Snowflake POV deployment runbook¶
Use this page for a Snowflake-oriented proof of value where agent-bom runs in the customer's infrastructure and Snowflake/Cortex inventory is collected inside the operator boundary.
Scope¶
The current POV scope is:
- self-hosted API + UI control plane
- operator-owned Postgres-compatible control-plane database
- Snowflake/Cortex operator-pull inventory
- scan, findings, provenance, permissions, graph, and export review
- optional MCP proxy/gateway enforcement for selected MCP traffic
The POV does not include automatic patching or draft PR remediation. Today agent-bom produces remediation plans and evidence that can be routed into an existing Dependabot, Renovate, Jira, or AppSec workflow.
For Native App evaluations, the packaged SPCS scanner and MCP runtime service
specs are opt-in. API/UI install first; scanner egress to OSV, CISA KEV, FIRST
EPSS, and GHSA is enabled only after the customer binds the EAI references and
calls core.enable_scanner_service(). The MCP runtime service is also
default-off and requires a caller-provided bearer token.
Database options¶
agent-bom needs a transactional Postgres-compatible control-plane database for multi-replica API, fleet, policy, graph, and audit state. The Helm chart does not install a Postgres subchart.
Supported deployment pattern:
- provision the database with the customer's platform tooling
- store
AGENT_BOM_POSTGRES_URLin a Kubernetes Secret or External Secrets backend - run agent-bom API/UI pods with the database secret mounted as environment
- smoke-test migrations, API startup, graph writes, fleet sync, policy, audit, and backup/restore posture
Candidate database services include RDS/Aurora Postgres, Cloud SQL for PostgreSQL, Azure Database for PostgreSQL, Supabase, Crunchy/EDB, and Snowflake Postgres. Snowflake Postgres is a good fit for Snowflake-owned environments when the instance exposes a normal PostgreSQL connection string reachable from the agent-bom API pods. Treat it as a candidate until the smoke tests above pass in the target account and region.
1. Create the database secret¶
apiVersion: v1
kind: Secret
metadata:
name: agent-bom-control-plane-db
namespace: agent-bom
type: Opaque
stringData:
AGENT_BOM_POSTGRES_URL: postgresql://agent_bom:REDACTED@postgres.example:5432/agent_bom?sslmode=require
Apply it out of band through the operator's secret manager, SOPS, CI secret store, or External Secrets. Do not commit the real URL.
2. Deploy the control plane¶
For a focused EKS POV with BYO Postgres:
helm upgrade --install agent-bom deploy/helm/agent-bom \
--namespace agent-bom --create-namespace \
-f deploy/helm/agent-bom/examples/eks-mcp-pilot-values.yaml \
-f deploy/helm/agent-bom/examples/byo-postgres-values.yaml
For a production-shaped EKS profile:
helm upgrade --install agent-bom deploy/helm/agent-bom \
--namespace agent-bom --create-namespace \
-f deploy/helm/agent-bom/examples/eks-production-values.yaml
Use the Snowflake backend overlay only when the POV explicitly wants selected agent-bom stores backed by Snowflake warehouse tables. That is separate from using Snowflake Postgres as the Postgres-compatible control-plane database.
3. Verify the control plane¶
kubectl -n agent-bom get pods
kubectl -n agent-bom logs deploy/agent-bom-api --tail=100
kubectl -n agent-bom port-forward svc/agent-bom-api 8080:8080
curl -fsS http://127.0.0.1:8080/health
curl -fsS http://127.0.0.1:8080/version
curl -fsS http://127.0.0.1:8080/v1/discovery/providers
curl -fsS http://127.0.0.1:8080/v1/auth/policy
For Postgres candidate validation, run at least one scan and confirm API logs show persistent graph/fleet/policy state without falling back to in-memory stores.
4. Generate Snowflake operator-pull inventory¶
Run this from the operator environment, not from the agent-bom API pod:
python examples/operator_pull/snowflake_inventory_adapter.py \
--account my-org-my-account \
--authenticator externalbrowser \
--database AI_PLATFORM \
--schema PUBLIC \
--output snowflake-inventory.json
Then remove Snowflake credential material from the scanner environment before handoff:
5. Scan the pushed inventory¶
Local scan:
agent-bom agents \
--inventory snowflake-inventory.json \
--format json \
--output snowflake-agent-bom.json
CI/SARIF gate:
agent-bom agents \
--inventory snowflake-inventory.json \
--format sarif \
--output snowflake-agent-bom.sarif \
--fail-on-severity high
Review these evidence fields:
discovery_provenance.source_typepermissions_used- redacted
cloud_origin - MCP server names, transports, tools, packages, and PURLs
- graph path from package or finding to MCP server, agent, tools, and credential environment variable names
6. Optional runtime enforcement¶
Use agent-bom proxy for selected local/sidecar MCP enforcement. Use
agent-bom gateway serve for shared remote MCP traffic that should be governed
from one policy/audit plane.
Do not make the gateway a mandatory choke point for the whole POV. Start with a small set of MCP traffic where policy enforcement and audit are the evaluation goal.
What works today¶
| Surface | POV status |
|---|---|
| CLI scan and SARIF gate | Works from packaged install |
| API + UI control plane | Deployable with BYO Postgres |
| Fleet and graph | Deployable for controlled POV; smoke-test in buyer env |
| MCP proxy/gateway | Deployable for selected traffic |
| Snowflake/Cortex inventory | Operator-pull adapter exists |
| Provenance and permissions | JSON, UI, SARIF, OCSF, CycloneDX surfaces exist |
| Remediation | Structured plan only |
Roadmap / do not oversell¶
| Surface | Current state |
|---|---|
| Draft PR remediation | Roadmap; not part of the current POV |
| Auto-remediation | Roadmap |
| Full Compliance Hub | Roadmap |
| Complete IAM-to-agent traversal | Roadmap |
| Snowflake Postgres certification | Candidate until smoke-tested |
The customer-safe positioning is: agent-bom can run in the customer's infrastructure with customer-owned database, identity, network, and secrets. It does not require a hosted agent-bom control plane.