Epic tracking the 4-PR series to ship agent-bom as a Snowflake Marketplace Native App that runs the entire AI-supply-chain security stack inside the customer's Snowflake AI Data Cloud — without extracting any data.
The narrative
Customers using Snowflake as their security data lake have structured + semi-structured + unstructured data already there:
- Structured: `aws_`, `azure_`, `gcp_*` asset/IAM tables (CloudQuery / Steampipe / CSPM exports)
- Semi-structured: VARIANT/JSON event tables (CloudTrail, OCSF, API logs, scan results)
- Unstructured: Snowflake stages holding `.ipynb` notebooks, Terraform/Kubernetes IaC, model artifacts, prompt corpora, training datasets
agent-bom already scans every one of those shapes today (`iac/`, `parsers/training_pipeline.py`, `parsers/dataset_cards.py`, `scanners/`, the 15-framework hub closing #1044). Phase 1–4 lift that into a Native App so the whole stack runs inside the customer's Snowflake — Wiz-shaped UX (Next.js + React Flow graphs), 15-framework compliance mapping, blast radius, ATLAS/ATT&CK tagging, optional MCP runtime — all without data egress.
Why this fits Snowflake's incentives
- Marketplace-listed, free, install-in-minutes → drives Snowpark + SPCS adoption (Snowflake monetizes consumption)
- Native App best practices: versioned, signed, customer-approved grants, EAI-gated egress, application role separation
- Reference customer story: "scanned N agents and M MCP servers across our cloud + AI inventory in our own Snowflake account, signed evidence in `core.findings_by_framework` mapped to all 15 frameworks (SOC 2 / ISO 27001 / FedRAMP / EU AI Act / NIST AI RMF / PCI / etc.)"
Phased delivery
| Phase |
Issue |
What ships |
| 1 — Foundation |
#2210 |
Manifest + customer-approved read-only role + DCM schema bootstrap |
| 2 — Mechanical |
#2211 |
Snowpark Python proc running the existing `compliance_hub.apply_hub_classification` against `core.scan_jobs`; Dynamic Tables for posture rollups |
| 3 — Surface |
#2212 |
SPCS-hosted Next.js dashboard (the existing `ui/`) + FastAPI — no Streamlit detour |
| 4 — Lock-in |
#2213 |
SPCS scanner with EAI-gated OSV/EPSS/KEV/GHSA egress, optional MCP runtime, Marketplace listing, `release-snowflake.yml` lane |
Architecture invariants
- No fork of the scanner code path — Snowpark procs vendor the existing Python modules
- No Streamlit detour — Next.js dashboard ships via SPCS; same image we already publish
- Customer-approved read-only access via manifest `references:` block (not vendor-asserted)
- Zero data egress by default — the only outbound calls are EAI-gated advisory feeds (OSV/KEV/EPSS/GHSA), customer toggles each on at install
- One distribution among four SKUs (CLI / API+Postgres / Helm / Native App) — Native App is additive, not a replacement
- Multi-warehouse customers (Databricks/BigQuery): explicitly not committing to a 3× parity matrix; Snowflake-native is one premium SKU
Out of scope (explicit deferrals)
- Cortex enrichment / Cortex Search / Cortex Analyst — Phase 5
- Snowflake Notebooks template gallery — parallel, lower priority
- Skills inside Snowflake — deferred (CLI/agent ergonomics; warehouse customers don't need them on day one)
- Snowflake Postgres GA migration — DSN swap when GA hits; Phase 1–4 ship against existing Postgres backend or SQLite
Existing scaffold (~80% there)
- `deploy/snowflake/native-app/manifest.yml` — application manifest scaffold
- `deploy/snowflake/native-app/scripts/setup.sql` — `core` schema, app role, scan_jobs table
- `scripts/provision/snowflake_readonly.sql` — 90-line read-only role pattern
- `src/agent_bom/api/snowflake_store.py` — `SnowflakeJobStore`, `SnowflakeFleetStore`, `SnowflakePolicyStore`
- `src/agent_bom/cloud/snowflake.py` — Snowflake-as-source discovery
- `src/agent_bom/snowflake_cis_benchmark.py` — Snowflake CIS coverage
- `deploy/snowflake/streamlit_app.py` — Streamlit dashboard (will be deprecated in Phase 3)
- 6+ `postgres_*_store.py` modules — work unchanged once Snowflake Postgres hits GA (DSN swap)
Closes
Closes the deployment-mode side of #1366 (Snowflake control-plane parity / security-lake mode). The control-plane parity work is partial; this epic finishes it.
Tracking
Sub-issues: #2210, #2211, #2212, #2213
Epic tracking the 4-PR series to ship agent-bom as a Snowflake Marketplace Native App that runs the entire AI-supply-chain security stack inside the customer's Snowflake AI Data Cloud — without extracting any data.
The narrative
Customers using Snowflake as their security data lake have structured + semi-structured + unstructured data already there:
agent-bom already scans every one of those shapes today (`iac/`, `parsers/training_pipeline.py`, `parsers/dataset_cards.py`, `scanners/`, the 15-framework hub closing #1044). Phase 1–4 lift that into a Native App so the whole stack runs inside the customer's Snowflake — Wiz-shaped UX (Next.js + React Flow graphs), 15-framework compliance mapping, blast radius, ATLAS/ATT&CK tagging, optional MCP runtime — all without data egress.
Why this fits Snowflake's incentives
Phased delivery
Architecture invariants
Out of scope (explicit deferrals)
Existing scaffold (~80% there)
Closes
Closes the deployment-mode side of #1366 (Snowflake control-plane parity / security-lake mode). The control-plane parity work is partial; this epic finishes it.
Tracking
Sub-issues: #2210, #2211, #2212, #2213