DEVOPSdigest

Datadog announced the Datadog Vulnerability Analysis GitHub Action.

GitHub Actions provide powerful, flexible CI/CD with the ability to automate any software development workflow. The Datadog action continuously monitors dependency and version information of code being deployed. By integrating this data with Datadog’s Continuous Profiler and Snyk’s Vulnerability database, this provides a real-time view of what code is actually accessible and vulnerable in production.

Scanning applications for known vulnerabilities often yields a long list of issues that are difficult to prioritize and subsequently fix. With the data collected by the new action, vulnerability analysis will be performed by the Datadog Continuous Profiler based on Snyk vulnerability metadata. This allows engineering teams to immediately detect when and how often vulnerable methods are invoked in live environments and prioritize their security fixes based on real-world application behavior. The Datadog Vulnerability Analysis GitHub Action can be found and installed directly from the GitHub Marketplace without needing to manage scripts or infrastructure.

“Maintaining strong security posture is critical for modern applications, but with traditional vulnerability analysis it can be difficult to distinguish the signal from the noise,” said Ilan Rabinovitch, VP, Product and Community at Datadog. “Integrating the Continuous Profiler with the vulnerability database highlights meaningful security vulnerabilities, while utilizing the GitHub Action automates this process by bringing security directly into application development.”

“We’re moving towards a world where security, testing, and even responsibility for production operations are shifting left towards the developer,” said Jeremy Epling, VP, Product Management at GitHub. “Partnering with full-stack monitoring leaders like Datadog makes it easy for developers and DevOps teams to incorporate critical operations tooling as part of their everyday work environment, so teams can focus on delivering value, at greater velocity."

“By combining Snyk-enriched vulnerability metadata with the Datadog Continuous Profiler, for the first time developers can precisely pinpoint when an application actually calls vulnerable code, to better prioritize remediation efforts,” said Geva Solomonovich, CTO Global Alliances, Snyk. “Our partnership with Datadog will allow developers to deploy their security resources with greater efficiency.”