Snyk Blog

Introducing the Snyk App for Compass: A complete view of software component risk

Written by:
LaToya Muff
LaToya Muff
blog-feature-atlassian-compass

October 5, 2023

0 mins read

The developer role is steadily expanding, now encompassing operations and security functions in addition to writing and testing code. As a result, developers now need to consult more systems and tools to gather data to do their jobs, and more than half of developers say they’re slowed down at work trying to find the information they need.1

In addition, the concept of platform engineering has taken hold to make software more secure by adding guardrails such as pre-vetted software components for developers to use. Part of that approval process must include a security screen to determine risks such as vulnerabilities. This requires maintaining a library of approved components that are regularly screened for risks. 

Your teams need access to a consolidated data repository of software components, technical architectures, and team status to work efficiently. Not only is this helpful to developers, but it’s valuable data for security operations or site reliability engineering (SRE) teams who may not have access to developer tools.

Enhance the developer experience

To improve the increasingly complex development experience, Atlassian introduced Compass as mission control for developers, including a software component catalog, health scorecards, and an extensibility engine to connect Compass with the rest of the development toolchain.

Snyk is proud to offer the first security integration for Compass. This integration was the most requested by Compass users and is available to install from within the Compass developer experience platform. The new Snyk App for Compass connects vulnerability data from Snyk Open Source, Snyk Code, Snyk Container, and Snyk Infrastructure as Code to help development, security, and SRE teams track critical and high severity vulnerabilities that put applications at risk. By integrating with the Snyk platform, Compass has access to static application security testing, software composition analysis, container security, and infrastructure as code security for a comprehensive view of risk.

Many developers consider application security an extra burden, but the Snyk App for Compass simplifies the process. Compass automatically correlates its repositories with data imported from Snyk to show relevant vulnerability counts matched with components in Compass. Vulnerabilities are plotted on the Compass activity feed to provide context, and Snyk provides metrics to Compass to identify open critical or high-severity vulnerabilities. Metrics are refreshed hourly, so you know data is current. 

Vulnerability remediation is often a challenge because it can be difficult to understand the full impact of an issue as well as who is responsible for the fix. Snyk and Compass make remediation faster and easier by showing which applications are impacted by vulnerabilities as well as the responsible owner. This allows you to improve the overall security health of your software components and, in turn, your applications by identifying and remediating issues at the component level. Enhance your DevOps practices with better visibility and security without sacrificing agility.

Make security intuitive with Snyk data in Compass health scorecards

Together, Snyk and Compass help you know your overall software component health. Snyk metrics are included in DevOps health scorecards that allow you to measure and evaluate the security and compliance of software architectures. This data is valuable not just to developers but also to your security and SRE teams, who have a vested interest in keeping applications secure and reliable. It also helps your developers build more secure applications from the start by knowing whether a chosen component contains a vulnerability.

Get started in Compass

The Snyk App for Compass gives you a complete view of your software component risk for applications that are reliable and secure without creating more work for your developers. Simply log in to Compass to install the Snyk app. All first-time app users will receive a free, 45-day Snyk trial with unlimited tests and extra features. Sign up for your free Compass account and learn more about getting started with the Snyk App for Compass here.


Source:

  1. Stack Overflow, 2023 Developer Survey, June 2023

Posted in:Application Security, ASPM
blog-feature-atlassian-compass

How to Perform an Application Security Gap Analysis

In this guide we'll walk through the steps to run a Application Security Gap Analysis for asset visibility, AppSec coverage and prioritization.

See the guide
Patch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo Segment

Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer’s toolkit.

Start freeBook a live demo

Product

What is Snyk?Snyk Code (SAST)Snyk Open Source (SCA)Snyk ContainerSnyk Infrastructure as CodeSnyk AppRisk (ASPM)Developer Security PlatformApplication securitySoftware supply chain securitySecure AI-generated code DeepCode AIPricingDeployment optionsIntegrationsIDE pluginsGit SecurityCI/CD pipelines securitySnyk CLISnyk LearnSnyk for JavaScript

Resources

DocumentationSnyk API DocsAPI statusDisclosed vulnerabilitiesSupport portal & FAQ’sBlogSecurity fundamentalsResources for security leadersResources for ethical hackersVulnerability DatabaseSnyk OSS AdvisorSnyk Top 10VideosCustomer resources

Company

AboutCustomersCareersEventsSnyk for governmentPress kitSecurity & trustLegal termsPrivacyFor California residents: Do not sell my personal informationWebsite Terms of Use

Connect

Book a live demoContact usSupportReport a new vuln

Security

Application SecurityContainer SecuritySupply Chain SecurityJavaScript SecurityOpen Source SecurityAWS SecuritySecure SDLCSecurity postureSecure codingEthical HackingAI in cybersecurityCode CheckerPythonEnterprise CybersecurityJavaScriptSnyk With GitHubSnyk vs VeracodeSnyk vs Checkmarx

© 2024 Snyk Limited
Registered in England and Wales

logo-devseccon