Announcement templates for prevention
This page provides example email and Slack message templates that you can use to introduce prevention tools to your teams.
Introduce prevention features to your developers
It is important that your development teams understand what changes are being made that may affect their day-to-day work. Ensure they understand how the prevention tests work, to help avoid surprises from possible issues that could affect their deadlines.
These examples are written based on the Snyk tests on the PR Checks feature, with the configuration set to fail only on High or Critical severity issues. If you are adding Snyk tests to your CI/CD pipelines, ensure that you tweak the messages.
Use the following template to communicate the Snyk rollout to the rest of the developers. Update the text in brackets with your details, and then send the message to the developers.
Email template
To: Developers Subject: Introducing Snyk tests to PRs [Company name] Hi all, As part of our ongoing aim to improve our application security at [Company name], we are preparing to start running Snyk tests against all new pull requests for any repository that has been imported into Snyk. [optional: add personalized video, if desired] These checks will identify any new High or Critical severity issues that are part of the PR, with the aim of preventing any new significant issues from entering our repositories. At first, these checks will be optional, meaning you are not blocked from merging a PR if one of these vulnerabilities is detected. In the future, this will be changing to a blocking check, so we would recommend you start remediating any new High or Critical issues that are detected in your PRs, so that you aren’t affected when the test is no longer optional. This change will make a huge difference in improving our application security, and by gradually introducing this feature, we hope to avoid any interruptions to your workflow. More info can be found at [hyperlink to your internal resource page/wiki with more info]. Regards, _____ [Sender] |
Slack message template
Snyk Tests being introduced to our PRs: From [date] we’ll be enabling a feature in Snyk so that all new PRs on repositories that have been imported to Snyk will be tested for new vulnerabilities. You’ll see the test will fail if any new High or Critical severity issues are found. Please fix these before merging if possible! For now, the tests are optional, so you can merge the PR even if the test fails, but in the future, we’ll be setting this to be a required check. Get in touch if you have any questions! |
Last updated