Snyk slips into Azure for open source vulnerability spotting

Azure Container Service Retiring

Synk has tightened its integration with Azure, offering vulnerability scanning through the open source development workflow on the Microsoft cloud platform

Snyk COO Geva Solomonovich said Snyk was integrating into Azure Repos, through Azure Pipelines, into the Azure Container Registry and into Azure Functions.

So, for example, Snyk will scan and monitor Azure repos for vulnerabilities, and scan pull requests to ensure new vulnerabilities are not introduced.

Similarly, in Azure Pipelines and the Azure Container Registry, Snyk will scan dependencies for open source vulnerabilities, and can be used to prevent vulnerabilities entering the pipeline.

Advertisement

The integration extends into Azure Functions, with Snyk scanning applications for vulnerabilities, and altering when vulns are detected in running applications.

Solomonovich said this was the first time Snyk had integrated to this degree with a particular cloud vendor’s whole stack.

Microsoft’s “richer pedigree of being partner oriented” had helped smoothed the integration process, he said. “What’s been unique with Microsoft – they know how to engage with partners so much better than others.”

“We’ve levelled up our .NET support across our tooling and across our security team,” he continued, and the vendor aimed to build the most comprehensive vulnerability database out there for .NET. He added this had been in process before the integration happened.

As for traditional security vendors, Solomonovich said Snyk partnered with some of them on container scanning. He said the key difference was that traditional vendors saw the container as an evolution of an endpoint, while “we look at containers as the evolution of an application.”

Traditional security teams risked being side-lined as organisations moved to both the cloud, and modern software development and deployment models, Solomonovich said. At the same time, software developers didn’t have the time to keep fully up to speed with vulnerability reports, and patching requirements. Even if they actually had the inclination.

Snyk was aiming to remove this friction, by giving developers tools they want to use in their day to day work, while giving the controls and governance to the security team.

- Advertisement -