Platform engineers need to be empowered in an organization’s security program. Their work has huge leverage over a product's security posture, arguably as great an impact (some would even say greater) than application vulnerabilities. Despite the significance of the impact of their work, their role in security programs remain ill-defined.
The Docker developer ecosystem is continuously growing, and container security is becoming even more important as the Docker developer ecosystem evolves. The developer-friendly Snyk security integration with Docker is invaluable in today’s landscape. Snyk has made significant updates to the Docker Desktop Extension and continues to evolve the extension to ensure the applications and images pushed to the container registry don't have critical vulnerabilities.
Digital transformation initiatives have pushed software development to the next level. Today's consumers demand an optimum customer experience and expect modern apps to live up to high expectations. So, the average developer in 2023 must keep up with faster delivery, more eye-catching features, and better functionality. This unprecedented growth in the software development industry has led to a massive disparity between development and security teams.
How hard can it be to support custom container image tags? Turns out… quite! I know this because my team has been busy at work on our new custom base image support for Snyk Container, andwe were tasked with the following problem: Given a tag, parse its parts to be able to compare it to other similar tags. It was a fun problem to solve, and we'd love to share how we got to our final solution!
Snyk is known for its developer-first application security solutions for many ecosystems like Java, JavaScript, Python, and more. Snyk enables developers to not only find issues but quickly apply fixes, revolutionizing security and supporting its integration at the earliest stages of the SDLC. In 2022, we released the first round of support for C/C++ open source packages, and today we’re excited to announce the Open Beta of C/C++ for Snyk Code and licenses for Snyk Open Source.
In July 2022, we announced Snyk Cloud, extending the Snyk developer security platform to secure application and infrastructure configurations in running cloud environments. Today, we’re thrilled to introduce a new feature of Snyk Cloud that enables you to "fix cloud issues in IaC" (infrastructure as code), making Snyk Cloud the first solution to secure the cloud through code with remediation paths in IaC.
As a leader in applying AI to developer security, Snyk’s approach is unique. Today, we want to provide a glimpse at how Snyk currently uses AI and data science, as well as a sneak peek at what’s to come. Before diving in, we want to highlight two aspects of Snyk’s use of AI to set the stage.
One of the exciting new features discussed at SnykLaunch today was Custom Base Image Recommendations (CBIR). In open beta since late 2022, CBIR is already being used by several organizations. We've been expanding the feature set as we approach general availability to include more flexibility and to incorporate hands-off automation capabilities, allowing users to leverage CBIR in their CI/CD pipelines.
This month, we hosted our most recent SnykLaunch to announce the latest and greatest in Snyk solutions. As with all of our releases, we continue to focus on adapting security to what we see in modern-day development practices. Compared to only a few years ago, more independent development teams are working faster, along with a far more complex software supply chain, including cloud as part of the code. Because development practices look so different today, security teams often struggle to keep up.
We are thrilled to announce that Snyk has achieved Red Hat Vulnerability Scanner Certification, making it one of the few security platforms to receive this certification from Red Hat. This achievement demonstrates Snyk’s ongoing commitment to providing our customers with the highest level of security assurance for their applications.
