The Snyk replace additionally contains integrations with new devsecops merchandise from suppliers together with AWS, ServiceNow, Jira and Dynatrace. Snyk has built-in with ServiceNow’s Vulnerability Response utility and AWS CloudTrail Lake — each cloud workload visibility instruments — to assist bolster the safety posture of enterprise software program provide chains.
Securing cloud apps with IaC
Snyk has additionally enhanced the Snyk IaC module of its platform with cloud-specific capabilities, which routinely hyperlink cloud assets to an IaC supply template — a code infrastructure blueprint. This can allow safety groups to hint a specific cloud problem again to its supply code and notify the suitable staff to repair it.
Whereas the brand new options are necessary for fixing misconfigurations on the IaC degree, they nonetheless can’t function a alternative to cloud security posture management (CSPM) for cloud assets. Whereas IaC could be regarded as an architectural blueprint, CSPM secures the precise constructing, Yates stated.
“With IaC, you make sure the blueprint all adds up to create a great plan. With CSPM, you are closing down windows that have been left open in the actual building that was built from that plan,” Tweedie-Yates added.
Within the analogy, Snyk’s enhancement traces a window constructed with flawed form within the precise constructing again to the precise place within the blueprint the place the plan was laid out and fixes it there, Yates defined.
Snyk Container has additionally obtained an improve, providing enhanced assist for “golden images,” which consult with standardized, preconfigured container bases used for the deployment of a number of situations of an utility or service. Golden pictures are an necessary software for managing container deployments, as they supply a constant and repeatable deployment course of that may be simply automated.
Author:
Date: 2023-04-04 14:59:00