• Browse topics
Login
Login

SNYK LEARN LOGIN

OTHER REGIONS

For Snyk Enterprise customers with regional contracts. More info

Project Onboarding

Establish your security baseline, import assets at scale, and filter out the noise

~15mins estimated

Introduction

This lesson is designed to transition your environment from configuration to active monitoring. You will learn how to perform bulk imports of repositories and assets across your integrated SCMs and registries, establish an initial security baseline for your organization, and apply exclusion filters to ensure Snyk focuses only on relevant, production-critical code.

What is a Snyk Project?

In Snyk, a Project represents an individual scannable target—such as a manifest file, a container image, or a cloud configuration. A single repository or "target" often contains multiple Projects across different Snyk products:

  • Snyk Open Source: Identifies direct and indirect dependencies by analyzing manifest and build configuration files
  • Snyk Code: Performs a one-time analysis of source code files to identify security flaws without retaining your proprietary code
  • Snyk Container: Analyzes Dockerfiles and FROM statements to predict base-image vulnerabilities before the container is even built
  • Snyk Infrastructure as Code (IaC): Audits configuration files against industry benchmarks to prevent cloud misconfigurations before deployment

Strategies for Adding Projects

Regardless of the method, all Projects are onboarded into a Snyk Organization, which serves as your central hub for aggregate reporting and governance. Depending on your development workflows, you can choose from three primary onboarding methods to import your projects:

  • SCM Integration: The most common path. Connect your Source Control Manager (e.g., GitHub) for continuous, automated monitoring
  • Snyk CLI: Use the snyk monitor command to push results into the UI. This is the ideal method for integrating security into your CI/CD pipelines
  • Snyk API: For complex, large-scale environments, use our API-driven import scripts to control the pace of onboarding and avoid SCM rate-limiting
INFO - Best Practice

Adding Project Recommendation

Start small. Import a handful of representative projects first to refine your workflow before scaling across the enterprise.

Scan your code & stay secure with Snyk - for FREE!

Did you know you can use Snyk for free to verify that your code
doesn't include this or other vulnerabilities?

Scan your code

Pre-Import Checklist

Before onboarding projects at scale, configure your environment to ensure a smooth developer experience:

  1. Audit Your Settings: Ensure Organization-level configurations align with your current adoption phase
  2. Prioritize with SBOMs: Use a Software Bill of Materials (SBOM) to assess risk across your portfolio and determine which applications are mission-critical
INFO - Best Practice

Silence the Noise

Consider disabling email notifications and SCM automations (like Fix PRs) by default. When you first onboard a repository, Snyk will likely discover existing vulnerabilities. If automations are active, this initial scan can trigger a flood of alert emails and a sudden wave of automated Pull Requests. By turning these features off initially, you can establish your security baseline quietly, prioritize fixes, and re-enable the automations only when your teams are ready to manage incoming alerts.

Scaling Your Import

Once your pilot process is validated, develop a rollout plan that accounts for your repository structure and the desired speed of adoption. A successful import is not just about quantity of projects. It’s about ensuring every added Project is relevant and actionable for your development teams.

This demo shows a streamlined onboarding workflow on how to import repositories from your SCM, visualize the relationship between Targets and Projects, and establish a high-integrity security baseline for your organization.

Congratulations

Congrats! You have transitioned your Snyk environment from configuration to active monitoring by learning how to perform bulk imports of repositories and assets. You can now successfully visualize the relationships between Targets and Projects and establish a high-integrity security baseline for your organization. With your critical code assets actively being monitored, the next step is defining the precise compliance and risk rules that Snyk will enforce across these projects.