Snyk AppRisk Application Analytics provides AppSec teams, management, as well as CISOs, a birds-eye view of their program from a risk exposure and coverage management perspective, complementing the view provided by Enterprise Analytics.

• Does my AppSec Program meet the coverage requirements, and how is it trending?
• What is the issue distribution and trends across asset classes, applications, teams?
• What is the coverage of repos’ cataloging into applications and teams?
• What are the most problematic applications and teams in terms of accumulated issues and coverage gaps?
• Where are my most sensitive assets?

Through filters and View By, AppRisk Application Analytics can provide insights

• By Owner
• By Application, as opposed to by repository, via application context context sources (Backstage, ServiceNow CMDB, etc)
• Asset class

These are just to name a few, we will discuss this more in the following sections.

Requirements

• Snyk AppRisk customer
• Tenant admin or member

Definitions

The following resources can be of assistance if you'd like more information on Snyk AppRisk:

• Risk factors described
• Asset Types
• Application Context from SCM (i.e Backstage, ServiceNow CMDB, etc)

Navigation

Click Tenant at the group level, then Analytics.

Two possible tabs may appear:

• Snyk Enterprise plan customers have access to Issue Analytics
• Snyk AppRisk customers have access to Application Analytics

Navigation tabs

• If you do not have the correct permissions or plans, you may be defaulted to a single report, with no tabs.

Click Application

Video: 4m42s

• Note that filtering by Owner allows you to compare between several specified Owners, whereas View by Owner, changes all the widgets to view the top five Owners for the relevant graphs.

The Coverage panel provides information on coverage and trending of coverage of security product types over time.

• SAST, SCA, Secrets are repository based counts
• Container coverage focuses on images scanned/identified via Snyk CLI, Kubernetes/Runtime or Container Registry integrations.

Video: 1m56s

The Issues panel provides a breakdown by category and trending.

• Consider using the Application and Owner filters to compare up to five specific owners or use the relevant Views to see the top five.
• These views show the top five applications/owners with the most issues by default if specific ones are not chosen
• If you see large number of assets or issues are in class C data points in Snyk AppRisk Application Analytics, it is worth noting that assets are brought in as Class C by default. Consider using, or reviewing, classification policies if you see large growth numbers in that class across any of the views.

Video: 3m29s

The Assets panel provides a distribution of accumulated risk factors and the selected dimension

• Consider filtering by specific owners, application, or classes to understand where your risks reside when the correct view is chosen
• Trending over time is provided to understand import trends

Video: 2m02s

Repository Metadata Completeness provide insights on the completeness of metadata from application context sources for your repositories

• Be proactive and identify what, of your most important repositories, are missing metadata like Owner, that you'll require if an incident occurs.
• Utilize inventory and filtering to create lists you can action on with development to complete that data

Repository Source Distribution provides insights in the distribution among different sources

• Utilize asset class to understand where your most important applications reside, and potentially identify ones where they shouldn't be

• Utilize views and filters to understand where important applications or assets reside, use owner views to understand what owners might own assets in a particular source.

Video: 2m02s