Ctrlk
SupportSnyk LearnAPI referenceProduct updatesSign up for free
Edit

Overview

Snyk helps you prioritize issues for fixing by distinguishing between insignificant alerts and actionable threats. Not all vulnerabilities pose the same level of danger.

Snyk uses contextual signals, such as code reachability and deployment environments, and prioritization methods, including exploit maturity, severity levels, and holistic risk scoring.

Prioritize issues for fixing

  • Risk Score and Priority Score: Use Risk Score and Priority Score to rank issues for remediation. Learn how they differ in Priority Score vs Risk Score.

  • Reachability Analysis: Snyk determines whether your application's code calls specific functions or modules that contain a vulnerability. This helps you prioritize fixes based on whether the threat is executable in your environment.

  • Exploit maturity: Track and display real-world exploits of a vulnerability, including active attacks or proof-of-concept, and prioritize fixes based on proven, active threats.

  • Malicious packages: Malicious dependencies are an increasingly common method for executing software supply chain attacks.

  • Severity levels: Snyk categorizes vulnerabilities into Critical, High, Medium, or Low. These levels are based on industry-standard scoring frameworks (like CVSS and CCSS) to quickly communicate the potential impact and risk of an exploit.

  • Application Context: Bring the application context with Assets and risk factors, and Set up Insights.

Snyk Policies

Snyk Policies automate security and license governance. Define rules that automatically adjust issue severities or set compliance requirements across your Projects.

Snyk Analytics

Analytics provides a centralized reporting hub for Enterprise customers. Build custom dashboards and track security metrics across teams for high-level visibility into risk and remediation progress.

The Reports tab organizes data into specific categories: Exposure & coverage, Remediation, Prevention, Compliance, and Education. Filter, save custom views, and export data (PDF/CSV) to facilitate conversations between security and development teams.

Dependencies and licenses

View dependencies and license details for all Projects in your Group or Organization by selecting the Dependencies option in your Group or Organization menu.

PreviousVulnerabilities with Social TrendsNextPull Request checks

Last updated

Was this helpful?