# Snyk

Snyk is a platform that helps developers find and fix vulnerabilities in their open-source dependencies and container images. It scans the project's dependencies to identify and alerts about any known security vulnerabilities. 

### Usage of Snyk in Delivery Shield

* Delivery Shield mandates security scans on images using Snyk. It connects with Snyk to see if the required version of the image has been scanned and if not done, Delivery Shield generates a security issue.
* Once the Snyk scan is done, Delivery Shield pulls container security scan results from Snyk, and this data is used to calculate the overall security status of the images and application, to generate alerts and remediation. 
* The scan results fetched by Delivery Shield will be displayed in the [Vulnerability Management](https://docs.opsmx.com/opsmx-secure-software-delivery-ssd-platform/user-guide/vulnerability-management) page, Artifact section of the [DBOM](https://docs.opsmx.com/opsmx-secure-software-delivery-ssd-platform/user-guide/delivery-bill-of-materials-dbom) and [View Open Security Issues](https://docs.opsmx.com/opsmx-secure-software-delivery-ssd-platform/user-guide/view-security-posture/view-open-security-issues) page. 

### To Integrate Snyk:

1. Navigate to **Setup** > **Integrations**.
2. In the **Source** panel, click **Snyk**.

<figure><img src="https://2047464521-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MBEa1hoX6SqpDj-ymNs%2Fuploads%2FfseDVqpmHYZBiuBQNu9A%2Fsynk%201.png?alt=media&#x26;token=c08916b7-8f5b-4988-b616-5f2a4cc63307" alt=""><figcaption></figcaption></figure>

3. The Snyk integration page is displayed.&#x20;
4. Click **+New Account**. In the popup that appears, enter the values for the fields as shown below:

<figure><img src="https://2047464521-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MBEa1hoX6SqpDj-ymNs%2Fuploads%2FaePF1jQ8kWZ30itBHzqv%2Fsynk%202.png?alt=media&#x26;token=ae4edd7f-860d-4f4e-9eb2-8c7a8630f203" alt=""><figcaption></figcaption></figure>

5. Enter the account name.&#x20;
6. Select the **Mode :** Local or Cloud.&#x20;
   1. If **Local Mode** is selected, Snyk is run as a CLI tool.
   2. If **Cloud Mode** is selected, SaaS version of Snyk is run.&#x20;
7. Enter the token to access your Synk account in the **Token** field. (See [Generating API Token](https://docs.snyk.io/getting-started/how-to-obtain-and-authenticate-with-your-snyk-api-token) for details on how to generate API token).&#x20;
8. Enable or disable **Helm scan** as require&#x64;**.**&#x20;
9. Select the **Teams** and the corresponding **Environments** from the dropdown for which you want the integration to be available. The integration will be available for the selected teams and environment only.&#x20;

   <div data-gb-custom-block data-tag="hint" data-style="info" class="hint hint-info"><p>You can select up to 5 teams for the integration to be displayed. </p></div>

   * An example is given below for reference:

   <figure><img src="https://lh7-rt.googleusercontent.com/docsz/AD_4nXeuMZQzZsZQuulVdW9B9OuffNPoEXqbcpcAkYtKVyb7YiTQxbVIt1L4Gh-zshqX2J9MFKIat8x4oWFIGxdg3j1XVagyUNhUAlD_52soyMyd1cy53p6XiYi0LsTjIBfHcybRWl61?key=D9EXoOdGF7oYOBvYaW2GnRWJ" alt=""><figcaption></figcaption></figure>

   * In the example above,&#x20;
     * if **Team 1**, **Team 2**, and **Team 3** are selected, only applications associated with these teams can access the integration. Any applications belonging to other teams, such as **Team 4**, will not have access to this account.
     * Even if the user who created this account is also an admin for **Team 4**, the integration account remains restricted and is not available for **Team 4**.&#x20;
     * Access to the account is strictly limited to the specified **Teams** and **Environments** selected during account creation.
   * **For Organization Admins:**
     * When an **Organization Admin** creates an account without selecting specific **Teams** and **Environments**, the account will be universally applicable, granting access to **all teams** and **all environments** by default.
   * **For Team Admins with Multiple Teams:**<br>
     * If a **Team Admin** who manages multiple teams creates an account without specifying particular **Teams** and **Environments**, the account will only be accessible to the teams for which the logged-in user holds admin privileges.
10. Click **Save**. The Synk account gets integrated in the artifact stage. &#x20;

The new values get updated.&#x20;

<br>