Request edit access
JavaScript isn't enabled in your browser, so this file can't be opened. Enable and reload.
Native Apps Security Questionnaire
Please ensure that Snowflake has access to any documents that are linked in your response
Sign in to Google
to save your progress.
Learn more
* Indicates required question
Email
*
Your email
Snowflake contacts
Please provide the emails for any Snowflake employees you are working with
Your answer
What is your organization's name?
*
Your answer
Application Overview
Please describe your application and its purpose
What is your application's name?
*
Your answer
What does your application do?
*
Your answer
What are some of the use cases for the application?
*
Your answer
Is your application ready to publish?
*
Yes
No
Application Architecture
Please provide architecture documentation for your application. Please provide a relevant link for each of the following questions.
Please read and ensure your application meets the
security requirements
for Native Applications
I have read the security requirements linked above
My application meets the security requirements linked above
Following
security best practices
for Native Applications increase the chances of an application being approved.
I have read the security best practices
Please provide information about all components of your application. Including but not limited to:
All containers in the application
*
Your answer
All public endpoints exposed by the application
*
Your answer
All external integrations (provider or 3P services)
*
Your answer
Does your application use 0.0.0.0 for egress network rule/external access integration?
*
Yes
No
If no please list all egress URLs used by your application
Your answer
Does your application use any machine learning models not included in the application package?
*
Yes
No
Does your application need to download code not included in the application package?
*
Yes
No
All UDFs
*
Your answer
Authentication/Authorization controls (if any)
*
Your answer
Other security controls
Your answer
Please provide a link to an architecture diagram showing information flow between all the components
*
Your answer
Please provide information about data accessed/processed by your application
All consumer data accessed by the application
*
Your answer
Does your application store any consumer data outside the consumer account? Including but not limited to:
* Any account access credentials
* Weights/models derived from consumer data
* Keys
* Logs etc.
*
Yes
No
If yes please list all the consumer data stored by the application outside the consumer account.
*
Your answer
Does your application access any data stored in provider account?
*
Yes
No
All provider data accessed from the application that's not included in the app package
*
Your answer
Security Assurance
Please describe in detail all security assurance activities.
Please select all applicable SDLC security activities followed
during the development of your application
*
Threat modeling
Authenticated access to source code
Peer reviews
Static analysis to discover security issues
Dependency scans for supply chain risks
CVE scans
Dynamic security testing
Penetration testing by a third party
Other:
Required
Please select all applicable vulnerability management activities performed in your organization
*
Endpoint vulnerability scanning
Network vulnerability scanning
Patch management
Vulnerability risk assessment
Risk based vulnerability remediation SLA
Vulnerabilities remediated with SLA
Other:
Required
Do you have an incident response plan with published SLAs
*
Yes
No
Please provide contact information that can be used to contact your organization in case of a security incident
*
Your answer
Do you have a vendor security program?
*
Yes
No
If yes, please provide details about your vendor security program
Your answer
List all applicable certifications:
SOC 2
PCI DSS
HIPAA
ISO 27034/27001 compliance
NIST SP 800.218 compliance
Other:
Images
Please answer the following questions regarding the images included in your application.
Does your application use minimal base images (chainguard, distroless, etc.)?
*
Yes
No
Please provide the path for all custom code developed by you in the image
*
Your answer
Have the images in the application been scanned for CVEs?
*
Yes
No
Do the images contain any critical or high severity CVEs? If yes, please provide an explanation for why your application is not impacted by the CVEs
*
Your answer
Have the images in the application been scanned for malware?
*
Yes
No
Does the container in your application run with a non root user that has minimum privileges required for the application to function?
*
Yes
No
Are image layers and command history available in the images?
*
Yes
No
Application
Please provide additional information about the application and associated objects / permissions it requires.
Please list all the objects created and permissions requested in a consumer account by your application
*
Your answer
Can any functionality in your application be accessed by a user without that user authenticating through Snowflake first?
*
Yes
No
Send me a copy of my responses.
Submit
Page 1 of 1
Clear form
Never submit passwords through Google Forms.
reCAPTCHA
Privacy
Terms
This form was created inside of Snowflake Inc..
Does this form look suspicious?
Report
Forms
Help and feedback
Contact form owner
Help Forms improve
Report
