DevOps.com

  • Latest
    • Articles
    • Features
    • Most Read
    • News
    • News Releases
  • Topics
    • AI
    • Continuous Delivery
    • Continuous Testing
    • Cloud
    • Culture
    • DevSecOps
    • Enterprise DevOps
    • Leadership Suite
    • DevOps Practice
    • ROELBOB
    • DevOps Toolbox
    • IT as Code
  • Videos/Podcasts
    • DevOps Chats
    • DevOps Unbound
  • Webinars
    • Upcoming
    • On-Demand Webinars
  • Library
  • Events
    • Upcoming Events
    • On-Demand Events
  • Sponsored Communities
    • AWS Community Hub
    • CloudBees
    • IT as Code
    • Rocket on DevOps.com
    • Traceable on DevOps.com
    • Quali on DevOps.com
  • Related Sites
    • Techstrong Group
    • Container Journal
    • Security Boulevard
    • Techstrong Research
    • DevOps Chat
    • DevOps Dozen
    • DevOps TV
    • Digital Anarchist
  • Media Kit
  • About
  • AI
  • Cloud
  • Continuous Delivery
  • Continuous Testing
  • DevSecOps
  • DevOps Onramp
  • Practices
  • ROELBOB
  • Low-Code/No-Code
  • IT as Code
  • More
    • Application Performance Management/Monitoring
    • Culture
    • Enterprise DevOps

Home » Blogs » DevOps and Open Technologies » Snyk Tool Prioritizes Open Source Vulnerabilities

vulnerabilities

Snyk Tool Prioritizes Open Source Vulnerabilities

By: Mike Vizard on July 22, 2020 2 Comments

Snyk today announced it has enhanced the ability of its namesake vulnerability scanning tool by adding the ability to identify which open source vulnerabilities should be fixed first using a scoring tool that leverages data science and machine learning algorithms to analyze code.

Recent Posts By Mike Vizard
  • Postman Survey: Increased Usage of APIs Results in More Security Incidents
  • Survey Shows Steady DevSecOps Progress
  • Why DevOps Teams Need Security Engineers
More from Mike Vizard
Related Posts
  • Snyk Tool Prioritizes Open Source Vulnerabilities
  • Trend Micro Partners With Snyk to Advance DevSecOps
  • ZeroNorth Extends DevSecOps Orchestration Reach
    Related Categories
  • Blogs
  • DevOps and Open Technologies
  • DevSecOps
    Related Topics
  • devsecops
  • open source
  • open source security
  • vulnerabilities
Show more
Show less

In addition, DevOps teams can now take advantage of automated pull requests to fix those vulnerabilities.

AppSec/API Security 2022

Finally, DevOps teams also can define policies that require certain classes of vulnerabilities to be fixed whenever they are identified.

Aner Mazur, chief product officer for Snyk, said given the number of open source modules employed and the dependencies that exist between them, staying current on patches and updates has become a major challenge. The only way to achieve that goal is to rely more on tools that help automate that process, he said.

These days it’s easy for development teams to feel overwhelmed by patch requests to fix open source security vulnerabilities. The trouble is, not all those requests are of equal weight. Snyk provides tools that enable developers to understand which vulnerabilities are of the highest severity and how they might impact their code.

Armed with that insight, Mazur said, it then becomes possible to prioritize remediation tasks within the context of a DevSecOps process. Otherwise, developers will simply fix vulnerabilities regardless of relevance as time allows. Developers may remediate dozens of bugs only to discover that a critical flaw that had been left unaddressed led to a major compromise.

It’s also not uncommon for DevOps teams to fail to appreciate dependencies between open source code modules. When patches to code are applied in the wrong order, an application can break, resulting in DevOps teams having to start the whole process over. The prioritization tools provided by Snyk prevent that from occurring, Mazur said.

In the absence of any ability to prioritize vulnerabilities, developers eventually become inured to patch requests because they don’t know whether their patching efforts are making any real difference, he added.

Worse yet, all the time spent on patching low-level vulnerabilities reduces the amount of time developers have available to write new application code. In fact, one of the paradoxes of DevOps is as the number of applications deployed increases so too does the amount of time spent debugging them. Before too long, a DevOps team can find itself spending more time fixing existing code than developing new applications.

As DevOps teams become more dependent on open source code, they benefit from the collective security efforts of all the contributors to that project. The result is more secure code, as patches to remediate specific issues are made available. The challenge now is finding a way to automatically apply those updates in a way that doesn’t conspire to slow down the overall application development process. Achieving that goal requires visibility into what is now a multitude of open source projects that no DevOps team is ever going to be able to consistently achieve on its own.

Filed Under: Blogs, DevOps and Open Technologies, DevSecOps Tagged With: devsecops, open source, open source security, vulnerabilities

Sponsored Content
Featured eBook
The State of Open Source Vulnerabilities 2020

The State of Open Source Vulnerabilities 2020

Open source components have become an integral part of today’s software applications — it’s impossible to keep up with the hectic pace of release cycles without them. As open source usage continues to grow, so does the number of eyes focused on open source security research, resulting in a record-breaking ... Read More
« Exadel Meets Growth Projections, Secures New Clients And Expands Senior Management Team In Second Quarter Of 2020
Vercel Makes Front End Applications Faster »

TechStrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Upcoming Webinars

Transforming the Database: Critical Innovations for Performance at Scale
Tuesday, August 23, 2022 - 1:00 pm EDT
Modern Data Protection With Metallic DMaaS: Hybrid, Kubernetes and Beyond
Wednesday, August 24, 2022 - 11:00 am EDT
DevOps Unbound: Report on AI-Augmented DevOps
Tuesday, August 30, 2022 - 11:00 am EDT

Latest from DevOps.com

Postman Survey: Increased Usage of APIs Results in More Security Incidents
August 19, 2022 | Mike Vizard
Free Dev Tools! But What’s the Catch?
August 19, 2022 | Sharon Sharlin
Unstructured Data Management: Avoiding Insider Knowledge Gaps
August 19, 2022 | Scotty Calkins
Agile Sucks (Redux) | Plus: DevOps on Mars
August 18, 2022 | Richi Jennings
Survey Shows Steady DevSecOps Progress
August 18, 2022 | Mike Vizard

GET THE TOP STORIES OF THE WEEK

Download Free eBook

The State of Open Source Vulnerabilities 2020
The State of Open Source Vulnerabilities 2020

Most Read on DevOps.com

Building a Platform for DevOps Evolution, Part One
August 16, 2022 | Bob Davis
5 Ways to Prevent an Outage
August 15, 2022 | Ashley Stirrup
Techstrong TV: Leveraging Low-Code Technology with Tools �...
August 15, 2022 | Mitch Ashley
The Rogers Outage of 2022: Takeaways for SREs
August 15, 2022 | JP Cheung
Five Great DevOps Job Opportunities
August 15, 2022 | Mike Vizard

On-Demand Webinars

DevOps.com Webinar ReplaysDevOps.com Webinar Replays
  • Home
  • About DevOps.com
  • Meet our Authors
  • Write for DevOps.com
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • Privacy Policy

Powered by Techstrong Group, Inc.

© 2022 ·Techstrong Group, Inc.All rights reserved.