Share
## https://sploitus.com/exploit?id=C59A69D2-CD75-58C6-8D00-9265DC98DB8A
# Snyk Agentic AppSec POC

Proof of concept demonstrating autonomous security agent patterns applied to Snyk's Application Security platform. Built to showcase how **Detect โ†’ Decide โ†’ Act โ†’ Log** architecture enables intelligent, scalable, and compliant security automation.

## Overview

This POC demonstrates four autonomous agents that operate on Snyk security findings, each showcasing different aspects of agentic security architecture:

1. **Vulnerability Triage Agent** โ€” Intelligent prioritization based on exploitability, reachability, and business context
2. **Secrets Remediation Agent** โ€” Automated detection and vaulting with developer-friendly workflows
3. **License Risk Agent** โ€” Policy-driven license compliance with tiered autonomy
4. **Supply Chain Defense Agent** โ€” Multi-agent coordination for malicious package detection

## Why This Matters for Snyk

### The Challenge

Snyk customers face an overwhelming volume of security findings:
- **10,000+ vulnerabilities** in a typical enterprise application portfolio
- **50-200 secrets** exposed per repository on average
- **License violations** requiring legal review and remediation
- **Malicious packages** disguised as legitimate dependencies

Security teams cannot manually triage this volume. Developers are overwhelmed by noise and miss critical issues. Traditional tooling produces findings but doesn't guide action.

### The Agentic Solution

Autonomous agents bridge the gap between detection and remediation by:
- **Intelligent triage** โ€” ML-powered scoring that considers exploit availability, reachability analysis, asset criticality, and business impact
- **Tiered autonomy** โ€” Auto-executing safe actions (notify, tag, create ticket) while requiring human approval for disruptive ones (block PR, disable package)
- **Developer experience** โ€” Surfacing only actionable, contextualized findings with clear remediation paths
- **Compliance by design** โ€” Immutable audit trails, policy-based decisioning, and regulatory mapping built in

## Architecture Principles

All agents in this POC follow the same architectural pattern:

```
โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
โ”‚  DETECT โ†’ DECIDE โ†’ ACT โ†’ LOG                           โ”‚
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜

1. DETECT    โ€” Pull findings from Snyk API / webhooks
2. DECIDE    โ€” Apply ML scoring + policy rules to determine action
3. ACT       โ€” Execute with tiered autonomy (auto where safe, approval where needed)
4. LOG       โ€” Immutable audit trail for compliance and learning
```

### Key Design Decisions

**Tiered Autonomy** โ€” Actions are categorized by reversibility and blast radius:
- **Tier 1 (Auto)** โ€” Create Jira ticket, add PR comment, tag issue, notify Slack โ†’ no approval needed
- **Tier 2 (Approval)** โ€” Block PR merge, disable CI pipeline, revoke API key โ†’ human approval required
- **Tier 3 (Advisory)** โ€” High-impact decisions like emergency patches โ†’ agent recommends, human decides

**Policy Separation** โ€” Decision logic lives independently from execution:
- `policy/` โ€” Scoring models, threshold rules, action mappings (versioned, auditable)
- `agents/` โ€” Core agent logic (detect, decide, act, log)
- `adapters/` โ€” Swappable integrations (Snyk API, Jira, Slack, GitHub)

**Swappable Adapters** โ€” All external integrations are clean interfaces:
- Production: Real Snyk API, Jira, Slack webhooks, GitHub Actions
- POC: Simulated responses for demo purposes
- Testing: Mock adapters for CI/CD validation

**Audit-First Design** โ€” Every decision generates:
- **Audit log** (immutable, JSONL) โ€” timestamp, agent, finding, decision, rationale, outcome
- **Metrics** (Prometheus format) โ€” triage rate, auto-action rate, approval latency, false positive rate
- **Learning feedback** โ€” When humans override, capture for model tuning

## Strategic Alignment with Snyk

This POC directly supports Snyk's strategic priorities:

### 1. **Developer-First Security**
Agents reduce noise by surfacing only high-priority, actionable findings with clear remediation guidance. Developers spend less time triaging and more time shipping secure code.

### 2. **Scale Through Automation**
Autonomous triage and remediation enable security teams to manage 10x more applications without proportional headcount growth.

### 3. **AI-Native Platform**
Demonstrates how Snyk can differentiate by embedding intelligence into every stage of the security workflow โ€” not just detection, but decisioning and action.

### 4. **Compliance by Design**
Built-in audit trails, policy versioning, and regulatory mapping (PCI-DSS, SOC 2, GDPR, DORA) make customers audit-ready by default.

### 5. **Ecosystem Integration**
Clean adapter architecture shows how Snyk agents orchestrate across the entire DevSecOps toolchain (Jira, Slack, GitHub, CI/CD, Snyk Asset Management).

## Projects

### [01 โ€” Vulnerability Triage Agent](./01-vulnerability-triage-agent/)

Automatically prioritizes Snyk Open Source and Container vulnerabilities using a composite risk score:
- **Exploitability** โ€” EPSS score, exploit maturity, active exploitation indicators
- **Reachability** โ€” Snyk Reachability Analysis results
- **Asset criticality** โ€” Production vs dev, customer-facing vs internal, PCI/PHI data handling
- **Business impact** โ€” Revenue-critical services weighted higher

**Demo scenarios:**
- Critical CVSS 9.8 vulnerability with no exploit โ†’ Medium priority
- Medium CVSS 6.2 with active exploitation + reachable + production asset โ†’ Critical priority

### [02 โ€” Secrets Remediation Agent](./02-secrets-remediation-agent/)

Detects secrets in Snyk Code scans and automatically:
1. Vaults the secret value in AWS Secrets Manager / HashiCorp Vault
2. Replaces code references with `{{secret://...}}` URIs
3. Creates PR with remediation + vault integration code
4. Notifies security team with discovery context

**Demo scenarios:**
- AWS key hardcoded in config file โ†’ auto-vaulted + PR created with boto3 resolver code
- Slack webhook in logs โ†’ vaulted + PR comment guides developer to env vars

### [03 โ€” License Risk Agent](./03-license-risk-agent/)

Policy-driven license compliance enforcement:
- **Critical licenses** (GPL, AGPL on proprietary code) โ†’ Auto-block PR + notify legal
- **High-risk licenses** (LGPL, MPL with copyleft concerns) โ†’ Request approval from legal
- **Medium licenses** (Apache with patent clauses) โ†’ Notify + create compliance ticket
- **Low/approved licenses** (MIT, BSD, ISC) โ†’ Log only

**Demo scenarios:**
- GPL dependency added to commercial SaaS product โ†’ PR blocked, legal notified, Jira created
- Apache 2.0 dependency โ†’ Auto-approved with attribution reminder

### [04 โ€” Supply Chain Defense Agent](./04-supply-chain-defense-agent/)

Multi-agent coordination for malicious package detection. Three specialist agents analyze findings:
1. **Malicious Code Detector** โ€” Static analysis for obfuscation, suspicious network calls, crypto miners
2. **Typosquatting Analyzer** โ€” Levenshtein distance from popular packages, recent registration, low download count
3. **Behavior Anomaly Detector** โ€” Post-install scripts, unusual file system access, privilege escalation

A **Coordinator Agent** synthesizes findings, assigns confidence scores, and decides action:
- **High confidence malicious** โ†’ Auto-block + notify security + create incident
- **Medium confidence suspicious** โ†’ Request approval + flag for manual review
- **Low confidence / benign** โ†’ Log + monitor

**Demo scenarios:**
- Package `reqeusts` (typosquat of `requests`) with 3 downloads โ†’ Blocked
- Legitimate `webpack` with post-install script โ†’ Approved (common pattern)

## Quick Start

```bash
# Clone the repository
git clone https://github.com/mkuriel1984/snyk-agentic-appsec-poc.git
cd snyk-agentic-appsec-poc

# Run all agents in sequence (demo mode)
./run_demo.sh

# Or run individual agents
cd 01-vulnerability-triage-agent
python3 agent.py --demo
open reports/triage_report.html

cd ../02-secrets-remediation-agent
python3 agent.py --demo
cat audit/actions.jsonl

cd ../03-license-risk-agent
python3 agent.py --demo

cd ../04-supply-chain-defense-agent
python3 coordinator.py --demo
```

## Production Considerations

### Snyk API Integration
Replace simulated findings in `adapters/snyk_api.py` with real API calls:
```python
import snyk

client = snyk.SnykClient(token=os.environ["SNYK_TOKEN"])
projects = client.organizations.get("org-id").projects.all()
issues = project.issues.all()
```

### Webhook-Driven Architecture
For real-time response, deploy agents as webhook listeners:
- Snyk webhook triggers agent on new finding
- Agent processes in <5 seconds
- Action taken before developer context-switches

### ML Model Training
The POC uses heuristic scoring. In production:
- Train on historical triage decisions (supervised learning)
- Fine-tune LLM on Snyk's vulnerability corpus
- Active learning from human overrides

### Security & IAM
- Agents run with least-privilege service accounts
- Vault access via short-lived tokens with audit logging
- Policy changes require PR approval + SOC sign-off

## Regulatory Alignment

All agents include compliance artifacts:

| Regulation | Requirement | How Agents Address |
|---|---|---|
| **PCI-DSS** | Req 6.2 โ€” Protect against known vulnerabilities | Vulnerability Triage Agent prioritizes and tracks remediation |
| **PCI-DSS** | Req 3.5 โ€” Cryptographic key management | Secrets Agent vaults keys with lifecycle tracking |
| **GDPR** | Article 30 โ€” Record of processing activities | Immutable audit logs with rationale and timestamp |
| **DORA (EU)** | ICT risk management, incident response | Automated detection + response with <15 min time-to-action |
| **NYDFS Part 500** | Cybersecurity policy, incident notification | Policy-driven decisioning with documented overrides |
| **SOC 2** | Change management, access controls | All actions logged, high-risk actions require approval |
| **SR 11-7** | Model risk management | ML scoring models versioned, tested, and monitored |

## Metrics & Observability

Each agent exposes metrics for monitoring:
```
snyk_agent_findings_processed_total{agent="vuln_triage", severity="critical"}
snyk_agent_auto_actions_total{agent="secrets", action="vault"}
snyk_agent_approval_latency_seconds{agent="license"}
snyk_agent_false_positive_rate{agent="supply_chain"}
```

Dashboards show:
- **Triage throughput** โ€” Findings processed per hour
- **Autonomy rate** โ€” % auto-executed vs approval-required
- **Time to remediation** โ€” Detection to fix deployment
- **Override rate** โ€” Human disagreements with agent decisions (learning signal)

## Extending the POC

### Add New Agents
1. Create `05-new-agent/` directory
2. Implement `detect()`, `decide()`, `act()`, `log()` functions
3. Add policy rules in `policy/new_agent_policy.yaml`
4. Create adapter in `adapters/new_integration.py`

### Integrate with Snyk Issues
Connect to Snyk's **Issues** product for unified prioritization:
- Pull vulnerability, license, and code quality findings
- Apply cross-product risk scoring (vulnerability + reachability + license risk)
- Generate unified remediation plan
- Track fix verification across all issue types

### LLM Integration
Replace heuristic decisioning with Claude API for natural language reasoning:
```python
import anthropic

def ai_decide(finding, context):
    client = anthropic.Anthropic()
    response = client.messages.create(
        model="claude-opus-4",
        messages=[{
            "role": "user",
            "content": f"""You are a security triage agent. Analyze this finding:

Finding: {finding}
Context: {context}

Provide:
1. Risk score (0-100)
2. Recommended action (ignore, notify, block)
3. Rationale for developers
4. Regulatory implications

Respond as JSON."""
        }]
    )
    return parse_response(response.content[0].text)
```

## Repository Structure

```
snyk-agentic-appsec-poc/
โ”œโ”€โ”€ README.md                              # This file
โ”œโ”€โ”€ ARCHITECTURE.md                        # Deep dive on design decisions
โ”œโ”€โ”€ STRATEGIC_CONTEXT.md                   # How this aligns with Snyk's vision
โ”œโ”€โ”€ run_demo.sh                            # Run all agents in demo mode
โ”œโ”€โ”€ common/                                # Shared utilities
โ”‚   โ”œโ”€โ”€ audit.py                          # Audit logging interface
โ”‚   โ”œโ”€โ”€ policy.py                         # Policy engine
โ”‚   โ””โ”€โ”€ scoring.py                        # Risk scoring models
โ”œโ”€โ”€ adapters/                             # External integrations
โ”‚   โ”œโ”€โ”€ snyk_api.py                       # Snyk API client (simulated)
โ”‚   โ”œโ”€โ”€ jira.py                           # Jira integration
โ”‚   โ”œโ”€โ”€ slack.py                          # Slack notifications
โ”‚   โ””โ”€โ”€ github.py                         # GitHub PR automation
โ”œโ”€โ”€ 01-vulnerability-triage-agent/
โ”‚   โ”œโ”€โ”€ README.md
โ”‚   โ”œโ”€โ”€ agent.py                          # Main agent logic
โ”‚   โ”œโ”€โ”€ policy/vuln_triage_policy.yaml
โ”‚   โ”œโ”€โ”€ scenarios/                        # Demo scenarios
โ”‚   โ””โ”€โ”€ reports/                          # Output
โ”œโ”€โ”€ 02-secrets-remediation-agent/
โ”‚   โ”œโ”€โ”€ README.md
โ”‚   โ”œโ”€โ”€ agent.py
โ”‚   โ”œโ”€โ”€ vault_adapter.py                  # Vault integration
โ”‚   โ”œโ”€โ”€ policy/secrets_policy.yaml
โ”‚   โ””โ”€โ”€ scenarios/
โ”œโ”€โ”€ 03-license-risk-agent/
โ”‚   โ”œโ”€โ”€ README.md
โ”‚   โ”œโ”€โ”€ agent.py
โ”‚   โ”œโ”€โ”€ policy/license_policy.yaml
โ”‚   โ””โ”€โ”€ scenarios/
โ””โ”€โ”€ 04-supply-chain-defense-agent/
    โ”œโ”€โ”€ README.md
    โ”œโ”€โ”€ coordinator.py                     # Multi-agent coordinator
    โ”œโ”€โ”€ agents/
    โ”‚   โ”œโ”€โ”€ malicious_code_detector.py
    โ”‚   โ”œโ”€โ”€ typosquat_analyzer.py
    โ”‚   โ””โ”€โ”€ behavior_anomaly_detector.py
    โ”œโ”€โ”€ policy/supply_chain_policy.yaml
    โ””โ”€โ”€ scenarios/
```

## License

MIT โ€” Use freely, attribution appreciated, no warranty.

## About

Built by Maor Kuriel as a proof of concept demonstrating how agentic security patterns can transform Snyk's Application Security platform from detection-focused to action-oriented.

**Contact:** maor.kuriel@snyk.io  
**GitHub:** [@mkuriel1984](https://github.com/mkuriel1984)

---

*This POC is inspired by architectural patterns from the agentic security community but implements original use cases specifically designed for Snyk's platform and strategic direction.*