Snyk is available to all teams who code in Equinor. First, apply for Snyk in AccessIT, then ask @appsecteam in Slack channel #appsec to create a Snyk organization for your team if it does not already have one.
When you have been granted an organization, make sure to log on to snyk sso and use your Equinor email address.
After your first time sign in, you will be able to list organizations available at the Equinor Group overview (top level). If you see a relevant org to join, request one of the listed org admins to add you to the org.
Snyk has many different kinds of integrations, we recommend starting with adding your github repositories. Doing that will create
one snyk project for each source file it understands, e.g.
package-lock.json. More about github integration
can be found here
To be able to do searching, filtering and aggregation of Snyk data, it is highly recommended that you set some attributes on all
projects. Especially the
Lifecycle stage should be set to an appropriate value, and then
Business criticality and
fields can be set as needed. For more flexible tagging the
Tags field can be used but it is recommended to be used with care as
free-form tags can be difficult to maintain.