Vision.bi Native App Overview

*New! Vision.bi Native App

The Vision.bi Native App is an application available to Vision.bi customers via the Snowflake Marketplace. The app includes various modules designed to help customers efficiently manage their Snowflake environment.

Screenshot from Snowflake:

Key modules of the app include:

• Contracts Module – Provides an overview of the customer's contract with Snowflake, including credit balance and renewal forecasts.

• Consumption Analysis Module – Enhances Snowflake query history data with additional attributes to optimize resource utilization and reduce costs.

• Roles Explorer Module – Allows users to analyze and visualize role-based permissions in Snowflake, ensuring proper access control and minimizing excessive permissions.

The entire application is built using Streamlit in Snowflake and runs securely within the customer’s Snowflake environment, without any access to customer data or information sharing.

• The only data the app accesses are roles metadata and query history for analysis. These records remain within the customer's Snowflake environment and are never shared externally.

• Application logs are recorded within the events log table in the customer's Snowflake account, and the customer has full control over whether to share these logs.

• At any time, the app can be removed and all access revoked immediately.

Getting Started

Request for access

Please provide your Snowflake data sharing account identifier so we can grant you access to a listing.

To find this identifier log in to your Snowflake account and click at your user profile at the bottom of the screen > Account > View account details > Copy data sharing account identifier (you can view a visual path here).

You can also run the following SQL command:

SELECT CURRENT_ORGANIZATION_NAME() || '.' || CURRENT_ACCOUNT_NAME();

Then, share your identifier with us.

Installation

Find the app on Snowflake Marketplace

1. Switch to ACCOUNTADMIN role

2. Search for “vision.bi”

3. “Get” to install

4. Wait for it to complete

*Link to the market place (Or navigate on the menu)

https://app.snowflake.com/marketplace/data-products/search?search=vision.bi

Configure

1. Once completed click configure

2. Grant App Privileges 

Compute Analysis - Load data & reference it

Once the app is installed you can load the compute analysis data. 

The full guide can be found in the App (In each module)

Once running the stored procedure the data will be available in the UI. 

Every execution is overwriting the data - In order to load the data incrementally you’ll need to create a “_data” database in your account. All command exists in the guide.

After you created the PERMANENT table, please MAP it in the Privileges tab in the app.

Security Overview for Snowflake Native Apps

Introduction

This section provides an overview of the security measures, penetration testing, and risk mitigation strategies for Snowflake Native Apps running on the Snowflake Marketplace. It is intended to help security teams evaluate the security posture of these applications.

1. Security Architecture of Snowflake Native Apps

• Snowflake Native Apps run entirely within the customer’s Snowflake account.

• The app does not have access to any data unless explicitly granted permissions by the customer.

2. Penetration Testing and Security Validations

Snowflake implements rigorous security assessments, including:

• Automated Security Scanning: Static and dynamic analysis to identify vulnerabilities.

• Penetration Testing (PT): Snowflake conducts internal penetration testing on the native application runtime environment.

3. Risk Mitigation for Customers

To further secure the deployment of a Snowflake Native App, customers can:

• Monitor app activity: Utilize Snowflake’s query history and access logs to track interactions.

• Grant only necessary permissions: Use role-based access control (RBAC) to limit access - By default only account admin is granted.

4. Customer-Specific Security Testing

• All objects are created within a structure similar to a database and are fully visible to the customer. The app installation generates standard Snowflake objects such as Views, Stored Procedures, and Functions, with no hidden objects.

5. Removing an App and Revoking Access

• Customers can remove a Native App at any time and revoke any permissions previously granted.

• Deleting the app does not impact existing data unless explicitly modified by the customer.

Appendix: Automated Security Reviews by Snowflake

Introduction

To ensure the security and integrity of all applications published on the Snowflake Marketplace, Snowflake enforces a rigorous security review process. Every Native App undergoes an automated security evaluation before being made available to customers. This process helps detect vulnerabilities, enforce best practices, and mitigate potential security risks.

Security Reviews

To mitigate potential security risks, Snowflake employs the Native App Anti-Abuse Pipeline Service (NAAAPS), which automatically scans all new app versions using various tools to determine if an app can be distributed to consumers. ​https://docs.snowflake.com

This automated security review occurs when a new version or patch of an app is created. The process involves copying the app to a dedicated Snowflake account used for scanning, analyzing the app's files, and updating the security review status accordingly. Based on the findings, the app is either auto-approved or subjected to a manual review. Providers can monitor the status of their app's security review in Snowsight.​https://docs.snowflake.com+1https://docs.snowflake.com+1

The automated security review utilizes a variety of scanners and tools to analyze different components of an app, including:​

• Code Analysis: Scanning the code for bugs, anti-patterns, and security vulnerabilities.​

• Malware Detection: Identifying any malicious software within the app.​

• Dependency Vulnerability Assessment: Detecting vulnerabilities in the app's dependencies or libraries.

Source: ​https://docs.snowflake.com

These processes help detect various security issues, such as data exfiltration, ransomware, compute abuse, privilege escalation, and dynamic code execution.​

By implementing these automated security reviews and utilizing comprehensive scanning tools, Snowflake ensures that every native app published on the Snowflake Marketplace has undergone a thorough security check, aligning with industry best practices.