Uncategorized How Snyk's approach to application security remedies shift-left shortcomings – SiliconANGLE News
by
Software developers rarely have it easy. From writing, editing and pushing code to fixing the bugs and security issues that show up through production, the expectations most organizations have of their dev teams are immense.
The “shift-left” approach was conceived to root out security problems at the earliest stage of development, but in some ways, it’s added to the degree of complexities facing developers.
“The landscape is changing, both developer and security; it’s just not what it was before,” said Liran Tal (pictured), director of developer advocacy at Synk Ltd., a developer focused all-in-one platform for securing code, dependencies, containers and infrastructure as code. “And what we’re seeing is developers need to be empowered. They need some help, just working through all of those security issues, security incidents happening, using open-source, building cloud-native applications.”
The modern development arena is changing, and so a few mainstay practices don’t quite apply as seamlessly as they used to. Proactivity is an element that’s missing in the traditional shift-left process and is desperately needed in today’s landscape, according to Tal.
Tal spoke with Lisa Martin, host of theCUBE, SiliconANGLE Media’s livestreaming studio, in advance of the upcoming AWS Startup Showcase: Open Cloud Innovations event. They discussed the modern app security threat landscape and how devs can conveniently stay in front of any threats. (* Disclosure below.)
Snyk’s developer security platform funnels directly into development tools, workflows and automation pipelines, making it easy to spot vulnerabilities and security threats ahead of time, according to Tal, whose job is squarely focused on helping developers take full advantage of the platform’s wealth of security and DevOps features.
“What we needed to do is basically put those developer security tools, which is what Snyk is building, this whole security platform” into the developers’ hands at the scale and speed required, Tal added. “So, for example, instead of just finding security issues in open-source dependencies … you can actually open a pull request to your source codes version and management systems,” Tal explained.
Another part of Snyk’s rapid response approach to detecting code vulnerabilities is embedding extensions within integrated development environments. In doing so, security issues and probable points of failure are detected the moment work is saved. This represents a sharp contrast to other application security testing tools that run in the background and give summarized reports after a set time duration. Snyk’s approach is especially more valuable given the fact that developers today work with faster timelines than ever before and need to deploy quickly and constantly.
In the end, the platform makes it such that developers don’t have to be security experts. By showing them the detected vulnerabilities and providing the tools and knowledge to fix those issues, Snyk is actively making devs more efficient, Tal pointed out.
In other aspects of bridging the security knowledge gap for developers, there are also knowledge resources made available to safeguard setups like complex databases from known vulnerabilities.
“As a highlight, there’s a myriad of references that provide users with things like the pull requests, fix dates, or the issue with where the vulnerability was discussed. Having all this information at hand allows for better context as to what made the vulnerability happen,” Tal stated.
The software development and security functions of an organization aren’t rendered completely separate from each other anymore. Consequently, organizations must work toward “creating a more cohesive environment for both these kinds of expertise to synergize towards mitigating security issues,” according to Tal.
Snyk has partnered with Amazon Web Services Inc. for years now. Thus, there is a wide range of integrations within the platform, from the source code editor to code commits and container registries.
“So at the end of the day, Snyk is there to help users out and make sure that if we find any potential issues, anything from licenses to container vulnerabilities or just open-source code, it’s mitigated at the source,” Tal explained.
The recent Log4Shell vulnerability was found in the Java library called Log4J. Using its ecosystem of teams manually finding these recorded events and an autonomous intelligence platform, Snyk is made aware of such vulnerabilities through notifications on the Chatter API.
“And at that point, before it goes to CVE requirement and things like that … we find vulnerabilities really fast and can add them to the database. In summary, this was what we did with Log4Shell,” Tal stated.
As part of Snyk’s recent commitment to further reach and improve the experiences of 28 million devs worldwide, the company has leaned heavily into the power of community and shared experiences. One example is its developer website, which is a community of security and coding professionals trying to learn from each other. Another is the company’s new slew of developer events, one of which is titled “The Big Fix” and slated to launch February 25.
Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of the AWS Startup Showcase: Open Cloud Innovations event. (* Disclosure: Snyk Ltd. sponsored this segment of theCUBE. Neither Snyk nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)
Click here to join the free and open Startup Showcase event.
We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.
Click here to join the free and open Startup Showcase event.
Microsoft uncovers malware campaign targeting organizations in Ukraine
Cybersecurity, blockchain and NFTs meet the metaverse
Warehouse robot maker Exotec raises $335M at $2B valuation
Walmart sets its sights on cryptocurrency, NFTs and the metaverse
What to do in ’22: six cloud trends for the year ahead
Report: Development challenges may delay launch of Apple’s mixed-reality headset
Microsoft uncovers malware campaign targeting organizations in Ukraine
SECURITY – BY . 3 HOURS AGO
Cybersecurity, blockchain and NFTs meet the metaverse
BLOCKCHAIN – BY . 4 HOURS AGO
Warehouse robot maker Exotec raises $335M at $2B valuation
EMERGING TECH – BY . 5 HOURS AGO
Walmart sets its sights on cryptocurrency, NFTs and the metaverse
BLOCKCHAIN – BY . 5 HOURS AGO
What to do in ’22: six cloud trends for the year ahead
CLOUD – BY . 1 DAY AGO
Report: Development challenges may delay launch of Apple’s mixed-reality headset
EMERGING TECH – BY . 3 DAYS AGO
Forgot Password?
Like Free Content? Subscribe to follow.
