In Snyk issues are categorized into different types like low, medium, high and critical. Therse are determined by the Common Vulnerability Scoring System (CVSS). This system assessed the vulnerabilities based on exploitability factors and the impact it causes.

Snyk does not enforce any fixed SLAs for addressing vulnerabilities based on the issue severity level.

The Snyk provides SLA Management Reports which align with common security standards like FedRAM. These reports are customizable and intend to help organizations set their own remediation timelines. For example, some organizations may establish internal SLAs such as GitHub

• • Critical: Remediate within 24 hours
• • High: Remediate within 7 days
• • Medium: Remediate within 30 days
• • Low: Remediate within 180 days 

We can configure the SLA status for an issue like-Within SLA – Age did not exceed the given SLA target, At Risk – Approaching SLA breach and Breached – Issue age crossed the set target.

By adding filters to the SLA report, we can utilize different categories of filters which gives scope to better identify the age of issues in accordance to the SLA target being set.

We can share SLA reports by copying the report URL or bookmarking the page for quick access later.

In the Open Issues section, the Severity Breakdown shows how issues are distributed by severity and SLA compliance and SLA Trend visualizes how SLA performance changes over time and the SLA Breakdown table allows to compare SLA compliances in group view and organization view.

This helps teams track progress and stay on top of their compliance goals.

Contact our DevSecOps specialists today to discuss how we can help you implement Snyk in your organization. We’re a Snyk Partner. For licensing, demos, or implementation, reach out to devops@ecanarys.com