We use cookies to ensure you get the best experience on our website.Read moreRead moreGot it

close
  • Products
    • Products
      • Snyk Code (SAST)
        Secure your code as it’s written
      • Snyk Open Source (SCA)
        Avoid vulnerable dependencies
      • Snyk Container
        Keep your base images secure
      • Snyk Infrastructure as Code
        Develop secure cloud infrastructure
      • Snyk Cloud
        Keep your cloud environment secure
    • Solutions
      • Application security
        Build secure, stay secure
      • Software supply chain security
        Mitigate supply chain risk
      • Cloud security
        Build and operate securely
    • Platform
      • What is Snyk?
        Developer-first security in action
      • Developer security platform
        Modern security in a single platform
      • Security intelligence
        Comprehensive vulnerability data
      • License compliance management
        Manage open source usage
      • Snyk Learn
        Self-service security education
  • Resources
    • Using Snyk
      • Documentation
      • Vulnerability intelligence
      • Product training
      • Support & services
      • Support portal & FAQ’s
      • User hub
    • learn & connect
      • Blog
      • Community
      • Events & webinars
      • DevSecOps hub
      • Developer & security resources
    • Listen to the Cloud Security Podcast, powered by Snyk
  • Company
    • About Snyk
    • Customers
    • Partners
    • Newsroom
    • Snyk Impact
    • Contact us
    • Jobs at Snyk We are hiring
  • Pricing
Log inBook a demoSign up
All articles
  • Application Security
  • Cloud Native Security
  • DevSecOps
  • Engineering
  • Partners
  • Snyk Team
  • Show more
    • Vulnerabilities
    • Product
    • Ecosystems
https://res.cloudinary.com/snyk/image/upload/v1645713086/snyk-marketingwp/snyk-default-blog-hero.jpg
Product

Introducing Snyk for Serverless

Guy PodjarnyApril 26, 2017

Today we’re excited to announce Snyk’s new solution for securing your serverless functions, designed to easily integrate and protect serverless-based applications! The initial launch features tight integration with both AWS Lambda and Heroku. We’re also working closely with Google, Red Hat and others to integrate directly with their platforms in the coming months.

Screenshot of the Snyk Integrations page where you can choose with serverless platforms to monitor

Why Is Securing Serverless Different?

Serverless (FaaS) and PaaS approaches provide a big boost for developer productivity. By moving the infrastructure concerns to teams of dedicated experts, developers are free to spend more time working on code that directly contributes to their core product. This, in turn, pushes many of the security concerns in such infrastructure to the platform, dramatically mitigating risks such as unpatched servers, compromised servers and more.

However, by crippling these attack vectors, Serverless draws attackers to the next easiest way in—vulnerable application dependencies. These open source packages, pulled from repositories such as npm, Maven, PyPI and others, are just as prevalent and just as vulnerable as the binaries we often patch. FaaS and PaaS platforms manage and secure the server dependencies, but do not manage nor secure vulnerable packages pulled in by your app.

Snyk helps address this gap, continuously monitoring your dependencies hidden inside your functions and apps for vulnerabilities (and soon license issues!).

If you’re interested in Serverless practices and tools be sure to check out the following 10 Serverless security best practices cheat sheet.

Securing your serverless applications

The new serverless support lets you monitor the code you’ve deployed to AWS Lambda or Heroku for any known vulnerable dependencies—with more platforms coming very soon. For each platform your code is deployed to, after entering the relevant API keys, you can choose the functions and applications to monitor continuously.

Snyk will then communicate directly with the platform, using its API, to determine what dependencies are currently deployed for each function or app, and then scan them against our vulnerabilities database for known vulnerabilities. You’ll be given a detailed report of all vulnerabilities as well as guidance on how to remediate them.

You’ll also be able to tell Snyk how frequently you would like to test each function for newly disclosed vulnerabilities that impact it. If one is found, you will be notified (via email and Slack) and can take action immediately.

A screenshot of the UI for setting how frequently you want your serverless application tested for security by Snyk

Isn’t monitoring source code enough?

Quite clearly, deployed code was previously source code, and so addressing vulnerable dependencies as part of your development process is an excellent way to reduce the likelihood of deploying a vulnerability in the first place. In addition, finding issues during dev makes fixing those issues far easier.

However, securing source code isn’t enough. The path from source code to deployed code isn’t always straight, making it hard to know which functions or apps are affected by a source code vulnerability. Also, deployed code always lags behind source, and often still uses old (and potentially vulnerable) dependencies long after the code being developed has updated or patched them.

Tracking vulnerabilities in deployed code is the best way to understand and manage your risk. Addressing these vulnerabilities in your development process lets you quickly fix such issues, as well as prevent them in the first place. You can now use Snyk to secure your code throughout that lifecycle, and we encourage you to do so.

More serverless platforms to come

Serverless is a big boost for developer productivity, but your approach to security must adapt to accommodate it. Now with Snyk’s support for serverless applications, it’s that much easier to stay secure. Secure your Lambda and Heroku apps today!

We’re thrilled to launch with support for both AWS Lambda and Heroku, but there is much more to come. As we mentioned earlier, we’re working very closely with Google, Red Hat and others to directly integrate with their platforms in the coming months. We want to let you monitor your deployed code wherever it may be, continuously and easily.

If you use a platform that you don’t see in the initial launch, let us know, and we will keep you up to date on our plans for it and, if you would like, include you on relevant beta programs.

Discuss this blog on Discord

Join the DevSecOps Community on Discord to discuss this topic and more with other security-focused practitioners.

GO TO DISCORD
Footer Wave Top
Patch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo Segment
Develop Fast.
Stay Secure.
Snyk|Open Source Security Platform
Sign up for freeBook a demo

Product

  • Developers & DevOps
  • Vulnerability database
  • API status
  • Pricing
  • IDE plugins
  • What is Snyk?

Resources

  • Snyk Learn
  • Blog
  • Security fundamentals
  • Resources for security leaders
  • Documentation
  • Snyk API
  • Disclosed vulnerabilities
  • Open Source Advisor
  • FAQs
  • Website scanner
  • Code snippets
  • Japanese site
  • Audit services
  • Web stories

Company

  • About
  • Snyk Impact
  • Customers
  • Jobs at Snyk
  • Snyk for government
  • Legal terms
  • Privacy
  • Press kit
  • Events
  • Security and trust
  • Do not sell my personal information

Connect

  • Book a demo
  • Contact us
  • Support
  • Report a new vuln

Security

  • JavaScript Security
  • Container Security
  • Kubernetes Security
  • Application Security
  • Open Source Security
  • Cloud Security
  • Secure SDLC
  • Cloud Native Security
  • Secure coding
  • Python Code Examples
  • JavaScript Code Examples
  • Code Checker
  • Python Code Checker
  • JavaScript Code Checker
Snyk|Open Source Security Platform

Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.

Resources

  • Snyk Learn
  • Blog
  • Security fundamentals
  • Resources for security leaders
  • Documentation
  • Snyk API
  • Disclosed vulnerabilities
  • Open Source Advisor
  • FAQs
  • Website scanner
  • Code snippets
  • Japanese site
  • Audit services
  • Web stories

Track our development

© 2023 Snyk Limited
Registered in England and Wales
Company number: 09677925
Registered address: Highlands House, Basingstoke Road, Spencers Wood, Reading, Berkshire, RG7 1NT.
Footer Wave Bottom