LONDON and BOSTON, April 3, 2019 /PRNewswire/ -- Snyk, the fastest-growing solution for automatically finding and fixing vulnerabilities in open source libraries now offers end-to-end open source security for developers using Bitbucket. Already integrated within Bitbucket Server, Snyk provides native testing and fixing of open source dependencies for Bitbucket Cloud, and now offers a Snyk Pipe that developers can use to automate their workflow through Bitbucket Pipelines.
With vulnerabilities in open source libraries doubling in the last two years, according to a recent report published by Snyk, a major priority for developers is to identify and remediate vulnerabilities throughout the workflow, without slowing down development. Now, providing a comprehensive security interface to the different Bitbucket solutions across the development process, Snyk enables developers to secure their dependencies automatically and from within their development platforms.
With the latest additions of Snyk Pipe, plus the support for Bitbucket Cloud, Snyk secures the entire developer workflow:
- Snyk's integration with Bitbucket Server and Cloud detects existing vulnerabilities in the Bitbucket code repository, by scanning repositories daily to test for newly disclosed vulnerabilities. When vulnerabilities are found, Snyk automatically populates a fix pull request with the required upgrades or patches, all from within Bitbucket workflow. Through this integration, Snyk ensures developers' pull requests do not introduce new open source vulnerabilities.
- Once added to the Bitbucket Pipeline workflow, the Snyk Pipe scans your dependencies for open source vulnerabilities as part of the CI/CD workflow. If vulnerabilities are found, the Snyk pipe gates the process according to the configuration set by the user—for example preventing high severity vulnerabilities from going through the build.
- Continuous Monitoring & Alerts: Snyk saves a snapshot of the dependencies of the deployed application, monitors it and sends notifications for new issues.
- Jira Integration: Throughout the workflow, Snyk enables developers to open Jira tickets when vulnerabilities are identified and build custom security workflows to manage and track them.
Guy Podjarny, CEO, Snyk said: "Our mission is to make open source security easy and thus help developers take ownership of securing their projects without slowing down. I'm excited to partner with Atlassian and deliver such a seamless and automated integration across this platform's powerful workflows, helping Bitbucket developers everywhere use open source and stay secure."
Snyk will be participating in the upcoming Atlassian Summit (April 9-11 in Las Vegas) and showcasing its full solution for Bitbucket. If you are a Bitbucket user or an Atlassian partner, stop by Booth 102 or book a meeting here.
For images please click here.
Snyk is a developer-first security solution that helps organizations use open source and stay secure. Snyk is the only solution that seamlessly and proactively finds and fixes vulnerabilities and license violations in open source dependencies and Docker images. The Snyk solution integrates its comprehensive proprietary vulnerability database maintained by its expert security research team in Israel and London. With tight integration into existing developer workflows, source control (including GitHub, Bitbucket, GitLab), and CI/CD pipelines, Snyk enables efficient security workflows and reduces mean-time-to-fix.