Introducing the Security metrics library scorecard and enhanced Snyk Integration for Compass

We recently added a new Security metrics library scorecard backed by an enhanced Snyk integration. These new features are designed to help teams of all sizes implement, measure, and improve security standards across their software components.

Why Security Scorecards?

Security is a top priority for every engineering organization, but not every team has a formal standard in place or knows how to track progress toward one. The new Security metrics library scorecard provides a ready made starting point, making it easy to measure key security metrics and inspire teams to define and improve their own standards using Compass.

What’s New?

Predefined Security Metrics

The Security metrics library scorecard comes with a set of predefined, actionable metrics, backed by the new Vulnerability event type:

• Open critical severity vulnerabilities (last 28 days)

• Open high severity vulnerabilities (last 28 days)

• Mean time to remediate critical vulnerabilities (average of last 10)

• Mean time to remediate high vulnerabilities (average of last 10)

These metrics give you immediate visibility into your security posture and help you track improvements over time.

Enhanced Snyk Integration

We’ve updated the Snyk for Compass integration to send standardized Vulnerability events, which automatically populate the new scorecard metrics. This means you can connect your Snyk account and start seeing real security data in Compass right away, no custom setup required.

• Easy setup: Connect Snyk directly from the Scorecard Details screen.

• Automated data collection: Snyk scans your repositories and feeds vulnerability data into Compass.

• Actionable insights: See where your critical and high-severity issues are, and how quickly you’re resolving them.

Who Is This For?

• Teams without a security standard: Get started quickly with best-practice metrics.

• Teams new to Compass: See the value of integrating your security tools and data.

• Teams looking to improve: Use the scorecard as a baseline and customize as your needs evolve.

Note: If you already have an advanced, custom security standard, you can still create your own scorecards from scratch in Compass.

How to Get Started

1. Add the Security metrics library scorecard from the Compass scorecard library on the Health page.

2. Install the Snyk app, connect your account, and add a repository link using the quick connect module.

3. Review your metrics and start tracking your security posture.

What’s Next?

We’re eager to see how teams use these new features to raise the bar on security across their orgs. As always, your feedback is invaluable.