Phase 1: Discovery and planning

Discovery phase steps

• Connect with Snyk: Connect with your Snyk account manager.

• Conduct discovery: Identify stakeholders, integrations, and applications to monitor.

• Plan Organization structure: Decide how to organize and control access to content using the Snyk Organization structure.

• Determine user roles: Decide whether your users need customized access to Snyk.

• Decide SSO access: Identify initial Single Sign-On (SSO) settings.

• Plan for success: Decide how to judge the success of your rollout.

• Choose rollout integrations: Decide which integrations to implement initially.

• Create rollout plan: Create a high-level plan for rolling out Snyk in your business.

General pre-rollout questions

Some initial questions follow that you can ask to assist in planning before starting the rollout. This is one way of deciding on your rollout process.

Who is involved?

• Who will manage and oversee the project?

• Who will champion Snyk?

• Who will be the Group Administrator?

What are your goals?

• Why did you choose Snyk?

• Why are you implementing it now?

How will your users use Snyk?

How will you provision users and integrate Snyk with your platforms?

• Who will need access to Snyk?

• What will they need access to?

• Will access be restricted to certain Projects?

• Who can grant Snyk access to platforms like SSO and Git repositories?

How will you structure your account?

• How will you group your Projects?

  • By developer teams?

  • By product?

  • By business unit?

• If by developer teams, are there some teams that would need access to the same Projects? If yes, think about a different structure to avoid confusion.

• How many Snyk Organizations do you need?

How will you measure success?

• What KPIs will be tracked?

• How will you know that you are making progress?

• Are there key development projects that progress tracking should be aligned with, or at least included in the tracking, to measure progress against?

Snyk AppRisk considerations

Snyk AppRisk Essentials is part of the Snyk Enterprise offering, and it provides discovery and visibility for your application assets and security tool coverage.

When or before you use Snyk AppRisk, you should consider the following items:

• Who would want coverage visibility or is accountable if an important application is not being monitored by security tools?

• Who would you notify, using automated policies, if a repository were missing coverage by a security tool?

• Are you using Application context, and are there fields that might be valuable in automating policies with Snyk AppRisk?

  • Is it possible to categorize important applications in Git or CMDB (ServiceNow) using topics or fields, such as a PCI topic or tag?

  • Would this also reduce noise about test applications and internal applications by implementing an internal tag, topic, or naming convention?

• Read the available examples of common policies that can be created using Snyk AppRisk.