Introducing new Snyk AppRisk integrations: Enhancing application risk management with development context
Daniel Berman
August 1, 2024
0 mins readIn the fast-paced world of modern software development, grasping the full scope of an application is essential for managing an application security program. This entails having visibility into all the application assets involved in building the app, knowing their ownership, and understanding their importance to the development process and the broader business.
That is why we are thrilled to expand Snyk AppRisk integrations with additional leading Internal Developer Portals (IDPs) and service catalogs: ServiceNow CMDB, Atlassian Compass, OpsLevel, Harness, and Datadog Service Catalog! Adding to the existing integration with Backstage, these new integrations bring a unique and vital development context, significantly enhancing asset discovery, visibility, and management of your shift left program with Snyk.
The rise of IDPs and service catalogs
Internal Developer Portals (IDPs) and service catalogs are tools designed to streamline and enhance the development process within organizations. IDPs serve as centralized hubs where developers can access all the tools, services, and documentation they need, promoting self-service and reducing dependencies on other teams. Service catalogs provide a structured inventory of all microservices and components within an organization, detailing their functionalities, ownership, and dependencies.
These tools are becoming increasingly popular due to the rise of microservices architectures and the need for greater agility and efficiency in software development. By providing clear visibility and easy access to resources, IDPs and service catalogs are gaining significant traction among platform, DevOps, and development teams. These teams rely on both IDPs and service catalogs to streamline workflows, drive collaboration, and enhance productivity across the development lifecycle, ultimately leading to faster delivery of high-quality software.
Consequently, these tools act as a single source of truth about apps and the development environment which makes them valuable to managing application risk management.
Using development context for application security
As mentioned above, to effectively manage an application security program and reduce application risk, it's crucial to first have a thorough understanding of the application assets being developed within your organization.
But with software development becoming more complex, gaining this understanding is not an easy feat, especially for larger organizations with an extensive software footprint and large development teams. Even if you succeed in accurately inventorying your apps, you must still link these assets to the teams responsible for their development and determine their significance to the business. As a workaround, some security teams are dedicating time and resources to manually catalog their apps and tag relevant organizational contexts to enhance their visibility.
Snyk now provides this visibility out of the box. Using Snyk’s integrations with IDPs and service catalogs, Snyk customers can automate the process of gathering critical context, such as an asset’s type, code ownership, and lifecycle stage, to enhance their understanding of their apps and improve collaboration between all the teams involved in building, deploying and securing them.
ATLASSIAN
“At the heart of Compass is a powerful catalog that enables software teams to track and find all the details about the services and systems they own and interact with. Bringing this rich context into Snyk AppRisk gives customers the details that matter for holistically understanding and improving application security and health across the entire organization. Built for developers, Compass and Snyk together enable teams to get the right context and focus on the fix.”
Josh Campbell, Senior Product Manager, Atlassian
HARNESS
“We are excited to offer Harness customers who use our IDP the ability to significantly enhance their security posture and risk management with Snyk AppRisk. With both the UI integration and AppRisk Catalog integration, our customers can develop securely, manage their assets, and create policies to improve their shift left program with Snyk.”
Himanshu Mishra, Staff Product Manager, Harness
Setting up development context integrations
Pulling in development context from your IDP or service catalogs is a straightforward process that involves a few simple steps.
In the Snyk UI, open the group-level Integrations page.
Select App Context to filter the available integrations, and click the integration you wish to set up.
Follow the instructions. Typically, you will be required to enter credentials for accessing the tool in question.
Once completed, the status of the integration is changed to Connected, and data will be correlated with the Asset Inventory.
For detailed instructions on setting up the different integrations, please refer to our online documentation.
Elevate your risk management game
In the evolving landscape of software development, having a deep understanding of your applications and their contexts is more important than ever. These integrations represent a significant leap forward in helping security teams understand and manage their application security posture.
By bringing together Snyk’s asset discovery, coverage management, and prioritization capabilities with the development context from Backstage, OpsLevel, Atlassian Compass, ServiceNow CMDB, and Harness, we are empowering these teams to:
Gain a deeper view of their organization’s application assets, services, and dependencies.
See the full context of each asset, including business importance, ownership, and deployment details.
Ensure that security measures are comprehensive and aligned with the business’s priorities.
We are excited to continue working with our partners on enhancing your security processes and elevate your security posture. Stay tuned for more updates, and as always, happy secure development!
These new integrations are available for Snyk Enterprise plan customers. To get started setting up these integrations, visit our online product documentation.