Snyk, provider of a security platform, has used its snykcon, which is currently in session, to announce a number of innovations. The main focus here is on expanding our own cloud platform to include a SAST (Static Application Security Testing) offer and partnerships with Docker, IBM and Datadog.

Fast Static Application Security Testing The SAST offer is called Snyk Code. With the addition of this feature, the cloud platform now offers security visibility and remediation functions for critical application components, including application code, deployed open source libraries, container infrastructure, and infrastructure as code.

Snyk Code gives developers automated and real-time insights into problems and weaknesses within the code and combines these with findings from other Snyk security offers. The manufacturer particularly emphasizes the speed here, since with many SAST tools it often takes hours or days to complete a vulnerability scan, it delivers high false positive rates and it takes in-depth security knowledge to fix the problems

The tool probably automatically models APIs on the basis of the established procedures of the platform and is designed in such a way that it can be integrated into CI / CD platforms (Continuous Integration / Continuous Delivery) in order to Grant DevSecOps workflows. For more information, see the accompanying notice.

Partnerships with Docker, IBM and Datadog Another message is the expansion of the partnership with Docker. Here Snyk is now the exclusive provider of security information for Docker Official Images, which probably make up 25 percent of all Docker Hub images, and other future certification programs. Snyk Search, recently integrated into Docker Desktop and Docker Hub, enables developers to assess vulnerabilities at every step of the container development and deployment process. The integration of Snyk into the “Docker Official Images” program can be expected this year. There is also more information on this in an announcement by the company.

Another partnership, with IBM, means that the Snyk Intel vulnerability database is integrated into the security functions of Big Blue’s public cloud is integrated. The database is continuously curated by a Snyk research team so that teams can work efficiently in containing open source security issues while focusing primarily on development. Access to the vulnerability data analysis will probably be designed in such a way that IBM Cloud users can identify open source and container vulnerabilities before the runtime. More on this in the corresponding message.

Another integration is with the cloud monitoring provider Datadog. The aim is to help developers identify and prioritize security gaps in their workloads with live traffic. This offer is also primarily aimed at customers of the Snyk partner.

SAST benefits from KI Even more It’s not so long ago that Snyk took over the operator of an AI-supported real-time code analysis with DeepCode. D