Prioritization setup

Prerequisites for Prioritization with Insights

To get value from Snyk Insights, you should use an application where you are using Snyk Container to scan the images. You can get additional value by also scanning your open-source dependencies with Snyk Open Source and your source code with Snyk Code.

Snyk prioritization with Insights product operates by providing you with four risk factors for your vulnerabilities:

  • Deployed: Is my code and container image deployed anywhere?

  • Loaded package: Has a third-party package that is the dependency of an image been loaded?

  • OS condition: Does this vulnerability apply to my operating system?

  • Public facing: Does my container have any internet exposure?

To get data about these four risk factors, you must meet the following criteria:

  • Loaded package: a package that is loaded more often than others poses a higher risk to your application compared to one that is rarely loaded. These are the minimum requirements you need to set up for the loaded package risk factor to be applied for prioritization with Insights:

You have to set up the Dynatrace or Sysdig integrations with Snyk AppRisk, or the Snyk Runtime Sensor. You can find more details on the runtime third-party integrations page.

  • OS condition: Source code and dependencies are being built into a container image and scanned with Snyk Container. This is the minimum requirement to get value from the prioritization.

  • Deployed and Public facing: This container image is deployed onto a Kubernetes cluster, where you can deploy the Kubernetes Connector.

By ensuring these two requirements are satisfied, you get data for all four risk factors for the code in your scanned image.

Snyk recommends that you also perform the following steps to get the maximum value out of Insights:

  • Scan the third-party dependencies using Snyk Open Source,

  • Scan the source code using Snyk Code,

By scanning both the source code and the third-party dependencies, you will get risk factors data, which provides the application context to better prioritize your open issues.

Snyk recommends starting with one application and expanding from there.

Prioritization process overview

The major steps in setting up prioritization with Insights are as follows:

  1. Grant users the Group Viewer role or the Organization Collaborator role. See Prioritization setup: User permissions.

  2. Create the required Organization, roles, and permissions, and deploy the agent. See Prioritization setup: Kubernetes Connector.

The Kubernetes Connector is different from the Kubernetes Controller, Snyk-Monitor.

  1. Scan your images properly so Snyk has access to the right data. See Prioritization setup: Image scanning.

  2. Set up the required linking for the application on which you want to use prioritization. See Prioritization setup: Associating Snyk Open Source, Code, and Container Projects.

  3. Set up the third-party runtime integrations or the Snyk Runtime Sensor to get even more runtime data.

  4. To ensure you have properly set up the prioritization capability, navigate to the Set up Snyk AppRisk tab on the Insights page and view the data Snyk has access to. You can also filter relevant sections by Organization for a granular view of your progress.

Last updated

More information

Snyk privacy policy

© 2023 Snyk Limited | All product and company names and logos are trademarks of their respective owners.