Security requirements and best practices for a Snowflake Native App

This topic describes the security requirements and best practices that providers must follow when developing a Snowflake Native App. All apps that meet the conditions described in Automated security reviews must conform to the security requirements outlined in the following sections:

Note

Security requirements are subject to change as Snowflake continues to monitor new potential risks.

Security requirements for application code

App code included within an application package must conform to the following security requirements:

  1. Your app must not load or execute any code from outside the application package except Snowflake-provided libraries. All the app code, including all library dependencies and setup code, must be included in the app version defined in the application package.

  2. All app code must be un-obfuscated, meaning that the code must be human readable. This requirement includes minified JavaScript code.

    Note

    If an app needs to use minified JavaScript code, it must include a corresponding source map file that can be used to recover the un-minified code.

  3. All dependencies or libraries with critical or high common vulnerabilities and exposures (CVE) must be updated to a secure version, if available.

Security requirements for app functionality

The following security requirements apply to the functionality of your app:

  1. All apps must provide the following information to customers as part of a listing:

    1. All app functionality and features.

    2. All Internet endpoints and URLs that the app connects to.

    3. All external functions in the app.

    4. Any consumer data logged, collected, or stored by the app.

      1. Apps should prohibit all non-essential cookies.

      2. Apps should communicate all essential cookies to consumers

  2. Apps should function as advertised in the app listing.

  3. All app installation and setup instructions must be included in the app listing.

  4. Apps must not store or require any plain text customer secrets.

  5. Any communication between the app and the Internet should be over an HTTPS connection with a valid TLS certificate.

  6. Apps must not have any functionality that could result in harm to Snowflake, its customers, or third parties. Harm includes but is not limited to:

    1. Data leakage and/or loss;

    2. Restricting consumer access to their data unless explicitly designed as part of the app functionality, for example, data masking for data access policies.

    3. Excessive resource consumption.

    4. Arbitrary code injection/execution.

  7. All connections to an app, including web-based user interfaces and APIs, must first authenticate using a Snowflake-provided method of authentication. Any app-specific authentication must be presented to users after Snowflake authentication has succeeded.

  8. Apps should not create any public endpoints that allow connections to the app without a successful authentication through Snowflake first.

Security requirements for app permissions

The following security requirements apply to the privileges set by your app:

  1. All apps must provide the following information in the manifest file:

    1. All privileges required by the app on all objects.

    2. All API integrations.

  2. Apps should only ask for the minimum set of privileges needed for the app to function.

Best practices for developing and publishing an application package

To streamline the development and publishing process for a Snowflake Native App, Snowflake recommends creating two separate application packages:

  • Development application package

    The development application package is intended for rapid iteration and testing purposes. It should have its DISTRIBUTION property set to INTERNAL. This ensures that the application package remains internal and is not distributed to external consumers or to Snowflake scanning and approval.

    By keeping this package separate from the production package, developers can quickly make changes and test new features without triggering the security review process for each iteration.

  • Production application package

    The production application package is intended for publishing an application package and distributing it to Snowflake for scanning and approval and to external consumers. The production application package should have its DISTRIBUTION property set to EXTERNAL.

    Only versions that have passed the provider’s security review should be added to this package, ensuring that the app meets the required security standards before being made available to consumers.

By following the best practice of having separate development and production packages, developers can maintain an efficient development lifecycle while ensuring that only secure and approved versions of the app are published and distributed to external consumers.

Language: English