Snyk AppRisk Pro - Secrets detection coverage with Nightfall AI

Snyk AppRisk integrates into Nightfall AI for discovery and coverage validation, as well as coverage policies. Once integrated, coverage can be viewed via

• Application Analytics
• Inventory
  • Inventory main screen
  • Asset details - clickable into a filtered view in Nightfall AI!
  • Inventory filters
• Used as a data point for policies to trigger Slack , email, or Jira workflows
• Policies to define coverage gaps.

Requirements

• Snyk AppRisk Pro customer
• Nightfall
  • API Key
  • Repository monitoring enabled from within Nightfall AI
  • Detectors and policies configured to detect secrets

Video - 2m21s

Update: API Keys can now be found in the Firewall for AI in the Overview section.

Video - 5m08s

Policies

Create a coverage policy.

• If you use multiple secret detection tools, the match conditions will be determined by whether they overlap or are exclusive to each code repository.
• Additionally consider a policy to use the new Jira or Slack option to trigger a notification to have this configured/reviewed

Example 1 - Only using Nightfall AI

If you are only using Nightfall AI for secrets detection, don't scope it to a specific repository so any new repositories are factored into your coverage gap

Match 1

• Asset type = repository

Coverage policy set to "not containing one or more of" Nightfall AI

Example 2 - Using multiple secrets detection tools exclusively per source code management system

Match 1

• Asset type = repository
• Attribute contains github.com

Coverage Policy action set to Nightfall AI

Match 2

• Asset type = repository
• Attribute contains dev.azure (as an example)

Coverage policy action set to the other secrets detection tool(s)

Inventory

Filter on Coverage where does not contain Nightfall AI to understand where the coverage is missing and export to spreadsheet.

Application Analytics

Review the coverage to understand the severity of the potential coverage issues.