A new website named Snapscope has been launched by Ubuntu alumnus Alan Pope, enabling users to easily assess the security of apps from the Snap Store. By using the open-source security tool Grype, Snapscope scans Snap packages for known vulnerabilities categorized by critical, high, medium, low, and actively exploited statuses.
Users can search for any Snap package by its name or developer, view recently scanned packages, and see a chart of those with the highest vulnerabilities. The platform also links to additional information regarding the vulnerabilities, allowing users to queue Snap packages for re-scanning.
Alan Pope provides a video guide on how to navigate Snapscope, which can help users better understand its functionality. Despite potentially alarming results from scans, it’s essential to maintain perspective. Most vulnerabilities identified do not stem from the Snap mechanism itself, but rather from outdated libraries included with the packages. Snap maintainers can include their own libraries instead of relying on system-wide ones, which means vulnerabilities remain unpatched unless updated by the maintainer.
While some may raise concerns—as mentioned in Darren Horrocks’ article on Snaps—about the limited updates to numerous packages on the Snap Store, it’s important to recognize that many packages haven’t been touched for years, often serving as experimental work from developers.
The transparency offered by Snapscope highlights the importance of having open conversations about security and may prompt Snap maintainers to update their applications more frequently. Although Snapscope does not inherently prove that Snap is less secure than other packaging formats, it emphasizes the value of feedback in prompting improvements in application security practices.
For more information, visit Snapscope.