Security Testing
In a DevOps way of working, teams should build security within the development process. Snyk is a powerful developer-first tool to add scanning across the SDLC. This engagement is focused on getting your team setup to include security scans from coding to pipeline to continuous monitoring, and resolving vulnerabilities and risks across various project types.
Topics¶
- What & Why for Snyk & Security
- Navigating the Snyk App
- Local Development: Snyk in IDE, CLI, and (optional) Git Hooks
- Mobbing & Pairing to Resolve Vulnerabilities & Risks
- Continuous Delivery: Adding Snyk to CI Pipeline
- Snyk Admin: Responsibilities, Settings, Integrations
- Team's Approach to Tech Debt
- Impact to Team's Ways of Working
Outcomes¶
- Metrics report that shows concrete reduction in issues
- All repos scanned through Snyk-SCM integration setup
- All apps offboarded from Veracode
- Developer IDEs setup with Snyk and connected to server-side configuration
- Active quality gates in pipelines
- All team members have access to Snyk UI
- Strategy for addressing technical debt
- Team budgets story points every sprint to reduce technical debt
Standard Snyk Engagement¶
Day 1 Morning
- Overview of Snyk & Onboarding
- Snyk for Local Development
- Offboard from Veracode
Day 1 Afternoon
- Mob Session: Solving vulnerabilities
- Mob Session: Pipeline changes
Day 2 Morning
- Snyk Roles
- Admin Settings
- Pair Groups: Solving Vulnerabilities & Pipeline Changes
Day 2 Afternoon
- Pair Groups: Solving Vulnerabilities & Pipeline Changes
- Closure & Feedback