CIO Influence
CIO Influence News Cloud

SnykLaunch April 2023 Highlights New Code to Cloud Capabilities to Tackle Software Supply Chain Security

SnykLaunch April 2023 Highlights New Code to Cloud Capabilities to Tackle Software Supply Chain Security

Snyk, the leader in developer security, announced its SnykLaunch April 2023, a series of strategic enhancements to the company’s Developer Security Platform. These latest innovations enable global enterprises to create a secure software supply chain, while advancing greater DevSecOps collaboration and enhancing developer productivity.

Now available as part of the SnykLaunch April 2023 line up:

  • Developer-First Application Security for C/C++: Snyk now brings the developer-led security experience to the realm of securing C/C++ apps, applying its semantic, AI-based analysis engine to this language now again increasing in popularity.
  • More Effectively Securing the Cloud by Driving Contextual Fixes in Infrastructure as Code (IaC) Pipelines: Snyk is taking the complexity out of connecting cloud security issues back to their IaC source, significantly simplifying fixes for platform teams.
  • Layering Automated Security in Container Supply Chain: Snyk Container now provides vulnerability fix guidance to match the complex, layered container build chains used by mature teams.
  • Increased DevSecOps Collaboration: New integrations with ServiceNow as well as Atlassian, AWS and Dynatrace bring greater software supply chain security visibility to enterprise security and operations teams.

“In every 2023 discussion I’ve had with security leaders, supply chain security is voiced as the persistent weak link in their enterprise security strategy,” said Peter McKay, CEO, Snyk. “The maturity of Snyk’s platform allows developer, operations and security teams to better understand and meaningfully reduce risk, while also achieving significant developer productivity gains and overall security spend consolidation.”

“These latest enhancements are indicative of Snyk’s commitment to an unified security approach that is best suited to accelerate secure innovation,” said Manoj Nair, Chief Product Officer, Snyk. “We’re proud to have purposefully combined a series of otherwise siloed solutions into one platform that best equips and empowers global developers to successfully secure everything they build, while also giving security teams the visibility they need to drive a culture focused on effective remediation.”

CIO INFLUENCE: Datometry Releases Driver Integration for BigQuery, Further Future-Proofing Its Customers’ Investments

Application Security Leadership For Six Million C/C++ Developers

Creating secure C/C++ applications has historically been a challenge given the low-level nature of the language and the multitude of ways C/C++ applications have been written over the course of their four decade legacy. Accurately scanning C/C++ code, and identifying all of the open source packages being used, while at the same time providing fast, developer-oriented results has made existing application security solutions overly complex.

Snyk is now bringing its proven developer-first application security model to this mature ecosystem to secure the code and complex open source package supply chain as well as reduce open source license compliance headaches. Snyk scans up to 100x faster than alternate solutions with built-in fixes and unparalleled accuracy so developers can identify and fix issues as they work. In addition, Snyk guides developers to fix C/C++ packages even where package code is manually copied in (a particularly prevalent method of package management in this ecosystem).

New Snyk Learn lessons specifically designed for C/C++ developers build security education right into the process. These new releases give desktop, server and web app developers the actionable security coverage they need for C/C++ (and all of the other popular languages they use), while ensuring security teams have complete visibility of vulnerabilities and compliance across all of their development projects.

Simplifying Cloud Security Fixes Across IaC Pipelines and Cloud Environments

For cloud and platform engineers, Snyk’s new IaC and cloud feature automatically links running cloud resources to the IaC source template. This new capability makes it simple for security teams to identify the source of the issue and notify the right cloud team members and, in turn, makes it easy for engineers to see where and how to resolve the problem in their IaC.

CIO INFLUENCE: Ericsson presents a Green Financing Framework

Snyk’s Developer Security Platform continues to evolve to address the full software development life cycle — from code to cloud, and back to code. A developer-first approach to cloud security solves a significant problem that exists between current IaC and cloud security tools, which are not able to accurately correlate cloud security issues to their original source.

Layering Automated Security in Container Supply Chain

Snyk Container now extends its ability to provide fixes that are relevant to the unique nature of how containers are built by adding support for the internally curated “golden images,” many companies provide for their developers. The DevOps and platform teams creating these internal base images now benefit from full visibility into issues and fixes.

At the same time, development teams are automatically guided to use the most current internal images with the noise of container vulnerabilities eliminated. This ensures developers always start from the most secure containers, supporting open standards as well as company-defined software bill of materials under one consolidated umbrella.

DevSecOps Central to Enterprise Security

Snyk is known for bringing security into the world of developers, integrating with the tools developers are already using everyday. Snyk now seamlessly integrates into ServiceNow’s Vulnerability Response solution as well as AWS CloudTrail Lake to bring software supply chain visibility to enterprise security teams. Upcoming integrations with Atlassian Jira and Dynatrace will further deepen application security integration for developers and operations teams respectively.

CIO INFLUENCE: Apprentice Now Joins Amazon Web Services Training Partner Program to Deliver AWS Cloud Skills Training

[To share your insights with us, please write to sghosh@martechseries.com]

Related posts

Appdome Partners with GitLab to Enhance Security in the Mobile App Economy

Cyware Partners with RiskIQ to Deliver Actionable Threat Intelligence

Conceal Partners with Barrier Networks to Increase Cyber Resiliency of UK Businesses and Critical Infrastructure Sector