Snyk Essentials and AppRisk terminology for asset management and discovery
Terminology related to asset management and discovery
Asset: An asset is an identifiable entity that is part of an application, and relevant for security and developers.
Class: A way to assign business context to assets and categorize an asset based on its business criticality. Class can be used in policies as well as defined in a policy. Assets can be assigned classes A, B, C, or D, where
- Class A - assets that are business critical, deal with sensitive data, subject to compliance, and so on, are the most important.
- Class D - test apps, sandbox environments, and so on, are the least important.
- Assets are assigned Class C by default.
Controls: The security controls associated with the asset, such as Snyk Open Source or Snyk Code.
Coverage: An assessment of whether applicable assets are scanned and tested by security controls, such as Snyk Open Source, as it relates to an application security program. A type of policy that allows you to specify what controls should be applied and, optionally, how often it needs to be run.
Coverage gap: the asset does not meet the coverage requirements as set by the "set coverage control policy" action.
- Note that 'Coverage gap' is not the opposite of "Coverage': an asset may be 'covered' (was scanned a month ago) and still has a coverage gap (if the requirement is a daily scan)
Policy: A way to automate actions in certain conditions, like classifying and tagging assets with business context. You can also use a policy to configure actions like sending a message or setting the coverage gap control using a Policy builder UI.
Tags: A way to categorize assets. Helps you recognize or handle assets differently according to mutual properties. Assets can be filtered by their tags in the inventory or when creating policy rules. A tag can be automatically assigned to an asset, or the asset can be tagged by a policy you created. GitHub and GitLab topics are treated as asset tags and you can use them for creating policies.