DEVOPSdigest

Snyk announced it will protect and secure the development of applications and containers using open source and running on Microsoft Azure.

Snyk is announcing its native integrations with Azure providing security throughout the software development life cycle (SDLC), enabling customers to secure their payloads and adopt open source and cloud more quickly and safely. Through this integration, Snyk simplifies and secures cloud migration for Azure customers, empowering developers to prevent vulnerabilities from being deployed and quickly closing new threat exposure by automating remediation.

"Cloud migration is a challenging endeavor, and you need tools that help you to empower developers to implement it securely," says Guy Podjarny, CEO, Snyk. "Azure offers a broad and powerful platform for dev teams, and we are excited to partner with Microsoft to help developers implement security early, with an approach that is tightly integrated into their existing Azure workflows. By enabling developers to take ownership of securing their applications, Azure customers can truly achieve security at scale."

Snyk's developer-first solution offers tightly integrated vulnerability management and remediation across the Azure SDLC - from code release to runtime. The Snyk integration enables DevSecOps, empowering developers to continue to release fast, while ensuring the security of their projects and assuring overall control and governance.

"As companies of all sizes continue to migrate to the cloud, with applications heavily powered by open source, Azure is providing the best environment for an easy and secure migration," said Eduardo Laureano, Principal PM Manager at Azure Functions, Microsoft. "By partnering with Snyk to secure the software development life cycle on Azure, we're giving customers the confidence to extend their use of open source technologies, such as Azure Functions, and accelerate their journeys towards digital transformation."

Automated Vulnerability Testing and Fixing:

- Azure DevOps: Putting security ownership in the hands of developers - Snyk's native integration with Azure Repos and Azure Pipelines will allow organisations to empower their developers to take control of security - from commit time through CI/CD. It allows companies to realize a true 'shift-left' trajectory, enabling developers to find and fix vulnerabilities during development when it is much less costly than when applications are deployed in production.

- Container Security: Azure Container Registry - For organizations adopting containerized applications, Snyk's integration with Azure Container Registry scans all container images for vulnerabilities and provides actionable advice to eliminate the identified vulnerabilities. Snyk then provides direction to rebuild an image or to switch to a more secure base image. Additionally, the build process of new container images is prevented if they contain vulnerabilities that do not meet the configured policy.

- Continuous Monitoring: Azure Functions - In serverless environments, Snyk gives development and operations teams a detailed view of the security posture of the entire portfolio running functions. It enables Azure users to ensure that newly discovered vulnerabilities are acknowledged and remediated, and the team is empowered to gate the deployment to make sure no new vulnerabilities are introduced to the environment.