Prioritization for Snyk AppRisk

Release status The Snyk Runtime Sensor and the thrid-party integrations providing the Deployed and Loaded Package risk factors are currently in Closed Beta and available only for Snyk AppRisk Pro plans.

Contact your account manager if you are interested in Snyk AppRisk Pro.

Snyk AppRisk uses holistic application intelligence to help you better identify and prioritize your Container, Code, and Open Source issues based on the risk they pose to your application. Users can also prioritize their issues based on asset classification as defined in Snyk AppRisk policies.

If you use Snyk AppRisk, you can access the Issues page from the Snyk Web UI.

Issues prioritization

Snyk is introducing a new Issues page, providing a centralized view of all the issues identified by Snyk with additional asset context. This will help empower AppSec teams to better triage and remediate issues in Snyk.

Issues prioritization is available at the Group level or at the Organization level. The evidence graph is available only for Snyk AppRisk Pro users and only at the Group level.

The Snyk approach looks holistically at your application to understand the following:

  • What source code and dependencies were built into a container image

  • The operating system it is running on

  • Where the image was deployed

  • How the supporting Kubernetes and cloud infrastructure is configured

The following video explains the initial steps of setting up your prioritization with Issues for Snyk AppRisk:

Issues page: Snyk AppRisk Essentials vs Snyk AppRisk Pro

The Issues page is nested in the main left menu and provides information about the identified issues. Use the available filters to customize and prioritize the issues list.

The Risk Factor column and filter, and with it, the evidence graph information, are available only for Snyk AppRisk Pro users.

Issues page - Snyk AppRisk Essentials

Issues page - Snyk AppRisk Pro

Issues prioritization for Snyk AppRisk Pro works as illustrated in the following example. The same principles apply to Snyk AppRisk Essentials without the availability of Risk Factors or evidence graph information.

  • Snyk Open Source has identified a high-severity Remote Code Exploit (RCE).

  • That RCE is built into a container image, which is deployed onto a production Kubernetes cluster, and the running container is configured to have access to the internet.

  • The combination of an RCE in a running image with internet access enables Snyk to determine that this particular vulnerability poses more risk to your application than an RCE that is not deployed.

The following video explains the initial steps of setting up your prioritization with Issues insights for Snyk AppRisk Pro:

Last updated

More information

Snyk privacy policy

© 2023 Snyk Limited | All product and company names and logos are trademarks of their respective owners.