Snyk program maturity
For the best experience, we recommend rolling out Snyk in phases to avoid a poor developer experience. Here's an overview of what that might look like.
Phases of a typical Snyk roll out
    In the initial Awareness phase, begin informing your teams about implementing Snyk. Encourage developers to install the Snyk plug-in for their IDEs to begin checking for security issues before committing their code. You may want to import a few projects and try a few manual fixes to experiment with how you want to roll out Snyk. We recommend not using any automation until further into the roll out.
    To gain Visibility, start importing additional projects to begin assessing your risk profile. Use the Snyk reports, prioritization score, and filters to build a prioritization plan to start addressing the vulnerabilities in your projects with manual fixes.
    As you are ready to add automated processes, we call the next phase “stop the bleeding.”
    Finally, you start working through your backlog to reduce your technical security debt.
The end goal is to get to a place where you are continuing to monitor what's in production and to improve your processes by having developers test earlier on.
Note that different teams may have varying degrees of maturity when it comes to open source security practices.
Look for details later in this guide on how to address the different phases of program maturity using different definitions in your Snyk integration settings.
Last modified 2mo ago
Copy link