Skip to content
Open
Show file tree
Hide file tree
Changes from 4 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 7 additions & 7 deletions discover-snyk/getting-started/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -25,25 +25,25 @@ To create a free account or sign up for a pricing plan, navigate to [snyk.io](ht

If your company has an existing Snyk account and uses single sign-on (SSO), use the SSO link provided by your administrators.

If your company requires an invitation to use Snyk, when you log in for the first time, you may see a list of Organizations, which in Snyk control access to Projects. To request access to an Organization, select the name of an Organization Admin in order to request access.
If your company requires an invitation to use Snyk, when you log in for the first time, you see a list of Organizations, which in Snyk control access to Projects. To request access to an Organization, select the name of an Organization Admin.

{% hint style="info" %}
If you log in with a different authentication provider from the one your company uses for the Snyk account, you create a new account. You will not be logged in to the correct Organization for your company.
If you log in with a different authentication provider from the one your company uses for the Snyk account, you create a new account. You are not logged in to the correct Organization for your company.
{% endhint %}

When you log in to the Snyk Web UI, Snyk shows your preferred (default) Organization. Snyk also uses the settings for your preferred Organization when you test a Project locally using the CLI.

## Set up a Snyk integration

For Snyk to know where to scan, you must provide it with access to your environment. The type of integration you need depends on what systems you use, what you want to scan, and where you want to add the integrations - [Organization](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/integrations/integrate-with-snyk) or [Group](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/integrations/integrate-with-snyk). For information about available integrators, see [Snyk SCM integrations](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/integrations/scm-integrations/organization-level-integrations) and [Integrate with Snyk](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/integrations/integrate-with-snyk).
For Snyk to know where to scan, you must provide it with access to your environment. The type of integration you need depends on what systems you use, what you want to scan, and where you want to add the integrations [Organization](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/integrations/integrate-with-snyk) or [Group](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/integrations/integrate-with-snyk). For information about available integrators, see [Snyk SCM integrations](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/integrations/scm-integrations/organization-level-integrations) and [Integrate with Snyk](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/integrations/integrate-with-snyk).

To scan your code, you must first integrate Snyk with the repository holding that code.

### Guided process

After creating a Snyk account, you can follow the optional getting-started walkthrough prompts to provide information and help Snyk guide your experience. This includes choosing an integration method, setting access permissions, configuring automation settings, and authenticating that integration.

Alternatively, if you want to scan your code without authenticating to your source code repository, you can select the CLI integration. This allows you to run scans from your local machine and upload results to your Organization in Snyk.
Alternatively, if you want to scan your code without authenticating to your source code repository, you can select the CLI integration. This lets you run scans from your local machine and upload results to your Organization in Snyk.

### Manual process

Expand All @@ -61,7 +61,7 @@ Before authenticating, be sure you have set your region properly. For details, s

Your Snyk API token is a personal token available under your user profile. The Snyk API token is associated with your Snyk Account and not with a specific Organization.

Free and Team plan and trial users have access only to tokens under the user profile. Your personal tokens can be used to authenticate with the Snyk CLI running on a local or a build machine and an IDE when you are setting a token manually. Use a personal token with caution if you are authenticating for CI/CD or with the API, which is available for Enterprise plan users only.
Free and Team plan and trial users have access only to tokens under the user profile. You can use your personal tokens to authenticate with the Snyk CLI running on a local or a build machine and an IDE when you are setting a token manually. Use a personal token with caution if you are authenticating for CI/CD or with the API, which is available for Enterprise plan users only.

#### Personal Access Tokens (recommended)

Expand All @@ -84,7 +84,7 @@ To obtain your personal Snyk API token:
2. In your **General** settings, under API Token, select **click to show**.
3. Highlight and copy your API key.

If you want a new API token, select **Revoke & Regenerate**, but this will make the previous API token invalid.
If you want a new API token, select **Revoke & Regenerate**, but this makes the previous API token invalid.

{% hint style="info" %}
For information on when to use an API token and when to use a service account token, available to Enterprise plan users only, visit [Authentication for API](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/snyk-api/authentication-for-api).
Expand All @@ -107,7 +107,7 @@ Importing a Project also does the following:
Snyk Essentials is available only with Enterprise plans. For more information, see [plans and pricing](https://snyk.io/plans/).
{% endhint %}

Snyk Essentials enables Application Security teams to implement, manage, and scale a modern, high-performing, developer security program. It covers use cases under Application Security Posture Management (ASPM).
Snyk Essentials lets Application Security teams implement, manage, and scale a modern, high-performing, developer security program. It covers use cases under Application Security Posture Management (ASPM).

For more information, see [Snyk Essentials](https://app.gitbook.com/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-essentials).

Expand Down
20 changes: 10 additions & 10 deletions discover-snyk/getting-started/glossary.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@

### ADE

An Agentic Development Environment (ADE), also known as an Agentic IDE, is a engineering workspace where AI agents execute defined tasks.
An Agentic Development Environment (ADE), also known as an Agentic IDE, is an engineering workspace where AI agents execute defined tasks.

### Advisor

Expand Down Expand Up @@ -104,7 +104,7 @@ A Command directive is a type of [Directive](glossary.md#directive) that is manu

### Container

Containers allow you to package applications and their dependencies together to be deployed as a single runnable unit. A container is an abstraction provided by the operating system kernel that allows a process to be isolated from other processes running on the system. See also [Snyk Container.](glossary.md#snyk-container)
Containers let you package applications and their dependencies together to be deployed as a single runnable unit. A container is an abstraction provided by the operating system kernel that allows a process to be isolated from other processes running on the system. See also [Snyk Container.](glossary.md#snyk-container)

### Container engine

Expand All @@ -128,15 +128,15 @@ The security controls associated with the asset. Navigate to the Snyk Essentials

### Coverage (Snyk Essentials)

An assessment of whether applicable assets are scanned and tested by security tools (like Snyk Open Source, for instance), as it relates to an application security program. A type of policy that allows you to specify what controls should be applied and, optionally, how often it needs to be run.
An assessment of whether applicable assets are scanned and tested by security tools (like Snyk Open Source, for instance), as it relates to an application security program. A type of policy that lets you specify what controls to apply and, optionally, how often it needs to be run.

### Coverage gap (Snyk **Essentials**)

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
### Coverage gap (Snyk **Essentials**)
### Coverage gap (Snyk Essentials)

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we update the writing-style skill to remove bold from headers?


An assessment of all assets that fall "out of policy" and do not satisfy the coverage criteria you have specified, due to infrequent scanning or no scanning at all.

### CVE

Common Vulnerabilities and Exposures. A widely-used identifier for a well-known vulnerability.
Common Vulnerabilities and Exposures. A widely used identifier for a well-known vulnerability.

### CVSS

Expand Down Expand Up @@ -177,7 +177,7 @@ A set of cultural philosophies, practices, and tools that combine software devel

### DevSecOps

Integrate security seamlessly and transparently into emerging agile IT and DevOps development.
Integrate security transparently into emerging agile IT and DevOps development.

### Docker

Expand Down Expand Up @@ -209,7 +209,7 @@ A measure of how practical an exploit for a vulnerability is, based on whether t

### Fixable / Partially fixable

A measure of whether a vulnerability can be fixed by Sny by applying a patch, upgrade, or pin. See [Vulnerability fix types](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-open-source/manage-vulnerabilities/vulnerability-fix-types).
A measure of whether Snyk can fix a vulnerability by applying a patch, upgrade, or pin. See [Vulnerability fix types](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-open-source/manage-vulnerabilities/vulnerability-fix-types).

### Fix PR

Expand Down Expand Up @@ -327,7 +327,7 @@ Natural Language Processing.The technology that enables computers to understand,

### NPX

`npx` (Node Package Execute) is a command-line tool bundled with `npm` that allows you to run `Node.js` packages without requiring installation.
`npx` (Node Package Execute) is a command-line tool bundled with `npm` that lets you run `Node.js` packages without requiring installation.

## O

Expand Down Expand Up @@ -503,7 +503,7 @@ A platform providing Cloud Native Application Security (CNAS) solutions, allowin

### Snyk Advisor

A free web application that allows you to compare software packages across open-source ecosystems. It provides insights into the overall health of a particular package by combining community and security data into a single unified view. See [Snyk Advisor](https://snyk.io/advisor/).
A free web application that lets you compare software packages across open-source ecosystems. It provides insights into the overall health of a particular package by combining community and security data into a single unified view. See [Snyk Advisor](https://snyk.io/advisor/).

### Snyk API

Expand Down Expand Up @@ -551,14 +551,14 @@ A library used by the Snyk CLI to scan a certain language or build system.

### Snyk Studio

Snyk Studio embeds Snyk's AI security platform capabilities into any AI-native workflow. Snyk Studio is built on two core use cases: '[Secure at Inception](glossary.md#secure-at-inception),' which proactively prevents new, AI-generated vulnerabilities using configurable directives, and 'Intelligent Remediation,' which clears existing security backlogs at scale.
Snyk Studio embeds the AI security platform capabilities of Snyk into any AI-native workflow. Snyk Studio is built on two core use cases: '[Secure at Inception](glossary.md#secure-at-inception),' which proactively prevents new, AI-generated vulnerabilities using configurable directives, and 'Intelligent Remediation,' which clears existing security backlogs at scale.

### Snyk Security Intelligence

A component powering the Snyk cloud-native application security platform.\
Incorporates the Snyk Intel Vulnerability DB: the Snyk database of vulnerabilities, providing detailed information and fix advice for known vulnerabilities. See [Vulnerability DB](https://snyk.io/vuln).

### Snyk web UI
### Snyk Web UI

The browser-based environment that provides users access to Snyk functions.

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

{% include "../../../../.gitbook/includes/pilot-guide-navigation.md" %}

### Set up SCM integrations and Snyk Essentials by following the steps for all relevant SCMs:
### Set up SCM integrations and Snyk Essentials by following the steps for all relevant SCMs

* [GitHub](github.md)
* [GitLab](gitlab.md)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

{% include "../../../../.gitbook/includes/pilot-guide-navigation.md" %}

Review the steps below to configure the Azure DevOps integration with Snyk. For more details about setting up the GitHub integration, contact your Snyk account team.
Review the following steps to configure the Azure DevOps integration with Snyk. For more details about setting up the integration, contact your Snyk account team.

## Generate an Azure DevOps PAT

Expand Down Expand Up @@ -34,7 +34,7 @@ Configure the Group-level integration by following these steps:
* If relevant, you can also include the Backstage catalog. See the [Backstage file for SCM integrations](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/integrations/scm-integrations/application-context-for-scm-integrations#backstage-file-for-scm-integrations) page for more details.

{% hint style="info" %}
After the integration is configured, the Group-level integration shifts to a **Partially connected** status. During the next synchronization, it will transition to the connected state, and the Inventory view will be filled with data from the GitHub source.
After the integration is configured, the Group-level integration shifts to a **Partially connected** status. During the next synchronization, it transitions to the connected state, and the Inventory view fills with data from the Azure DevOps source.
{% endhint %}

## Configure the Organization-level integration
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

{% include "../../../../.gitbook/includes/pilot-guide-navigation.md" %}

‌Review the steps below to configure the Bitbucket integration with Snyk. For more details about setting up the GitHub integration, contact your Snyk account team.\\
‌Review the following steps to configure the Bitbucket integration with Snyk. For more details about setting up the integration, contact your Snyk account team.\\

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
‌Review the following steps to configure the Bitbucket integration with Snyk. For more details about setting up the integration, contact your Snyk account team.\\
‌Review the following steps to configure the Bitbucket integration with Snyk. For more details about setting up the integration, contact your Snyk account team.


## Generate a BitBucket PAT

Expand Down Expand Up @@ -35,7 +35,7 @@ Configure the Group-level integration by following these steps:
* If relevant, you can also include the Backstage catalog. See the [Backstage file for SCM integrations](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/integrations/scm-integrations/application-context-for-scm-integrations#backstage-file-for-scm-integrations) page for more details.

{% hint style="info" %}
After the integration is configured, the Group-level integration shifts to a **Partially connected** status. During the next synchronization, it will transition to the connected state, and the Inventory view will be filled with data from the GitHub source.
After the integration is configured, the Group-level integration shifts to a **Partially connected** status. During the next synchronization, it transitions to the connected state, and the Inventory view fills with data from the Bitbucket source.
{% endhint %}

## Configure the Organization-level integration
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

{% include "../../../../.gitbook/includes/pilot-guide-navigation.md" %}

‌Review the steps below to configure the GitHub integration with Snyk. For more details about setting up the GitHub integration, contact your Snyk account team.
‌Review the following steps to configure the GitHub integration with Snyk. For more details about setting up the integration, contact your Snyk account team.

## Generate a GitHub PAT

Expand Down Expand Up @@ -32,7 +32,7 @@ Configure the Group-level integration by following these steps:
* Configure the integration and populate all mandatory fields, including the PAT details. For more details, see the [Integrate GitHub using Snyk Essentials](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/integrations/scm-integrations/group-level-integrations/github-for-snyk-essentials#github-integrate-using-snyk-apprisk) page.

{% hint style="info" %}
After the integration is configured, the Group-level integration shifts to a **Partially connected** status. During the next synchronization, it will transition to the connected state, and the Inventory view will be filled with data from the GitHub source.
After the integration is configured, the Group-level integration shifts to a **Partially connected** status. During the next synchronization, it transitions to the connected state, and the Inventory view fills with data from the GitHub source.
{% endhint %}

## Configure the Organization-level integration
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,11 @@

{% include "../../../../.gitbook/includes/pilot-guide-navigation.md" %}

Review the steps below to configure the GitLab integration with Snyk. For more details about setting up the GitHub integration, contact your Snyk account team.
Review the following steps to configure the GitLab integration with Snyk. For more details about setting up the integration, contact your Snyk account team.

## Generate a GitLab PAT

Generate a GitHub PAT with the following permissions enabled:\\
Generate a GitLab PAT with the following permissions enabled:\\

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mikeromard Looking at this the instructions in the Pilot guide are confusing. This is from Group GitLab, but it is asking you to create a GitHub PAT and then select the GitHub integration tile when there is a GitLab one. I can see you and Ann worked on this from the page history, so wondering if you can clarify?

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I didn't author this, but I expect this is just a copy/paste error, and it should say GitLab PAT.


* `api`
* `read_api`
Expand All @@ -26,12 +26,12 @@ Configure the Group-level integration by following these steps:

<figure><img src="../../../../.gitbook/assets/image (307).png" alt=""><figcaption></figcaption></figure>

* Search and select the GitHub integration
* Search and select the GitLab integration
* Configure the integration and populate all mandatory fields, including the PAT details. For more details, see the [Integrate GitLab using Snyk Essentials](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/integrations/scm-integrations/group-level-integrations/gitlab-for-snyk-essentials#gitlab-integrate-using-snyk-apprisk) page.
* If relevant, you can also include the Backstage catalog. See the [Backstage file for SCM integrations](https://app.gitbook.com/s/IEEjSXQQu36y0vmFV8zf/integrations/scm-integrations/application-context-for-scm-integrations#backstage-file-for-scm-integrations) page for more details.

{% hint style="info" %}
After the integration is configured, the Group-level integration shifts to a **Partially connected** status. During the next synchronization, it will transition to the connected state, and the Inventory view will be filled with data from the GitHub source.
After the integration is configured, the Group-level integration shifts to a **Partially connected** status. During the next synchronization, it transitions to the connected state, and the Inventory view fills with data from the GitLab source.
{% endhint %}

## Configure the Organization-level integration
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

{% include "../../../.gitbook/includes/pilot-guide-navigation.md" %}

After setting up your SCM integration, you are ready to import repositories to Snyk. If you have not imported any repos yet, click on the **Import projects** button to start.
After setting up your SCM integration, you are ready to import repositories to Snyk. If you have not imported any repos yet, click **Import projects** to start.

* Open the Snyk Web UI
* Navigate to the Organization-level
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,8 @@ Invite members to the Organization you configured. Follow these steps to invite
* Add the emails of all team members in the text box
* Select their role from the dropdown menu.
* Select **Send invite**
* New members will receive a welcome email from Snyk with a link to sign up and join your organization.
* New members receive a welcome email from Snyk with a link to sign up and join your Organization.

![](https://lh7-rt.googleusercontent.com/docsz/AD_4nXfZakhAyTXXqEigvhHYY0bH3jZ__Zx9kIbt8Dwa9erputbh1_4ZennUPqXzXFfvZBdHzlO6OOLJjUFzo35uDHUSvo5C1HV7HXK4EZ3wAT5zM6PhQWuutwH-DsDmyWVH4JlkGSj1?key=i_CNrr-DvB8PGUAzq09BT3pc)

Alternatively, SSO can be configured as self-serve in the Group settings. More details on that can be found on the [Configure Self-Serve Single Sign-On (SSO)](https://app.gitbook.com/s/IgtgtomLQ2TUgSKOMSAm/user-management/single-sign-on-sso-for-authentication-to-snyk) page.
Alternatively, you can configure SSO as self-serve in the Group settings. For more details, visit [Configure Self-Serve Single Sign-On (SSO)](https://app.gitbook.com/s/IgtgtomLQ2TUgSKOMSAm/user-management/single-sign-on-sso-for-authentication-to-snyk).
Loading