Sysdig and Snyk partner up, announce DevSecOps integration
Sysdig and Snyk have announced the integration of Sysdig Secure with Snyk Container to cover container security from development through operations.
According to a statement, the integration allows teams to eliminate up to 95% of vulnerability alerts using runtime intelligence from Sysdig Secure with Snyk Container.
With this partnership, Sysdig and Snyk bring together the container runtime and developer security tools, for the first integration that bridges developer, DevOps, and SecOps teams.
Sysdig runtime context provides Snyk users the ability to quickly pinpoint exploitable packages that are active in production applications.
The integration aligns developer, operations and security teams on which vulnerabilities to prioritise fixing first, focusing developer resources on the biggest risks, the company states.
Security and operations teams responsible for monitoring the runtime environment need the container and Kubernetes visibility required to flag newly identified vulnerabilities for workloads running in production, the company states.
They also need to detect threats attacking vulnerabilities that have not been fixed, and to stay ahead of zero day exploits.
Sysdig's container visibility and threat protection, and Snyk's developer-first tooling pair accurate runtime threat protection with early detection and vulnerability management.
By bringing this information into the development pipeline, Sysdig and Snyk are able to help development teams eliminate the vulnerabilities that would otherwise demand their attention.
Sysdig and Snyk's new collaboration helps organisations more effectively remove the security barriers that stand in the way of faster innovation. According to the company, this is accomplished by:
Securing the entire container lifecycle: Every aspect of the container and Kubernetes lifecycle is covered - from the most secure base images to detecting and prioritising which vulnerabilities require attention, to monitoring running workloads for real-time threats and new vulnerabilities.
Building securely from the start: Snyk's security insights and automated remediation are seamlessly integrated to more easily find, prioritise and fix vulnerabilities in containers and open source dependencies.
Protecting against runtime threats: Sysdig's runtime security, based on open source Falco, detects threats across containers and Kubernetes, and captures detailed activity, enabling teams to accelerate incident response.
Prioritising the security alerts that matter most: With the integration of Snyk and Sysdig, organisations can pinpoint exploitable packages that are active in production applications. This enables organisations to prioritise container vulnerabilities that pose the greatest risk, reducing noise and overall risk to gain developer speed and efficiency.
Snyk chief executive officer Peter McKay says, "For too long, developers have been tasked with the impossible: fighting the unrelenting vulnerability noise that compromises both their speed as well as their company's overall security.
"Together with Sysdig, we're now empowering millions more developers worldwide to innovate securely. We're excited for what's ahead as together we advance the global DevSecOps movement in 2022 and beyond.
Sysdig chief executive officer Suresh Vasudevan says, "The deep visibility available with Sysdig's runtime security and Snyk's developer-first tooling enables developer, DevOps, and security teams to achieve better alignment so they can manage risk without delaying software releases. The increase in productivity helps drive innovation, cost savings, revenue growth, and customer satisfaction.