• Browse topics
Login
Login

SNYK LEARN LOGIN

OTHER REGIONS

For Snyk Enterprise customers with regional contracts. More info

Snyk Essentials and AppRisk terminology for asset management and discovery

Terminology related to asset management and discovery

Terminology

  • Asset: An asset is an identifiable entity that is part of an application, and relevant for security and developers.

  • Class: A way to assign business context to assets and categorize an asset based on its business criticality. Class can be used in policies as well as defined in a policy. Assets can be assigned classes A, B, C, or D, where

    • Class A - assets that are business critical, deal with sensitive data, subject to compliance, and so on, are the most important.
    • Class D - test apps, sandbox environments, and so on, are the least important.
    • Assets are assigned Class C by default.
  • Controls: The security controls associated with the asset, such as Snyk Open Source or Snyk Code.

  • Coverage: An assessment of whether applicable assets are scanned and tested by security controls, such as Snyk Open Source, as it relates to an application security program. A type of policy that allows you to specify what controls should be applied and, optionally, how often it needs to be run.

  • Coverage gap: the asset does not meet the coverage requirements as set by the "set coverage control policy" action.

    • Note that 'Coverage gap' is not the opposite of "Coverage': an asset may be 'covered' (was scanned a month ago) and still has a coverage gap (if the requirement is a daily scan)
  • Policy: A way to automate actions in certain conditions, like classifying and tagging assets with business context. You can also use a policy to configure actions like sending a message or setting the coverage gap control using a Policy builder UI.

  • Tags: A way to categorize assets. Helps you recognize or handle assets differently according to mutual properties. Assets can be filtered by their tags in the inventory or when creating policy rules. A tag can be automatically assigned to an asset, or the asset can be tagged by a policy you created. GitHub and GitLab topics are treated as asset tags and you can use them for creating policies.