Snyk's peak technique: from code to cloud & back to code

Developer security firm Snyk (pronounced sneak) has announced its SnykLaunch Fall 2022 release.

This iteration includes extensions to the company’s existing Developer Security Platform – so the message here is DevSecOps, rather than just DevOps.

New capabilities exist to more secure the software supply chain, including enhancements to simplify the emerging requirements around software bill of materials (SBOM).

There are also revamped reporting features, allowing for greater visibility and governance for developer security programs; and, recently developed plans to help existing customers get the most out of their Snyk investment.

“Snyk was founded on the belief that the developers building our collective future should also be empowered and equipped to secure it,” said Adi Sharabani, chief technology officer, Snyk. “We’re proud to share today’s latest significant developments to help our global customers continue their pace of innovation securely.” 

Code to cloud & back to code

With limited availability first announced in July 2022 the Snyk Cloud security solution designed by and for developers, is now generally available.

Made possible by the acquisition of Fugue earlier this year, Snyk Cloud customers are the first to benefit from a platform and policy engine that equips them to create secure deployments via a feedback loop: from code to cloud and back to code. Developers now have the ability to secure their cloud before deployment and maintain its secure integrity while running as well as then assess and prioritise the precise places to provide fixes back in their code.

Recent vulnerabilities like Log4Shell as well as new guidance from the White House have placed a spotlight on supply chain security and the complex security challenges that have emerged as a result of how modern developers build apps by assembling code. 

With Snyk’s new SBOM features, customers will gain full spectrum visibility into their software supply chains. These new capabilities include:

  • Developer-First Application Programming Interface (API) & Command-Line Interface (CLI): generates SBOMs, allowing customers to create one source of truth and have comprehensive visibility into their full software supply chain;
  • SBOM Checker: scans standard SBOMs to identify security vulnerabilities for free; and,
  • Bomber Integration: scans SBOMs using Bomber, a popular open source application, and tests them against the Snyk Vulnerability Database. 

Revamped reporting 

Effective DevSecOps requires truly shared responsibility across security and development teams. To provide the visibility needed to make collaborative, data-based decisions, Snyk’s new reporting features were made possible by the acquisition of TopCoat earlier this year.

Implementing best-in-class data tools to ensure optimised performance and reliability, Snyk’s revamped reporting provides development and security teams with visibility. 

Snyk currently offers a variety of programs for customers designed to help implement Snyk into their environment as well as strategically guide long-lasting DevSecOps. 

New professional service offerings are additions to Snyk Learn, a collection of assets that includes webinars and tutorials that provide by-role best practices.