Active Security Incident Assessment

We’ve launched an Active security incident assessment banner to help you manage major zero-day events. When our Security team identifies a high-severity zero-day vulnerability in a widely used package, we’ll trigger a dedicated banner at the top of the Zero Day report. This assessment provides a look at your exposure, including the total number of assets needing triage, assets cleared, and the specific open-source (OSS) packages involved.

During a newly discovered security incident, teams need to quickly determine which assets may be affected and where to start investigating.

The active security incident assessment provides earlier visibility into repository exposure, helping teams:

• Understand the potential blast radius of an incident

• Identify assets requiring investigation

• Prioritize remediation and response faster

During an active incident, you can now immediately see which assets may contain vulnerable packages through the assets needing triage metric. As you remove or update impacted dependencies, SCM-based scans for Snyk Open Source will automatically move those repositories to assets cleared, giving you a record of your progress.

To learn more, visit Zero-Day report in our user documentation.