Snyk Enhances Platform
October 09, 2024

Snyk announced advancements to its platform to elevate risk-based application security through developer-first, AI-driven solutions.

Snyk’s enhancements streamline both the prioritization and remediation of code-based security issues, enable further secure adoption of Generative AI (GenAI) code generation and provide organizations with a more comprehensive understanding of their overall security posture and security operations. Developers can now resolve critical security issues faster, while security teams gain deeper insights into potential risks, making the entire development process more secure and efficient.

"At Snyk, we believe that the future of development will put greater emphasis on building code securely and efficiently,” said Manoj Nair, Chief Product Officer, Snyk. “With our enhanced AI-driven tools, we’ve emerged as a true market leader in our ability to empower developers and security teams to collaborate seamlessly, transforming how they identify and mitigate risks in real time. This SnykLaunch represents a pivotal step in our commitment to redefining DevSecOps, enabling organizations to innovate faster while maintaining the highest security standards.”

Snyk’s new AI-powered enhancements aim to help organizations reduce risk while maximizing developer productivity by providing better detection, prioritization and faster remediation.

Now, Snyk Code has DeepCode AI Fix merged directly into the integrated developer environment (IDE), allowing developers to address insecure code as quickly as it's written, whether by hand or by third-party genAI coding assistants. DeepCode AI Fix is fine-tuned for security use cases and source code, ensuring that it inserts fixes in the best part of the source code to minimize the chance of breakage. DeepCode AI Fix offers a key market differentiation with verified fix recommendations, enabling rapid fixes in just two clicks, and the use of self-hosted LLMs instead of third-party AI platforms, a benefit that enhances the security and accuracy of the customers' code by not sending it to third party AI services. The industry-leading speed of the engine that powers Snyk Code allows Snyk to ensure that no new security vulnerabilities or added latency will be introduced by DeepCode AI Fix. These features empower developers to tackle security concerns more efficiently, fostering a more secure development environment and creating more impactful work.

Snyk has broadened its reporting and analytics functionality with the launch of Snyk Analytics, providing security leaders and practitioners with the data analysis tools and framework to effectively measure the health of their application security program across their entire organization. Snyk Analytics now features dashboards specific to both issue analytics and application analytics, with new reports tied to developer shift-left behavior, SLA management and featured zero-days. It also offers a new extensibility option via an integration with Snowflake AI Data Cloud. These improvements allow application security leaders to gain a quick understanding of where they have coverage gaps, how they can better manage exposure to risk, where remediation efforts can improve and what steps they can take to prevent risk in the future.

The recent Snyk Analytics for Snowflake Integration further enhances these capabilities by enabling organizations to access their Snyk developer security data alongside other security data sources in their own Snowflake data environment. This allows AppSec leaders to combine holistic application risk visibility with more context around their entire risk landscape, resulting in better informed decision making to improve their security posture and developer productivity.

DeepCode AI is the foundation of Snyk’s AI-powered reachability, which pinpoints the most critical risks and prioritizes issues that directly affect how an application runs. Snyk continues to advance the state of the art in managing application security risk, incorporating DeepCode AI-powered reachability analysis and several other new risk factors in the Snyk Risk Score. DeepCode AI-powered reachability analysis detects vulnerable functions in open source packages that can be reached via the application's code, even for transitive packages. Testing shows this feature has increased reachability coverage from 60% to 90% for high and critical vulnerabilities within JavaScript and Python and is one of many risk factors that make up Snyk’s Risk Score to strip out noise and focus remediation efforts on true risks to the business. Combining reachability with existing risk factors like EPSS ratings, package popularity and several others makes it simple to determine which issues pose the greatest risk.

On top of the issue-level risk factors, Snyk has expanded the ecosystem of partners and integrations that deliver a 360° view of application risk that adds contextual factors such as an application’s architecture, business criticality and runtime state enabling teams to manage security risks more effectively than ever before. Integrations with key platforms across Source Code Management (SCM) systems, Internal Developer Platforms (IDPs) and Service Catalogs, Observability Tools and Cloud and Runtime Security provide a full-spectrum view to detect and manage vulnerabilities in line with business objectives and application performance. These two updates ensure that organizations can focus their remediation efforts on the most significant security issues, improving both efficiency and the overall risk management process.

Pull request workflows, the process of reviewing code in collaborative software development, are a strategic enforcement point and opportunity for AppSec teams to find and remediate security concerns earlier in development. Snyk’s enhancements to the pull request experience save time and reduce context switching for developers, providing them with information and actionability. It offers new detailed summaries of security findings, ranked by severity that populate following a scan directly in the pull request comments in the developers' source code management (SCM) tool. These notable improvements have come to life in the past year and result from Snyk’s acquisition of Reviewpad in October 2023.

Additionally, developers can now customize the title, description and commit message for pull requests initiated by Snyk, ensuring alignment with their organization’s security standards. By reducing costly context switching and streamlining the security remediation process, Snyk’s enhanced developer experience ensures that developers can maintain productivity by addressing security issues with fewer disruptions to their workflows.

Share this

Industry News

February 27, 2025

IBM has completed its acquisition of HashiCorp, whose products automate and secure the infrastructure that underpins hybrid cloud applications and generative AI.

February 27, 2025

Veeam® Software announces Veeam Kasten for Kubernetes v7.5, designed to deliver Kubernetes-native data resilience for enterprises.

February 27, 2025

DeepSource released Globstar, an open-source project bringing code security tooling to the AppSec community, with no restrictions on commercial usage.

February 26, 2025

Google Cloud announced the public preview of Gemini Code Assist for individuals, a free version of Gemini Code Assist that will give students an easy-to-use free AI coding assistant with the highest usage limits available

February 26, 2025

BrowserStack announced the launch of its comprehensive Test Platform, designed to revolutionize how engineering teams approach software testing in an AI-driven world.

February 26, 2025

Snyk announced the launch of the Snyk Secure Developer Program, a new initiative designed to empower open source software maintainers with developer-friendly security solutions.

February 25, 2025

Red Hat announced the general availability of Red Hat OpenShift 4.18, the latest version of the hybrid cloud application platform powered by Kubernetes.

February 25, 2025

Akamai Technologies announced a Managed Container Service designed for companies that want to deliver better experiences by running workloads closer to users, devices, and sources of data.

February 24, 2025

Couchbase announced that its Capella AI Model Services have integrated NVIDIA NIM microservices, part of the NVIDIA AI Enterprise software platform, to streamline deployment of AI-powered applications, providing enterprises a powerful solution for privately running generative (GenAI) models.

February 20, 2025

GitLab announced the general availability of GitLab Duo Self-Hosted.

February 20, 2025

Tigera announced the introduction of several new innovations to Calico, including a new Ingress Gateway capability for Calico Cloud and Calico Enterprise, and the launch of Calico Dashboards.

February 20, 2025

Copado introduced three AI-powered DevOps apps for Slack.

February 20, 2025

Gearset announced that it now supports Salesforce's Agentforce.

February 19, 2025

Sonar announced the acquisition of AutoCodeRover, an autonomous AI agent platform for software development.

February 19, 2025

Faros AI announced a collaboration with Microsoft to deliver its AI-powered platform for optimizing engineering workflows on Azure.