DevOps.com

  • Latest
    • Articles
    • Features
    • Most Read
    • News
    • News Releases
  • Topics
    • AI
    • Continuous Delivery
    • Continuous Testing
    • Cloud
    • Culture
    • DevSecOps
    • Enterprise DevOps
    • Leadership Suite
    • DevOps Practice
    • ROELBOB
    • DevOps Toolbox
    • IT as Code
  • Videos/Podcasts
    • DevOps Chats
    • DevOps Unbound
  • Webinars
    • Upcoming
    • On-Demand Webinars
  • Library
  • Events
    • Upcoming Events
    • On-Demand Events
  • Sponsored Communities
    • AWS Community Hub
    • CloudBees
    • IT as Code
    • Rocket on DevOps.com
    • Traceable on DevOps.com
    • Quali on DevOps.com
  • Related Sites
    • Techstrong Group
    • Container Journal
    • Security Boulevard
    • Techstrong Research
    • DevOps Chat
    • DevOps Dozen
    • DevOps TV
    • Digital Anarchist
  • Media Kit
  • About
  • AI
  • Cloud
  • Continuous Delivery
  • Continuous Testing
  • DevSecOps
  • Leadership Suite
  • Practices
  • ROELBOB
  • Low-Code/No-Code
  • IT as Code
  • More
    • Application Performance Management/Monitoring
    • Culture
    • Enterprise DevOps

Home » Latest News Releases » Snyk Builds Security into AWS CodePipeline to Mitigate Open Source Risk for Developer and Security Teams

Snyk Builds Security into AWS CodePipeline to Mitigate Open Source Risk for Developer and Security Teams

By: Veronica Haggar on June 8, 2021 Leave a Comment

Latest integration inside the AWS CodePipeline console builds upon continued collaboration to deliver Snyk products within the AWS DevOps segment, AWS Marketplace, and AWS GovCloud 

Recent Posts By Veronica Haggar
  • DevOps Connect: DevSecOps — Building a Modern Cybersecurity Practice
  • Allego® Launches Allego 7 to Power Sales Enablement that Wins Sellers and Buyers
  • Starburst Acquires Varada To Deliver The New Standard Of Data Lake Analytics
More from Veronica Haggar
Related Posts
  • Snyk Builds Security into AWS CodePipeline to Mitigate Open Source Risk for Developer and Security Teams
  • Survey Uncovers Depth of Open Source Software Insecurity
  • Snyk Acquires Fugue to Secure Cloud Infrastructure
    Related Categories
  • Latest News Releases
    Related Topics
  • Snyk
Show more
Show less

Boston, MA, June 8, 2021 — Snyk today announced it has built an integration inside the AWS CodePipeline console. This new integration allows AWS CodePipeline users to build automated security controls into their deployment pipeline without having to leave the Amazon Web Services (AWS) console, bringing the Snyk experience directly to AWS users, and empowering them to more efficiently find and fix vulnerabilities in open source code when building cloud native applications on AWS.

DevOps Connect:DevSecOps @ RSAC 2022

As security becomes an increasingly crucial priority for development teams, Snyk has worked closely with AWS to automate security tooling onto AWS’s continuous delivery services, accelerating triaging and empowering agility in development when making application and infrastructure updates.

Snyk’s integration inside the AWS CodePipeline console is the latest in a number of key integrations with AWS services, helping customers build security into applications at each level of the technology stack using an intuitive, developer-friendly security platform. Snyk allows DevOps and engineering teams to accelerate security testing by first detecting vulnerabilities in the developer IDE. Using Snyk’s feature-rich CLI, developers can also secure various elements of their workflow such as AWS CodeBuild and AWS CodeCommit. AWS users can then leverage Snyk’s integrations with Amazon Elastic Container Registry (Amazon ECR) and Amazon Elastic Kubernetes Service (Amazon EKS) to scan container images and Kubernetes clusters for vulnerabilities and misconfigurations, even mapping new vulnerabilities to any container images already deployed in a Kubernetes cluster. For serverless workloads, Snyk scans AWS Lambda functions for vulnerabilities and can gate deployments through the CI/CD stage to ensure that only secure workloads are permitted to run in production.

This latest integration inside the AWS CodePipeline console expands upon Snyk’s ongoing collaboration with AWS to ensure that both development and security teams are able to leverage automated tooling to mitigate their open source risk as part of the development process, positively affecting the way they work and interact with one another.

  • Development teams: can easily find, prioritize and fix vulnerabilities in their open source dependencies, delivering secure code faster than their competition without having to adopt gated security audits that disrupt application deployment.
  • Security teams: can enable improvements to the development process that ensure that all applications are continuously scanned for vulnerabilities without requiring the security team to manually meet the break-neck speed of modern application development.

“Snyk and AWS share a common goal: to facilitate a digital transformation for our customers through cloud native services that empower automation and developer engagement,” said Carey Stanton, VP of Business Development, Snyk. “Automation in deployment pipelines is key to adopting a comprehensive approach to security throughout the application development lifecycle. Snyk’s tight interoperability with AWS CodePipeline now makes it even simpler for developers to focus on building applications securely, taking advantage of developer-friendly outputs without having to manage a new set of tools.”

“AWS wants to empower our customers to focus their time and resources on innovating their business, which is why we collaborate with security leaders like Snyk to help automate manual security tasks in development,” said Ken Exner, Director, Developer Tools, AWS. “We’re delighted to be working with Snyk to allow our customers to be more agile when delivering secure applications to market.”

“As a hyper growth business, we need a security partner that can dynamically adapt to our needs and allow us to scale our security posture fast,” said Chaim Mazal, VP of Global Information Security, ActiveCampaign. “With Snyk’s developer first ethos and comprehensive Cloud Native Application Security platform, we’re continuously increasing visibility, mitigating risk, all while positioning our organization to achieve ambitious goals for developer productivity and innovation through our secure software development lifecycle.”

As an AWS Partner within the AWS Partner Network (APN), Snyk has been technically validated to work seamlessly with several AWS services, and has achieved AWS DevOps Competency as well as the AWS Lambda Ready and Amazon Linux 2 Ready designations.

Snyk has also recently announced the availability of Snyk Cloud Native Appliance (Snyk CNA), a self-hosted, dedicated instance of Snyk that can be deployed directly onto a customer’s private AWS environment, or even onto an AWS GovCloud environment, operating workloads up to Impact Level (IL) 5.

About Snyk 

Snyk, a cloud native application security leader, today enables 2.2 million developers to build securely, with a vision to empower every modern developer in the world to develop fast and stay secure. Only Snyk provides a platform to secure all of the critical components of today’s cloud native application development including the code, open source libraries, container infrastructure, and infrastructure as code. Snyk’s developer-first approach enables technology-driven companies to scale security in today’s fast-paced digitally transforming world. Snyk’s security platform is powered by its industry-leading proprietary vulnerability database, maintained by the expert Snyk security research team, that also powers security solutions from strategic partners such as Atlassian, Datadog, Docker, IBM Cloud, Rapid7, Red Hat, and Trend Micro. The company works with global customers of all sizes to empower developers to automatically integrate security throughout their existing workflows.

Named to the 2020 Forbes Cloud 100, the definitive ranking of the top 100 private cloud companies in the world, Snyk was also recently recognized by Comparably as the #3 small-to-medium businesses for Happiest Employees in 2020.

For more information and to get started with Snyk for free today, visit https://snyk.io.

Filed Under: Latest News Releases Tagged With: Snyk

Sponsored Content
Featured eBook
The State of the CI/CD/ARA Market: Convergence

The State of the CI/CD/ARA Market: Convergence

The entire CI/CD/ARA market has been in flux almost since its inception. No sooner did we find a solution to a given problem than a better idea came along. The level of change has been intensified by increasing use, which has driven changes to underlying tools. Changes in infrastructure, such ... Read More
« Ironclad Announces State of Digital Contracting Summit for Makers
HashiCorp Increases Terraform’s Enterprise Appeal »

TechStrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Upcoming Webinars

Continuous Deployment
Monday, July 11, 2022 - 1:00 pm EDT
Using External Tables to Store and Query Data on MinIO With SQL Server 2022
Tuesday, July 12, 2022 - 11:00 am EDT
Goldilocks and the 3 Levels of Cardinality: Getting it Just Right
Tuesday, July 12, 2022 - 1:00 pm EDT

Latest from DevOps.com

Rust in Linux 5.20 | Deepfake Hiring Fraud | IBM WFH ‘New Normal’
June 30, 2022 | Richi Jennings
Moving From Lift-and-Shift to Cloud-Native
June 30, 2022 | Alexander Gallagher
The Two Types of Code Vulnerabilities
June 30, 2022 | Casey Bisson
Common RDS Misconfigurations DevSecOps Teams Should Know
June 29, 2022 | Gad Rosenthal
Quick! Define DevSecOps: Let’s Call it Development Security
June 29, 2022 | Don Macvittie

Get The Top Stories of the Week

  • View DevOps.com Privacy Policy
  • This field is for validation purposes and should be left unchanged.

Download Free eBook

The Automated Enterprise
The Automated Enterprise

Most Read on DevOps.com

What Is User Acceptance Testing and Why Is it so Important?
June 27, 2022 | Ron Stefanski
Rust in Linux 5.20 | Deepfake Hiring Fraud | IBM WFH ‘New No...
June 30, 2022 | Richi Jennings
Chip-to-Cloud IoT: A Step Toward Web3
June 28, 2022 | Nahla Davies
DevOps Connect: DevSecOps — Building a Modern Cybersecurity ...
June 27, 2022 | Veronica Haggar
The Two Types of Code Vulnerabilities
June 30, 2022 | Casey Bisson

On-Demand Webinars

DevOps.com Webinar ReplaysDevOps.com Webinar Replays
  • Home
  • About DevOps.com
  • Meet our Authors
  • Write for DevOps.com
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • Privacy Policy

Powered by Techstrong Group, Inc.

© 2022 ·Techstrong Group, Inc.All rights reserved.