the `package.json`, `pnpm-lock.yaml` and `pnpm-workspa Pnpm [workspace protocol](https://pnpm.io/workspaces#workspace-protocol-workspace) is not supported for SCM scans. -Dependencies should be defined explicitly with specific versions, or versions using standard semver. (eg `"foo": "^1.1.0"` ) +Define dependencies explicitly with specific versions, or versions using standard semver (for example, `"foo": "^1.1.0"`). -Dependencies that are defined using workspace protocol for the version (eg `"foo" : "workspace:*"` ) will be listed in SCM scans as undefined version. +Dependencies that you define using workspace protocol for the version (for example, `"foo" : "workspace:*"`) appear in SCM scans as undefined version. -For all workspaces, Fix PRs and Upgrade PRs do not support workspaces lockfile updates. PRs for these Projects will update the `package.json` only. +For all workspaces, Fix PRs and Upgrade PRs do not support workspaces lockfile updates. PRs for these Projects update the `package.json` only. #### CLI scanning considerations @@ -386,7 +386,7 @@ pnpm workspaces must have the `package.json`, `pnpm-lock.yaml` and `pnpm-workspa To detect and scan all workspaces in your Yarn Project, use the CLI options identified for monorepos and workspaces, as well as this Yarn-specific option. -`--yarn-workspaces` : Uses instead of `--all-projects` to detect and scan only Yarn workspaces Projects when a lockfile is present in the root. Other ecosystems will be ignored. +`--yarn-workspaces` : Use instead of `--all-projects` to detect and scan only Yarn workspaces Projects when a lockfile is present in the root. Snyk ignores other ecosystems. ## Validating, monitoring, alerting, and gating for JavaScript diff --git a/discover-snyk/supported-languages/supported-languages-list/javascript/scm-integrations-for-javascript.md b/discover-snyk/supported-languages/supported-languages-list/javascript/scm-integrations-for-javascript.md index 46ccd0b6e105..ca3ac7d12415 100644 --- a/discover-snyk/supported-languages/supported-languages-list/javascript/scm-integrations-for-javascript.md +++ b/discover-snyk/supported-languages/supported-languages-list/javascript/scm-integrations-for-javascript.md @@ -11,7 +11,7 @@ You can configure language settings for open source and licensing at the Organiz 3. Configure the settings based on your package manager - npm, pnpm, or Yarn. * **Scan and fix dev dependencies**: if you check this option, Snyk reads the `devDependencies` property on the `package.json` and reports and fixes any vulnerabilities accordingly. * **Require package.json and package-lock.json/yarn.lock files to be in sync**: when this is checked if the `package.json` and `package-lock.json`/`yarn.lock/pnpm-lock.yaml` files are out-of-sync, Snyk fails the import. - * **Exclude package-lock.json from being generated when fixing vulnerabilities**: if you are using private mirrors or registries, it is possible that a Snyk-generated lockfile is not appropriate for you because Snyk uses the npm registry to update the lockfile. Enterprise customers can use [package repository integrations](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-open-source/package-repository-integrations) to ensure lockfiles are updated correctly. Alternatively, this setting allows you to opt out of getting lockfiles generated for you in Snyk fix pull requests and merge requests. + * **Exclude package-lock.json from being generated when fixing vulnerabilities**: if you are using private mirrors or registries, a Snyk-generated lockfile might not be appropriate for you because Snyk uses the npm registry to update the lockfile. Enterprise customers can use [package repository integrations](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-open-source/package-repository-integrations) to ensure lockfiles are updated correctly. Alternatively, this setting allows you to opt out of getting lockfiles generated for you in Snyk fix pull requests and merge requests. 4. Click **Update Settings** to save changes. ## Package registry integrations (Artifactory/Nexus) @@ -20,7 +20,7 @@ You can configure language settings for open source and licensing at the Organiz Artifactory, Nexus, npm Teams, and npm Enterprise Package Registry integrations are available only for Snyk Enterprise plans. {% endhint %} -Snyk Open Source Gatekeeper plugins integrates with Artifactory to block builds from downloading packages with vulnerability and license issues. +Snyk Open Source Gatekeeper plugins integrate with Artifactory to block builds from downloading packages with vulnerability and license issues. Snyk Open Source can also integrate with Artifactory, Nexus, npm Teams, and npm Enterprise to assist in the security testing of your applications. Snyk uses this integration for dependency resolution, fix calculation, and re-locking lock files. @@ -35,13 +35,13 @@ For more information, see the following external resources: When creating a fix for vulnerabilities using npm v7+ Projects, Snyk uses the default npm `save-prefix` rather than inferring it from your Project. -This means that if you have dependencies using a range format other than the caret range (`^`), it is possible that you see additional changes to the `version` fields in the `package-lock.json` file. +This means that if you have dependencies using a range format other than the caret range (`^`), you might see additional changes to the `version` fields in the `package-lock.json` file. -These changes do not affect day-to-day functionality, as the ranges will be read from the `package.json`. +These changes do not affect day-to-day functionality, as Snyk reads the ranges from the `package.json`. ## Fix PRs for Yarn zero-installs users -In Yarn v2, the [zero-installs](https://yarnpkg.com/features/zero-installs) feature was released, which allowed Yarn developers to work on a Project without having to run `yarn` to install dependencies on their machine. +Yarn v2 introduced the [zero-installs](https://yarnpkg.com/features/zero-installs) feature, which lets Yarn developers work on a Project without having to run `yarn` to install dependencies on their machine. Zero-installs achieved this by installing all the dependencies of a Project inside of the `.yarn/cache` directory and asking users to commit this to their version control system, allowing the next developer to pull any new dependencies directly from the repository. diff --git a/discover-snyk/supported-languages/supported-languages-list/javascript/snyk-cli-for-javascript.md b/discover-snyk/supported-languages/supported-languages-list/javascript/snyk-cli-for-javascript.md index fe60e8128d23..a19dca3eb4e9 100644 --- a/discover-snyk/supported-languages/supported-languages-list/javascript/snyk-cli-for-javascript.md +++ b/discover-snyk/supported-languages/supported-languages-list/javascript/snyk-cli-for-javascript.md @@ -2,7 +2,7 @@ To help generate reports locally or at build time, see the [snyk-to-html plugin](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/scan-and-maintain-projects-using-the-cli/cli-tools/snyk-to-html). -See `--json` and `--sarif` options for generating output that can be programmatically accessed. +Use the `--json` and `--sarif` options to generate output that you can access programmatically. For advanced filtering options, see[ snyk-filter](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/scan-and-maintain-projects-using-the-cli/cli-tools/snyk-filter). @@ -14,7 +14,7 @@ The `snyk test` command tests the first manifest it can find and performs a test * `--yarn-workspaces`: For Yarn Workspaces use the `--all-projects` flag to test and monitor your packages with other package managers or Yarn workspaces or use `--yarn-workspaces` to specifically scan Yarn Workspaces Projects only. {% hint style="info" %} -If you are using a package manager that requires options, it is suggested to target them individually with `--file=` +If you are using a package manager that requires options, Snyk suggests targeting them individually with `--file=` {% endhint %} ### Codebase @@ -24,8 +24,8 @@ If you are using a package manager that requires options, it is suggested to tar ### Containers -* Snyk will automatically look for application (open source) vulnerabilities as part of a container scan. Consider having Snyk integrated through CLI earlier in the pipeline and utilize this for an additional signal of and insight into what is in production. -* If you ship your Node.JS application in a container, be aware that you might also be bundling insecure packages (Linux, open source), alongside your application in addition to what is brought in by the container base image. The Snyk Container CLI can help you identify a base image that minimizes the attack surface of your application. +* Snyk automatically looks for application (open source) vulnerabilities as part of a container scan. Consider integrating Snyk through the CLI earlier in the pipeline and use this for an additional signal of and insight into what is in production. +* If you ship your Node.js application in a container, be aware that you might also be bundling insecure packages (Linux, open source) alongside your application, in addition to what the container base image brings in. The Snyk Container CLI can help you identify a base image that minimizes the attack surface of your application. * For more information on how you can filter to the layer you wish to work on, such as identifying a secure base image to build off of, the layers you are responsible for, or application (OS) vulnerabilities, see [Snyk CLI for container security](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/scan-and-maintain-projects-using-the-cli/snyk-cli-for-snyk-container) ### Infrastructure as Code diff --git a/discover-snyk/supported-languages/supported-languages-list/php.md b/discover-snyk/supported-languages/supported-languages-list/php.md index 6c68c013dc90..10b652c5c4a5 100644 --- a/discover-snyk/supported-languages/supported-languages-list/php.md +++ b/discover-snyk/supported-languages/supported-languages-list/php.md @@ -55,7 +55,7 @@ For PHP with Snyk Open Source, the following file formats are supported: `compos * Test your app's SBOM and packages using `pkg:composer` PURLs through the [SBOM test](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/commands/sbom-test) CLI command. {% hint style="info" %} -The **Snyk Fix PR** feature is not available for PHP. This means that you will not be notified if the PR checks fail when the following conditions are met: +The **Snyk Fix PR** feature is not available for PHP. This means that Snyk does not notify you if the PR checks fail when the following conditions are met: * The **PR checks** feature is enabled and configured to **Only fail when the issues found have a fix available.** * "**Fixed in" available** is set to **Yes.** @@ -74,7 +74,7 @@ After you select a Project for import, Snyk builds the dependency tree based on * `composer.json` * `composer.lock` -If the `composer.lock` file is not present in the repository, the import will not process the `composer.json` manifest. +If the `composer.lock` file is not present in the repository, the import does not process the `composer.json` manifest. By default, Snyk scans your production dependencies. Using the Snyk Web UI, you can configure whether or not to include your development dependencies, such as `require_dev` \[...] in the scan for vulnerabilities. @@ -82,7 +82,7 @@ To update language preferences: 1. Log in to your account and navigate to the relevant Group and Organization that you want to manage. 2. Select **Settings** > **Languages**. -3. Select **Edit settings** for PHP and select **Scan dev dependencies** to set your PHP projects in the specific Organization to include both development and production dependencies. +3. Select **Edit settings** for PHP and select **Scan dev dependencies** to set your PHP Projects in the specific Organization to include both development and production dependencies. 4. Select **Update settings**. These settings are applied to all newly imported Projects and to all existing Projects when they are re-tested. diff --git a/discover-snyk/supported-languages/supported-languages-list/python/README.md b/discover-snyk/supported-languages/supported-languages-list/python/README.md index 436b54cb352f..e32bbdee8ad9 100644 --- a/discover-snyk/supported-languages/supported-languages-list/python/README.md +++ b/discover-snyk/supported-languages/supported-languages-list/python/README.md @@ -79,9 +79,9 @@ For Python, the following frameworks and libraries are supported: ### Directory layout -Snyk Code relies on Python projects to follow a standard directory layout for accurate analysis. Specifically, Snyk Code expects Projects to be compatible with [`setuptools` automatic discovery](https://setuptools.pypa.io/en/latest/userguide/package_discovery.html#auto-discovery), which identifies packages and modules automatically based on the directory structure. This includes support for `init.py` files to ensure that symbols defined in package initialization files are imported correctly, leading to a more accurate and deeper analysis. +Snyk Code relies on Python Projects to follow a standard directory layout for accurate analysis. Specifically, Snyk Code expects Projects to be compatible with [`setuptools` automatic discovery](https://setuptools.pypa.io/en/latest/userguide/package_discovery.html#auto-discovery), which identifies packages and modules automatically based on the directory structure. This includes support for `init.py` files to ensure that symbols defined in package initialization files are imported correctly, leading to a more accurate and deeper analysis. -Both `src-layout` and `flat-layout` are supported. Proper adherence to these conventions allows the scanner to trace code effectively and provide accurate results. +Both `src-layout` and `flat-layout` are supported. Proper adherence to these conventions lets the scanner trace code effectively and provide accurate results. ## Python for Snyk Open Source @@ -155,5 +155,5 @@ If you have manifest files in other directories within the root of the Project, In your Snyk integration settings, locate the **Additional Options** field. Enable a recursive search and add the `--all-projects` option in the **Additional Options** field. {% hint style="warning" %} -If each directory needs a different virtual environment, it is possible that the Snyk scan fails because it uses a single virtual environment for dependency detection. In such cases, Snyk recommends using the CLI or SCM integration instead of an IDE , in order to gather vulnerability details for all dependencies in each Project directory. +If each directory needs a different virtual environment, it is possible that the Snyk scan fails because it uses a single virtual environment for dependency detection. In such cases, Snyk recommends using the CLI or SCM integration instead of an IDE, to gather vulnerability details for all dependencies in each Project directory. {% endhint %} diff --git a/discover-snyk/supported-languages/supported-languages-list/python/cli-support-for-uv.md b/discover-snyk/supported-languages/supported-languages-list/python/cli-support-for-uv.md index a14357b5459a..f2b10750810a 100644 --- a/discover-snyk/supported-languages/supported-languages-list/python/cli-support-for-uv.md +++ b/discover-snyk/supported-languages/supported-languages-list/python/cli-support-for-uv.md @@ -6,7 +6,7 @@ CLI support for uv is in Early Access and available only with Enterprise plans. To enable the feature, visit [Snyk Preview](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/snyk-platform-administration/snyk-preview). {% endhint %} -## Prerequites +## Prerequisites Ensure you have `uv` version 0.9.29 or later installed. diff --git a/discover-snyk/supported-languages/supported-languages-list/python/scm-integrations-and-python.md b/discover-snyk/supported-languages/supported-languages-list/python/scm-integrations-and-python.md index a0c3c0d3b808..48f75eb6eb3f 100644 --- a/discover-snyk/supported-languages/supported-languages-list/python/scm-integrations-and-python.md +++ b/discover-snyk/supported-languages/supported-languages-list/python/scm-integrations-and-python.md @@ -21,8 +21,8 @@ By default, Snyk tests Pip Projects using Python 3.7. {% hint style="warning" %} The behavior of imports, re-tests, and PR checks for Projects with dependencies requiring a higher version of Python varies according to the version specified: -* Python 3.8 or above: scans will fail with an [error](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/error-catalog) message that includes details of the first failed package, the Python version it requires, and the Python version used. -* Python 2.7 or 3.7: scans will succeed, but the incompatible dependencies are omitted from the results. +* Python 3.8 or above: scans fail with an [error](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/error-catalog) message that includes details of the first failed package, the Python version it requires, and the Python version used. +* Python 2.7 or 3.7: scans succeed, but the incompatible dependencies are omitted from the results. {% endhint %} To define which Python minor version Snyk uses to test your Pip Projects imported using SCM integrations, you can use Organization settings and [`.snyk` policy file](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/prevent/policies/the-.snyk-file). @@ -45,7 +45,7 @@ language-settings: The `.snyk` file must be in the same directory as the Project manifest file. -Snyk will select which Python version to use according to the `major`, `minor` and `patch` versions specified in the `.snyk` file. +Snyk selects which Python version to use according to the `major`, `minor` and `patch` versions specified in the `.snyk` file. * `Major` version only (for example, 2 or 3): scanned with default `minor` versions - 2.7 or 3.7 * `Major` and `minor` version (for example, 3.7, 3.8, 3.9, 3.10, 3.11, 3.12, 3.13, 3.14): scanned with 3.7, 3.8, 3.9, 3.10, 3.11, 3.12, 3.13, or 3.14 @@ -67,7 +67,7 @@ The following dependencies are not supported and are removed before the file is To scan Pip Projects, Snyk analyzes your `requirements.txt` files using native `pip` tooling in an isolated Linux environment. -Pip Projects scanned using the SCM integration will be given the same name as the directory where they are located. +Pip Projects scanned using the SCM integration are given the same name as the directory where they are located. Snyk imports any file that follows the `**/*req*.txt` pattern. This can help if you have renamed the `requirements.txt` files, for example, to `requirements-dev.txt`. @@ -106,7 +106,7 @@ Poetry scans fail with an unparsable manifest / unable to parse `pyproject.toml` Under `[tool.poetry]`, Poetry allows `include` to mix plain path strings and `{ path = "...", format = [...] }` inline tables in one array. That is valid TOML 1.0 and a valid Poetry configuration. -Snyk’s Poetry analysis parses `pyproject.toml` with a TOML implementation that does not accept mixed-type inline arrays. Parsing stops at that array, so the file is treated as invalid before dependency logic runs. +The Poetry analysis in Snyk parses `pyproject.toml` with a TOML implementation that does not accept mixed-type inline arrays. Parsing stops at that array, so Snyk treats the file as invalid before running the dependency logic. Example of a failing configuration: @@ -129,7 +129,7 @@ include = [ ## SCM repositories and Pipenv {% hint style="warning" %} -Private PyPI mirrors are not supported. `Pipfiles` specifying a private mirror as their only source will not be imported. +Private PyPI mirrors are not supported. `Pipfiles` specifying a private mirror as their only source are not imported. {% endhint %} To scan Pipenv Projects, Snyk analyzes your `Pipfile` and `Pipfile.lock` files using native `pipenv` tooling in an isolated Linux environment. diff --git a/discover-snyk/supported-languages/supported-languages-list/python/snyk-cli-for-python.md b/discover-snyk/supported-languages/supported-languages-list/python/snyk-cli-for-python.md index 1a573b78e733..dc1e98932af4 100644 --- a/discover-snyk/supported-languages/supported-languages-list/python/snyk-cli-for-python.md +++ b/discover-snyk/supported-languages/supported-languages-list/python/snyk-cli-for-python.md @@ -34,7 +34,7 @@ Poetry v1 and v2 are supported. To build the dependency tree for a Poetry application, Snyk uses `pyproject.toml` and `poetry.lock` files. Both files must be present for Snyk to scan Poetry dependencies and identify issues. -If no `poetry.lock` file is present; you should run `poetry lock` to generate one before scanning. +If no `poetry.lock` file is present, run `poetry lock` to generate one before scanning. For Poetry, it is possible to get mixed `include` entries in `pyproject.toml` @@ -74,7 +74,7 @@ Run `pipenv install` to ensure the CLI can build an up-to-date, accurate depende To build the dependency tree, Snyk analyzes the `setup.py` file, and detects packages listed in the `install_requires` key. -This file will not be discovered automatically by the CLI. It must be specified manually using the `--file` option, for example: +The CLI does not discover this file automatically. You must specify it manually using the `--file` option, for example: ```python snyk test --file=setup.py diff --git a/discover-snyk/supported-languages/supported-languages-list/ruby.md b/discover-snyk/supported-languages/supported-languages-list/ruby.md index 9e94035bd4d0..ebc2687a8758 100644 --- a/discover-snyk/supported-languages/supported-languages-list/ruby.md +++ b/discover-snyk/supported-languages/supported-languages-list/ruby.md @@ -97,7 +97,7 @@ Snyk requires both files to be present to correctly test, monitor, and fix Ruby If your Gemfile needs access to private Gem sources, see [Private gem sources for Ruby configuration](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-open-source/package-repository-integrations/private-gem-sources-for-ruby-configuration). -Using private Gem sources should work normally when you are using the Snyk CLI. +Using private Gem sources works normally when you use the Snyk CLI. When creating Fix PRs for Ruby Projects using private Gem sources, Snyk may need access to the service hosting the Gems to update the file correctly. diff --git a/discover-snyk/supported-languages/supported-languages-list/scala.md b/discover-snyk/supported-languages/supported-languages-list/scala.md index 5bd9a8d649a5..114a58542339 100644 --- a/discover-snyk/supported-languages/supported-languages-list/scala.md +++ b/discover-snyk/supported-languages/supported-languages-list/scala.md @@ -43,7 +43,7 @@ Available features: * Interfile analysis {% hint style="info" %} -The **Snyk Fix PR** feature is not available for Swift and Objective-C. This means that you will not be notified if the PR checks fail when the following conditions are met: +The **Snyk Fix PR** feature is not available for Swift and Objective-C. This means that Snyk does not notify you if the PR checks fail when the following conditions are met: * The **PR checks** feature is enabled and configured to **Only fail when the issues found have a fix available.** * "**Fixed in" available** is set to **Yes.** diff --git a/discover-snyk/supported-languages/supported-languages-list/swift-and-objective-c.md b/discover-snyk/supported-languages/supported-languages-list/swift-and-objective-c.md index 94669f145d24..a5c2a9fa9b7c 100644 --- a/discover-snyk/supported-languages/supported-languages-list/swift-and-objective-c.md +++ b/discover-snyk/supported-languages/supported-languages-list/swift-and-objective-c.md @@ -77,7 +77,7 @@ For Objective-C, Snyk supports `.m` files, and implicitly supports `.h` files. ## Swift and Objective-C for Snyk Open Source -For Swift with Snyk Open Source, Snyk supports Swifts versions from 3.0 up to 6.2.x. +For Swift with Snyk Open Source, Snyk supports Swift versions from 3.0 up to 6.2.x. ### Supported package managers and registries @@ -98,7 +98,7 @@ For Swift and Objective-C with Snyk Open Source, Snyk provides support for packa * For Swift Package Manager: CLI support {% hint style="info" %} -The **Snyk Fix PR** feature is not available for Swift and Objective-C. This means that you will not be notified if the PR checks fail when the following conditions are met: +The **Snyk Fix PR** feature is not available for Swift and Objective-C. This means that Snyk does not notify you if the PR checks fail when the following conditions are met: * The **PR checks** feature is enabled and configured to **Only fail when the issues found have a fix available**. * **"Fixed in" available** is set to **Yes**. @@ -110,9 +110,9 @@ The **Snyk Fix PR** feature is not available for Swift and Objective-C. This mea Snyk supports only Projects using Swift 3.0 or higher. {% endhint %} -In order for Snyk to discover a Project, a `Package.swift` file must be present. Also, Snyk uses the `swift package show-dependencies` command to build the dependency graph. +For Snyk to discover a Project, a `Package.swift` file must be present. Also, Snyk uses the `swift package show-dependencies` command to build the dependency graph. -When the .build folder of your Project is not present - in a pipeline, for example, it is possible that Snyk takes longer to scan your Swift Projects. When the CLI runs the command `swift package show-dependencies`, Swift must resolve the dependencies as part of this process, which can add to the overall time it takes Snyk to complete the scan. Therefore, ensuring that you have your Projects built first and that the .build folder is present can speed up the CLI processing time. +When the .build folder of your Project is not present — in a pipeline, for example — Snyk can take longer to scan your Swift Projects. When the CLI runs the command `swift package show-dependencies`, Swift must resolve the dependencies as part of this process, which can add to the overall time it takes Snyk to complete the scan. Therefore, ensuring that you have your Projects built first and that the .build folder is present can speed up the CLI processing time. Swift Package Manager supports pre-processing and post-processing. For post-processing, custom commands can add extra dependencies. Detecting such dependencies is not supported. diff --git a/discover-snyk/supported-languages/supported-languages-list/typescript.md b/discover-snyk/supported-languages/supported-languages-list/typescript.md index 26b311c31b54..47541fc58989 100644 --- a/discover-snyk/supported-languages/supported-languages-list/typescript.md +++ b/discover-snyk/supported-languages/supported-languages-list/typescript.md @@ -53,7 +53,7 @@ Available features: * Test your app's SBOM and packages using `pkg:npm` PURLs through the [SBOM test](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/commands/sbom-test) CLI command {% hint style="info" %} -The **Snyk Fix PR** feature is not available for TypeScript. This means that you will not be notified if the PR checks fail when the following conditions are met: +The **Snyk Fix PR** feature is not available for TypeScript. This means that Snyk does not notify you if the PR checks fail when the following conditions are met: * The **PR checks** feature is enabled and configured to **Only fail when the issues found have a fix available.** * "**Fixed in" available** is set to **Yes.** diff --git a/discover-snyk/supported-languages/technical-specifications-and-guidance.md b/discover-snyk/supported-languages/technical-specifications-and-guidance.md index fd0f796c194b..79eb17607458 100644 --- a/discover-snyk/supported-languages/technical-specifications-and-guidance.md +++ b/discover-snyk/supported-languages/technical-specifications-and-guidance.md @@ -79,7 +79,7 @@ For more information, see [Snyk Code AI Engine](https://app.gitbook.com/o/-M4tdx ## Language support and CLI, CI/CD, and SCM integrations -Snyk supports a variety of programming languages, enabling seamless integration into your development workflow through CLI commands, CI/CD pipelines, and SCM integrations. +Snyk supports a variety of programming languages, enabling integration into your development workflow through CLI commands, CI/CD pipelines, and SCM integrations. You can use these tools to automatically check your code for security issues as you develop your software. This ensures that strong security practices are part of your development process. diff --git a/discover-snyk/whats-new.md b/discover-snyk/whats-new.md index 92919bf726a6..d9c6a5964dc8 100644 --- a/discover-snyk/whats-new.md +++ b/discover-snyk/whats-new.md @@ -562,7 +562,7 @@ Information has been added about Snyk support for the Model Context Protocol (MC **Snyk Broker** -The Universal Broker feature is now available in Early Access. The Universal Broker separates deployment and container concerns from connection concerns. It allows for a smaller or a single deployment to support numerous connections of varied types. +The Universal Broker feature is now available in Early Access. The Universal Broker separates deployment and container concerns from connection concerns. It lets a smaller or single deployment support numerous connections of varied types. **Snyk CLI** diff --git a/discover-snyk/whats-snyk.md b/discover-snyk/whats-snyk.md index bf177dee7cde..2c3a87185db3 100644 --- a/discover-snyk/whats-snyk.md +++ b/discover-snyk/whats-snyk.md @@ -1,6 +1,6 @@ # What's Snyk? -Snyk is a platform that allows you to scan, prioritize, and fix security vulnerabilities in your code, open-source dependencies, container images, infrastructure as code configurations, and after your web application or API is live. The Snyk platform uses a risk-based approach, focusing security efforts on issues that matter, and eliminating the noise of vulnerabilities that have no meaningful impact. +Snyk is a platform that lets you scan, prioritize, and fix security vulnerabilities in your code, open-source dependencies, container images, infrastructure as code configurations, and after your web application or API is live. The Snyk platform uses a risk-based approach, focusing security efforts on issues that matter, and eliminating the noise of vulnerabilities that have no meaningful impact. To manage and govern the security program, Snyk gives security teams immediate visibility into coverage and business context across all application assets, smart policies to automate and scale in large environments, and analytics and reporting to measure the performance of your security program. @@ -30,13 +30,13 @@ A robust security process secures each component where they are built and mainta You can run Snyk in the following ways: * Web: the Snyk Web UI ([app.snyk.io](https://app.snyk.io)) provides a browser-based experience with functions such as configuration settings, filtering and fixing discovered issues, and reports. -* [CLI](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli): the Snyk Command Line Interface enables you to run vulnerability scans on your local machine and integrate Snyk into your pipeline. -* [IDEs](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/snyk-ide-plugins-and-extensions): the Snyk IDE integrations enable you to embed Snyk in your development environment. -* [API](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/snyk-api): the Snyk API enables you to integrate with Snyk programmatically, tuning Snyk security automation to your specific workflows. +* [CLI](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli): the Snyk Command Line Interface lets you run vulnerability scans on your local machine and integrate Snyk into your pipeline. +* [IDEs](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/snyk-ide-plugins-and-extensions): the Snyk IDE integrations let you embed Snyk in your development environment. +* [API](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/snyk-api): the Snyk API lets you integrate with Snyk programmatically, tuning Snyk security automation to your specific workflows. ## What can Snyk integrate with? -Snyk integrations for your software development process allow you to integrate Snyk into your development and security processes, including source control, IDE, CI/CD, and many others. +Snyk integrations for your software development process let you integrate Snyk into your development and security processes, including source control, IDE, CI/CD, and many others. For details, see [Integrate with Snyk](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/integrate-with-snyk).