Project Onboarding
Establish your security baseline, import assets at scale, and filter out the noise
~15mins estimatedThis lesson is designed to transition your environment from configuration to active monitoring. You will learn how to perform bulk imports of repositories and assets across your integrated SCMs and registries, establish an initial security baseline for your organization, and apply exclusion filters to ensure Snyk focuses only on relevant, production-critical code.
In Snyk, a Project represents an individual scannable target—such as a manifest file, a container image, or a cloud configuration. A single repository or "target" often contains multiple Projects across different Snyk products:
- Snyk Open Source: Identifies direct and indirect dependencies by analyzing manifest and build configuration files
- Snyk Code: Performs a one-time analysis of source code files to identify security flaws without retaining your proprietary code
- Snyk Container: Analyzes Dockerfiles and FROM statements to predict base-image vulnerabilities before the container is even built
- Snyk Infrastructure as Code (IaC): Audits configuration files against industry benchmarks to prevent cloud misconfigurations before deployment
Regardless of the method, all Projects are onboarded into a Snyk Organization, which serves as your central hub for aggregate reporting and governance. Depending on your development workflows, you can choose from three primary onboarding methods to import your projects:
- SCM Integration: The most common path. Connect your Source Control Manager (e.g., GitHub) for continuous, automated monitoring
- Snyk CLI: Use the snyk monitor command to push results into the UI. This is the ideal method for integrating security into your CI/CD pipelines
- Snyk API: For complex, large-scale environments, use our API-driven import scripts to control the pace of onboarding and avoid SCM rate-limiting
Before onboarding projects at scale, configure your environment to ensure a smooth developer experience:
- Audit Your Settings: Ensure Organization-level configurations align with your current adoption phase
- Prioritize with SBOMs: Use a Software Bill of Materials (SBOM) to assess risk across your portfolio and determine which applications are mission-critical
Once your pilot process is validated, develop a rollout plan that accounts for your repository structure and the desired speed of adoption. A successful import is not just about quantity of projects. It’s about ensuring every added Project is relevant and actionable for your development teams.
This demo shows a streamlined onboarding workflow on how to import repositories from your SCM, visualize the relationship between Targets and Projects, and establish a high-integrity security baseline for your organization.