Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.tembo.io/llms.txt

Use this file to discover all available pages before exploring further.

Snyk

Features

  • Scan repositories for known vulnerabilities in dependencies (Snyk Open Source)
  • Surface Snyk-detected issues to Tembo agents during sessions
  • Open PRs that bump vulnerable packages to fixed versions

Installation

1

Open Integrations

In the Tembo app, go to Settings → Integrations.
2

Install Snyk

Scroll to the Monitoring group and click Install next to Snyk.
3

Sign in to Snyk

Sign in with your organization email using an approved auth method.
If you don’t have a Snyk account yet, you’ll be guided through Snyk’s account setup after the initial sign-in. Once your account is ready, return to Settings → Integrations in Tembo and click Install again to complete the connection.
If you’re already signed in to Snyk, click Authorize and confirm you’ve selected the correct Snyk organization before continuing.
4

Authorize Tembo

Snyk will request access to your organization. Click Authorize.
The install must be authorized by a Snyk organization admin. If you’re not an admin on the Snyk org, ask one to complete this step for you.
5

Confirm install

After authorizing, you’ll be redirected to the Tembo Integrations page. Snyk will switch from uninstalled to installed.

Usage

Once installed, Tembo monitors your Snyk-connected repositories for known vulnerabilities and opens fix PRs that bump affected dependencies to safe versions. Tembo agents can reference Snyk-detected issues during sessions to inform the changes they propose.

Advanced

The integration connects to a single Snyk organization, not a Snyk user. All scanning and issue access happens within that org. To monitor projects across multiple Snyk orgs, install the integration once per org.
Tembo’s Snyk integration grants both read and write access to your connected Snyk organization, including the ability to create, edit, and delete ignore rules (which suppress vulnerability findings). Read and review this list before installing to be sure what information and data you are sharing.
At install time, Tembo’s Snyk App requests the following 11 OAuth scopes on your Snyk organization:Read access
  • org.read — your Snyk organization’s metadata (name, slug, settings)
  • org.project.read — the list of projects in your org and their details
  • org.project.snapshot.read — historical scan snapshots (vulnerability findings over time)
  • org.report.read — org-level reports (aggregated vulnerability and compliance data)
  • org.project.ignore.read — which vulnerabilities you’ve configured Snyk to ignore
Write access
  • org.project.test — trigger Snyk to re-test (re-scan) a project on demand
  • org.project.attributes.edit — edit project attributes (e.g., business criticality, environment, lifecycle)
  • org.project.tag.edit — add, modify, or remove tags on projects
  • org.project.ignore.create — create new ignore rules (suppress specific vulnerability findings)
  • org.project.ignore.edit — modify existing ignore rules
  • org.project.ignore.delete — delete ignore rules
Tembo cannot modify Snyk organization membership, change billing settings, or create or delete Snyk projects.
If you’re redirected back to Tembo but the integration still shows as uninstalled, the most common cause is the OAuth flow being cancelled or rejected on Snyk’s side. Try the install again and make sure you click Authorize on the Snyk consent screen.