Snyk CTO Danny Allan warns that the rapid adoption of generative AI coding tools could create a new wave of vulnerabilities across the global software supply chain. As developers increasingly rely on AI assistants to generate, modify, and deploy code, Allan said the industry risks entering what he called a “software security crisis” — one […]
Snyk Acquires Helios to Extend Reach of ASPM Platform
With its Helios acquisition, Snyk plans to add an ability to capture application runtime data to extend the capabilities of its ASPM platform.
Snyk Survey: AI Generating More Vulnerabilities in Code
A Snyk survey finds the use of artificial intelligence (AI) to write code is creating a software security paradox.
Snyk to Add ASPM Platform via Enso Security Acquisition
Snyk this week announced it plans to acquire Enso Security, a provider of an application security posture management (ASPM) solution that tracks events and analyzes metadata collected from DevOps and security tools. At the same time, Snyk revealed it has added a DeepCode AI Fix tool that creates validated fixes for code written by either […]
New Relic Extends Observability Reach to More DevOps Platforms
New Relic today expanded its ecosystem by adding integrations between its observability platform and a wide variety of DevOps and cybersecurity tools. The New Relic observability platform now integrates with offerings from Atlassian, Amazon Web Services (AWS), CircleCI, Confluent, GitHub, JFrog, Lacework and Snyk and the open source Jenkins continuous integration/continuous delivery (CI/CD) platform. Peter […]
Survey Uncovers Depth of Open Source Software Insecurity
A survey from Snyk and the Linux Foundation published today found that less than half of respondents (49%) work for organizations that have security policies in place for the use or development of open source software. The survey, which polled 550 software development professionals, was conducted by Snyk, a provider of tools for securing software, […]
Shift Left is Only Part of Secure Software Delivery
We’re living in the age of accelerated consumption and delivery. You can get a seemingly infinite selection of products delivered to your door within two days, for free, from thousands of miles away. You can access an endless variety of services online within mere seconds: Movies, music, games, education and even health care. These modern […]
How to Mitigate Software Supply Chain Risks
As new vulnerabilities are discovered on a daily basis, DevOps teams must integrate security into the early stages of the development lifecycle and be vigilant about what elements are incorporated into their applications. The Log4J vulnerability has dominated the headlines since it was discovered in December and it continues to send shock waves through the […]
Snyk Acquires Fugue to Secure Cloud Infrastructure
Snyk today announced it has acquired Fugue as part of an effort to embed security within an infrastructure-as-code (IaC) provisioning tool. The Fugue platform combines a unified policy engine with an implementation of the open source Open Policy Agent (OPA) software, dubbed Regula, to ensure security and compliance policies are consistently enforced. OPA provides IT […]
Snyk Extends Tools Portfolio to Drive DevSecOps Adoption
During its online SnykCon 2021 conference this week, Snyk extended Snyk Code, a static application security testing (SAST) tool that already supports the Java, JavaScript and Python programming languages to include support for C#, Ruby, PHP and Go. At the same time, Snyk Open Source, a platform for remediating open source vulnerabilities, has been extended […]