BOSTON, Aug. 17, 2020 /PRNewswire/ -- Snyk, the leader in developer-first security, is announcing the expansion of its growing product line to include Snyk Infrastructure as Code (Snyk IaC). With Snyk IaC, Snyk introduces another industry-first security solution designed to integrate seamlessly into the developer workflow. Expanding the existing offering of Snyk Open Source and Snyk Container, Snyk is leading the cloud native application security market in empowering developers to take on responsibility for security while allowing security teams to maintain visibility and control.
Snyk IaC enables application development teams to find and fix misconfigurations in their Kubernetes configuration and Terraform code before they result in production security problems. Moving everything to code dramatically improves speed and reliability; but most developers writing infrastructure as code struggle to create secure configurations without manual code reviews and extensive research. Lacking enough bandwidth to address all of these concerns, security is often forced to take a back seat.
The increasing demand for developers to secure their code, open source dependencies, containers and now infrastructure, combined with the long list of security best practices for each public cloud, threatens to either bring speed benefits to a grinding halt or open companies up to security risks. In fact, 85% of organizations have pushed code to production with known vulnerabilities¹, due in part to catching issues too late in the software lifecycle.
This risk is emphasized in a recent Gartner report that cites that, "By 2025, 70% of attacks against containers will be from known vulnerabilities and misconfigurations that could have been remediated."*
Snyk IaC helps developers write secure Terraform and Kubernetes configuration, embedding security expertise into every application team and eliminating error-prone manual reviews. With the addition of Snyk IaC to the Snyk portfolio, the growing number of security responsibilities that are 'shifting left' can now be handled by a single platform, enabling developers to build securely across all the code that makes up a cloud native application.
"As companies invest in digital transformation, transitioning their business to the cloud, decisions around network access, storage, and other controls are no longer centrally managed by IT and security teams. Every application team makes its own decisions and this becomes part of the development process. The same security risks are still there, but they are now magnified by the prospect of having infrastructure deployed and changing at the same pace as modern applications, " said Guy Podjarny, co-founder and President, Snyk. "It is critical to have an approach to security that acknowledges that the infrastructure has become part of the application itself. We're helping our customers to scale cloud native application security, and this now includes a developer-first, integrated approach to securing infrastructure as code, empowering developers to build securely, fix quickly and move forward in their workflow."
Snyk IaC supports developers to easily and effectively secure their infrastructure with a unique approach that includes:
Developer-first: Snyk's commitment to the developer is ingrained in the Snyk IaC design, fitting within the developer workflow and offering code fixes and guidance for application teams.
Streamlined fixes: No guesswork required; issues are highlighted directly in the configuration code and as part of the standard git workflows. Developers will be able to merge fixes and move on.
Security without complexity: The expertise of security teams can be embedded in the development process, without the expense of hiring more people. Snyk allows security and development to work together to prevent insecure Terraform and Kubernetes configurations from reaching production.
Snyk Infrastructure as Code will be available to both free users of Snyk and as a paid add-on to Snyk Open Source and Snyk Container with additional features for teams and larger organizations. To learn more about the new Snyk Infrastructure as Code, visithttps://snyk.io/product/infrastructure-as-code-security.
¹ ESG Modern Application Development Security.Dave Gruber. August 2020. *Gartner, Magic Quadrant for Application Security Testing, Mark Horvath, et. Al, 29 April 2020
Snyk is a developer-first security company that helps software-driven businesses develop fast and stay secure. Snyk is the only solution that seamlessly and proactively finds and fixes vulnerabilities and license violations in open source dependencies and container images. Snyk's solution is built on a comprehensive, proprietary vulnerability database, maintained by an expert security research team in Israel and London. With tight integration into existing developer workflows, source control (including GitHub, Bitbucket, GitLab), and CI/CD pipelines, Snyk enables efficient security workflows and reduces mean-time-to-fix. For more information or to get started with Snyk for free today, visit https://snyk.io.