Skip to content

Security Testing

In a DevOps way of working, teams should build security within the development process. Snyk is a powerful developer-first tool to add scanning across the SDLC. This engagement is focused on getting your team setup to include security scans from coding to pipeline to continuous monitoring, and resolving vulnerabilities and risks across various project types.

Topics

  • What & Why for Snyk & Security
  • Navigating the Snyk App
  • Local Development: Snyk in IDE, CLI, and (optional) Git Hooks
  • Mobbing & Pairing to Resolve Vulnerabilities & Risks
  • Continuous Delivery: Adding Snyk to CI Pipeline
  • Snyk Admin: Responsibilities, Settings, Integrations
  • Team's Approach to Tech Debt
  • Impact to Team's Ways of Working

Outcomes

  • Metrics report that shows concrete reduction in issues​
  • All repos scanned​ through Snyk-SCM integration setup
  • All apps offboarded from Veracode
  • Developer IDEs setup with Snyk and connected to server-side configuration​
  • Active quality gates in pipelines​
  • All team members have access to Snyk UI​
  • Strategy for addressing technical debt​
  • Team budgets story points every sprint to reduce technical debt​

Standard Snyk Engagement

Day 1 Morning

  • Overview of Snyk & Onboarding
  • Snyk for Local Development
  • Offboard from Veracode

Day 1 Afternoon

  • Mob Session: Solving vulnerabilities
  • Mob Session: Pipeline changes

Day 2 Morning

  • Snyk Roles
  • Admin Settings
  • Pair Groups: Solving Vulnerabilities & Pipeline Changes

Day 2 Afternoon

  • Pair Groups: Solving Vulnerabilities & Pipeline Changes
  • Closure & Feedback