Prioritization for Snyk AppRisk

Snyk uses holistic application intelligence to help you better identify and prioritize your Container, Code, and Open Source issues based on the risk they pose to your application. Users can also prioritize their issues based on asset classification as defined in asset-related policies.

You can access the Issues page from the Snyk Web UI.

The Issues page provides a centralized view of all the issues identified by Snyk with additional asset context. This will help empower AppSec teams to better triage and remediate issues in Snyk.

Issues is available at the Group level or at the Organization level.

Insights for Snyk AppRisk

The evidence graph is available only for Snyk AppRisk users and only at the Group level.

The Snyk approach looks holistically at your application to understand the following:

• What source code and dependencies were built into a container image

• The operating system it is running on

• Where the image was deployed

• How the supporting Kubernetes and cloud infrastructure is configured

Issues page for Snyk AppRisk

Issues is nested in the main left menu and provides information about the identified issues. Use the available filters to customize and prioritize the issues list.

Issues - Snyk AppRisk

The insights presented under the Issues menu for Snyk AppRisk work as illustrated in the following example.

• Snyk Open Source has identified issues.

• The vulnerabilities were built into a container image, which is deployed onto a production Kubernetes cluster, and the running container is configured to have access to the internet.

• The combination of a critical vulnerability in a running image with internet access enables Snyk to determine that this particular vulnerability poses more risk to your application than one that is not deployed.

The following video demonstrates prioritizing issues with Snyk AppRisk using business, application, and runtime context: