Security scans for custom templates¶

Snowflake runs a security scan on custom templates every 30 minutes to identify Jinja code that is susceptible to a SQL injection attack.

Prerequisites¶

To enable the custom template security scan, you must log into the clean rooms UI at least once for a clean room. This table is created and populated by the PRIVACY_AND_SECURITY_SCANNER task.

View security scan results¶

The results of security scans are saved to the samooha_by_snowflake_local_db.public.template_scanner_results table in the provider’s Snowflake account.

To view results of security scans:

Sign in to Snowsight.
Use the database object explorer in Snowsight or a SQL query to view the security scan results:
1. In the navigation menu, select Catalog » Database Explorer.
2. Navigate to SAMOOHA_BY_SNOWFLAKE_LOCAL_DB » PUBLIC » Tables » TEMPLATE_SCANNER_RESULTS.
3. Select Data Preview.
1. In the navigation menu, select Projects » Worksheets.
2. Select + SQL Worksheet.
3. To list the results of the security scans, paste and run the following statement:
  SELECT * FROM samooha_by_snowflake_local_db.public.template_scanner_results;
  
  Copy