Snyk secures Red Hat on OpenShift & Kubernetes

Snyk (pronounced ‘snick’ or ‘sneak’) was founded in the Holy Land (Tel-Aviv), but now has offices in London and North America.

The company was formed in response to the interconnected nature of cloud (many of which will be open platform technologies) and some of the resulting risks associated with that interconnectivity. 

Cloud applications (some of which will logically make use of discrete container technologies) in their normal run of execution will make various ‘calls’ to different system resources inside and outside of the cloud environment in order to get the data, analytics, processing, memory and storage requirements that they need.

There’s a lot of flexibility in that proposition, but there is also an inherent level of vulnerability

As a security software company, Snyk develops tools to proactively find & fix vulnerabilities and software license violations that exist inside and/or between open source (or other) dependencies and Docker [container] images.

Snyk CEO Guy Podjarny has said before that it’s critical for developers to have security streamlined into their existing workflows and processes to prevent convoluted cloud-connected security vulnerabilities from slowing them down in their pursuit of functional and effective software builds.

Integrated vulnerability management & remediation

As such, Podjarny and team describe their technology as ‘integrated vulnerability management and remediation’ that is capable of running the complete breadth of a software development lifecycle with native integration to the mechanics of the cloud service in question.

As well as working with Microsoft on Azure Cloud and Rapid 7, Snyk is continuing to expand its partner connection prowess. Latest in the company’s arsenal of partners is Red Hat.

Red Hat has collaborated with Snyk to strengthen developer-led security for Red Hat customers with new Snyk integrations for Red Hat CodeReady Dependency Analytics (a technology that plugs into the developer’s IDE, automatically analyses the software composition at hand and provides recommendations to address security holes and licensing problems) and Red Hat OpenShift (an open source container application platform built around Docker containers and based on the Kubernetes container orchestrator) as well. 

Looking at Red Hat CodeReady Dependency Analytics more closely, this tool now integrates Snyk Intel (the company’s proprietary vulnerability database feed) to provide real-time analysis of open source dependencies. 

Additionally, Snyk’s new OpenShift integration, packaged as a certified Red Hat OpenShiftOperator, is intended to help to simplify the work of platform developers and operators by enhancing the security of Kubernetes and container deployments. 

Clean, before the build pipeline

Snyk says its tools allow developers to find and fix vulnerabilities in their open source dependencies, before their code even hits the build pipeline.

Snyk Container integrates across the developer workflow to allow coders to build and use containers in a secure way as is provides advice to address vulnerabilities, while it also monitors workloads in Kubernetes clusters for new vulnerabilities.

The company insists that its developer-first security tools support and integrate into the technologies that OpenShift users prefer and so there is a prioritisation here of the developer experience… plus an additional onward boost for overall business efficiency.

According to Brad Micklea, vice president of developer tools, program and advocacy at Red Hat, the Red Hat CodeReady portfolio is a set of open source development tools and services for creating and delivering containerised applications.

“With additional optimisation provided by Snyk Intel data, the CodeReady Dependency Analytics extension enables users of supported IDEs to view Snyk vulnerabilities as they code, including Snyk premium vulnerabilities and detailed security advisories. Our collaboration with Snyk will provide additional capabilities to help developers build cloud-native applications more securely on OpenShift and transfer new workloads to the platform by embedding security features into existing software development workflows earlier,” said Micklea.

Users of CodeReady Dependency Analytics extension can start the registration for Snyk from within the tool, to expose this data free of charge. This will equip users of the extension (on any IDE supported by CodeReady Dependency Analytics) with the most up-to-date source for fixing open source vulnerabilities.

Snyk Intel, it’s a database

As noted above, Snyk Intel is a database of actionable open source vulnerability intelligence with hand-curated and actionable content from the Snyk research team. Snyk’s new OpenShift integration, delivered as a certified Red Hat OpenShift Operator, allows for the detection and scanning of workloads on OpenShift clusters. Snyk scans the underlying containers in Kubernetes workloads and also provides pod configuration details that help identify areas of increased risk.

According to Udi Nachmany, vice president of cloud alliances at Snyk, this news means that OpenShift operators can drive the integrity and security of clusters from a workload perspective and automate security features into the deployment process, enabling efficiency while limiting tradeoffs.

“With Snyk Intel embedded into IDEs supported by CodeReady Dependency Analytics and Snyk Container securing images from registry to cluster, users can rely on the same leading set of vulnerability data to find, fix and monitor application security risks. This enables enterprises to advance three major digital transformation agendas: developer engagement, application security, and automation for their OpenShift workloads,” said Nachmany. 

Snyk is available on the Red Hat Marketplace. All solutions available through the marketplace have been tested and certified for the Red Hat OpenShift Container Platform, thus allowing them to run anywhere OpenShift runs.

As a Red Hat Ready partner, Snyk is certified for use on Red Hat Enterprise Linux 8 and above.

For more on this see Snyk’s technical blog with more details on the Red Hat partnership.