better Snyk utilization across TTS

[its-a-lisa-at-work]

Background information

We have Snyk at the TTS level and we don't really use it.

Implementation Steps

• [x] Meet with Snyk
  • [ ] Discuss SBOM
  • [ ] Discuss differences with Dependabot
  • [x] Understand how to use at an organization level
• [ ] Confirm that we're able to stay under the p-card limit with our [planned] usage
• [ ] Follow instructions on how to enable at organization level
• [ ] Update documentation
  • [ ] TTS Tech Portfolio Playbook
  • [ ] Handbook
• [ ] Determine which repos should be focused on
• [ ] Make announcements of the tool
  • [ ] #g-security-compliance
  • [ ] #260
• [ ] Set up dashboarding capability

Acceptance criteria

• [ ] Snyk is enabled at the organizational level

---

The assignee should add some checkboxes as a "sketch" of the steps to complete, which may evolve.

[its-a-lisa-at-work]

posting here for future reference

[its-a-lisa-at-work]

Snyk is going to send instructional information and videos on how to get started. Got useful feedback that multiple different orgs can watch the different repositories. Moving to Waiting/Feedback until get the information and then will move to Icebox again.

[its-a-lisa-at-work]

Sent an email to Snyk today nudging them on this

[its-a-lisa-at-work]

Was sent this information by Snyk

In the meantime, here's a few highlights check out and keep as reference:

Snyk Knowledge Center - https://support.snyk.io/hc/en-us Get the answers to your questions about our products, integrations, language support, Snyk CLI, APIs, License compliance and much more.

Snyk Open Source Security Snyk Open Source Demo: https://www.youtube.com/watch?v=7Z_BdXXL1Dk Snyk provides developer friendly security for open source code and containers during the SDLC and in production. Snyk helps developers become more security conscious through enablement and automation. We also provide security teams detailed and timely information on vulnerabilities which helps them become a resource for developers. Snyk's database is comprehensive with 370% more vulns than the next commercial DB, ahead 92% of JavaScript vulns were added to Snyk before the NVD, and accurate all items are analyzed and tested for accuracy. Snyk Container YouTube Container Demo: https://youtu.be/7tFYMBU5qrU Snyk/Docker Partnership: https://snyk.io/blog/snyk-docker-secure-containerized-applications/ Secure your Kubernetes applications with Snyk Container Snyk & RedHat empower developers to secure OpenShift applications Snyk Infrastructure as Code Snyk IaC Product Overview: https://www.youtube.com/watch?v=iSBEEJRp3qU&feature=youtu.be Announcing Snyk’s developer-first Infrastructure as Code security capabilities Recent announcements: 1) Accelerating Snyk's developer-first vision with the acquisition of DeepCode 2) Snyk named to the 2020 Forbes Cloud 100

[afeld]

Comparison with Dependabot by @its-a-lisa-at-work