DEVOPSdigest

Snyk announced advancements to its platform to elevate risk-based application security through developer-first, AI-driven solutions.

Snyk’s enhancements streamline both the prioritization and remediation of code-based security issues, enable further secure adoption of Generative AI (GenAI) code generation and provide organizations with a more comprehensive understanding of their overall security posture and security operations. Developers can now resolve critical security issues faster, while security teams gain deeper insights into potential risks, making the entire development process more secure and efficient.

"At Snyk, we believe that the future of development will put greater emphasis on building code securely and efficiently,” said Manoj Nair, Chief Product Officer, Snyk. “With our enhanced AI-driven tools, we’ve emerged as a true market leader in our ability to empower developers and security teams to collaborate seamlessly, transforming how they identify and mitigate risks in real time. This SnykLaunch represents a pivotal step in our commitment to redefining DevSecOps, enabling organizations to innovate faster while maintaining the highest security standards.”

Snyk’s new AI-powered enhancements aim to help organizations reduce risk while maximizing developer productivity by providing better detection, prioritization and faster remediation.

Now, Snyk Code has DeepCode AI Fix merged directly into the integrated developer environment (IDE), allowing developers to address insecure code as quickly as it's written, whether by hand or by third-party genAI coding assistants. DeepCode AI Fix is fine-tuned for security use cases and source code, ensuring that it inserts fixes in the best part of the source code to minimize the chance of breakage. DeepCode AI Fix offers a key market differentiation with verified fix recommendations, enabling rapid fixes in just two clicks, and the use of self-hosted LLMs instead of third-party AI platforms, a benefit that enhances the security and accuracy of the customers' code by not sending it to third party AI services. The industry-leading speed of the engine that powers Snyk Code allows Snyk to ensure that no new security vulnerabilities or added latency will be introduced by DeepCode AI Fix. These features empower developers to tackle security concerns more efficiently, fostering a more secure development environment and creating more impactful work.

Snyk has broadened its reporting and analytics functionality with the launch of Snyk Analytics, providing security leaders and practitioners with the data analysis tools and framework to effectively measure the health of their application security program across their entire organization. Snyk Analytics now features dashboards specific to both issue analytics and application analytics, with new reports tied to developer shift-left behavior, SLA management and featured zero-days. It also offers a new extensibility option via an integration with Snowflake AI Data Cloud. These improvements allow application security leaders to gain a quick understanding of where they have coverage gaps, how they can better manage exposure to risk, where remediation efforts can improve and what steps they can take to prevent risk in the future.

The recent Snyk Analytics for Snowflake Integration further enhances these capabilities by enabling organizations to access their Snyk developer security data alongside other security data sources in their own Snowflake data environment. This allows AppSec leaders to combine holistic application risk visibility with more context around their entire risk landscape, resulting in better informed decision making to improve their security posture and developer productivity.

DeepCode AI is the foundation of Snyk’s AI-powered reachability, which pinpoints the most critical risks and prioritizes issues that directly affect how an application runs. Snyk continues to advance the state of the art in managing application security risk, incorporating DeepCode AI-powered reachability analysis and several other new risk factors in the Snyk Risk Score. DeepCode AI-powered reachability analysis detects vulnerable functions in open source packages that can be reached via the application's code, even for transitive packages. Testing shows this feature has increased reachability coverage from 60% to 90% for high and critical vulnerabilities within JavaScript and Python and is one of many risk factors that make up Snyk’s Risk Score to strip out noise and focus remediation efforts on true risks to the business. Combining reachability with existing risk factors like EPSS ratings, package popularity and several others makes it simple to determine which issues pose the greatest risk.

On top of the issue-level risk factors, Snyk has expanded the ecosystem of partners and integrations that deliver a 360° view of application risk that adds contextual factors such as an application’s architecture, business criticality and runtime state enabling teams to manage security risks more effectively than ever before. Integrations with key platforms across Source Code Management (SCM) systems, Internal Developer Platforms (IDPs) and Service Catalogs, Observability Tools and Cloud and Runtime Security provide a full-spectrum view to detect and manage vulnerabilities in line with business objectives and application performance. These two updates ensure that organizations can focus their remediation efforts on the most significant security issues, improving both efficiency and the overall risk management process.

Pull request workflows, the process of reviewing code in collaborative software development, are a strategic enforcement point and opportunity for AppSec teams to find and remediate security concerns earlier in development. Snyk’s enhancements to the pull request experience save time and reduce context switching for developers, providing them with information and actionability. It offers new detailed summaries of security findings, ranked by severity that populate following a scan directly in the pull request comments in the developers' source code management (SCM) tool. These notable improvements have come to life in the past year and result from Snyk’s acquisition of Reviewpad in October 2023.

Additionally, developers can now customize the title, description and commit message for pull requests initiated by Snyk, ensuring alignment with their organization’s security standards. By reducing costly context switching and streamlining the security remediation process, Snyk’s enhanced developer experience ensures that developers can maintain productivity by addressing security issues with fewer disruptions to their workflows.