Shift Left
A development process step, often associated with code reviews and automated security scans, acts as a critical checkpoint to prevent vulnerabilities from being introduced into the main branch of a repository.
What is a Pull Request?
We announced a partnership with this leading cloud based data platform that enables customers to access ready to use datasets for reporting and analytics
Who is Snowflake?
This AI-based platform was acquired by Snyk in 2020 and is a key part of Snyk Code.
What is Deep Code?
This solution helps customers discover all software assets in the SDLC, manage security coverage, and prioritize top risks.
What is Snyk AppRisk?
A solution introduced in October 8th's Snyk Launch announcement now provides customizable templates for these.
What are Pull Requests?
This persona is one of the main users of Snyk Analytics?
Who are Security Leaders? (CISOs, AppSec Directors, DevOps, DevSecOps, Compliance Managers)
This Snyk solution helps developers scan their proprietary code.
What is Snyk Code?
This capability is a feature that helps teams determine whether vulnerable code is actually accessible in an application’s execution path.
It could also be used to explain my ability to grab something off of a high shelf.
What is reachability?
An action that will impact a developers flow state and productivity.
(e.g. having a vuln highlighted in my IDE, but I have to click on that issue to go to the Snyk interface to view information and steps to action)
What is Context Switching?
This is one of the extensibility options supported by Snyk Analytics?
What is a CVS Download?
What are Platform APIs?
What is the Snowflake Datashare?
A solution that scans base images and dependencies and provides recommendations for upgrading to more secure base images.
What is Snyk Container?
The acronym RBVM stands for this methd of assesseing vulnerabilities based on several characteristics, such as relationship to business-critical services, reachability, and runtime context.
What is Risk Based Vulnerability Management?
A capability in Snyk Code (integrated into the IDE) that empowers developers to apply their preferred vulnerability fix in one click
What is DeepCode AI Fix?
These 4 areas were called out as critical for Measuring an AppSec Program?
What are Coverage, Exposure, Management, Prevention?
A solution that scans terraform files to identify security misconfigurations and potential vulnerabilities before they are deployed to the cloud.
What is Snyk IaC?
A report in Snyk that enables security teams to identify this type of vulnerability that has been disclosed but is not yet patched.
Hint: Log4Shell and CUPS are examples
What is a zero day report?
Two key measures of value that are impacted by providing developers with early, fast, automated scanning with increased accuracy.
Hint: these are two items that VPs of Eng and CFOs would care about in a business case.
What is time and money?
One of the reports that Snyk has to help provide visibility into an organizations Security Exposure.
What is Open/Critical Issues report?
What is Outstanding Baseline?
What is the Zero-Day Vulns Report?
What is the Most prevelant problematic vulnerabilities?
A Snyk solution that helps customers identify the Log4Shell vulnerability.
What is Snyk Open Source?
A score provided by Snyk that looks at:
Likelihood - How likely is a certain risk to materialize, or in other words, how likely is it for a vulnerability to be exploited in a user's code.
What is Risk Score?