Snyk (SAST) Where to focus as a test manager?

Hello, as many of you know, Snyk is a tool that helps developers find and fix vulnerabilities in their code (SAST). I was wondering which ones are the aspects/responsabilities of a person with the role;test responsible in a team regarding this process. Thanks! :slight_smile:

4 Likes

This responsibility still lies with the developers. I personally follow up on Snyk reports and I search for vulnerabilities myself. I often report it and depending on the severity we address it.

BUT IMHO when one is found a dev should just fix it asap. Since Snyk reports known vulnerabilities, there often is already a solution provided via Snyk so it shouldn’t take them long to fix it. (Which is mostly a version upgrade)

So you can follow up on it, if you don’t trust your devteam to fix them.
I’ve seen a lot of devteams myself, that pay for Snyk but don’t fix what comes out of it. So it’s like wasted money and Snyk is not that cheap :stuck_out_tongue: So yea use that hammer to smash the table if they don’t act accordingly.

2 Likes