We use cookies to ensure you get the best experience on our website.Read moreRead moreGot it

close
  • Products
    • Products
      • Snyk Open Source (SCA)
        Avoid vulnerable dependencies
      • Snyk Code (SAST)
        Secure your code as it’s written
      • Snyk Container
        Keep your base images secure
      • Snyk Infrastructure as Code
        Fix misconfigurations in the cloud
    • Platform
      • What is Snyk?
        See Snyk’s developer-first security platform in action
      • Developer Security Platform
        Secure all the components of the modern cloud native application in a single platform
      • Security Intelligence
        Access our comprehensive vulnerability data to help your own security systems
      • License Compliance Management
        Manage open source license usage in your projects
    • Self-paced security education with Snyk Learn
  • Resources
    • Using Snyk
      • Documentation
      • Vulnerability intelligence
      • Product training
      • Customer success
      • Support portal & FAQ’s
    • learn & connect
      • Blog
      • Community
      • Events & webinars
      • DevSecOps hub
      • Developer & security resources
    • Self-paced security education with Snyk Learn
  • Company
    • About Snyk
    • Customers
    • Partners
    • Newsroom
    • Snyk Impact
    • Contact us
    • Jobs at Snyk We are hiring
  • Pricing
Log inBook a demoSign up
All articles
  • Application Security
  • Cloud Native Security
  • DevSecOps
  • Engineering
  • Partners
  • Snyk Team
  • Show more
    • Vulnerabilities
    • Product
    • Ecosystems
security incident management
Application SecurityPartners

Shifting left security incident management with the Snyk & Opsgenie integration

Jay YerasFebruary 24, 2021

We’re excited to announce a new integration with Opsgenie, making it easier to further integrate security into existing incident management and operations workflows. This integration is based on Snyk’s new custom webhooks API beta release announced last week.

We often tout the benefits of modern software development and digital transformation as cloud computing, containers, DevSecOps methodologies and other innovations transform organizations. Yet these advances also create noise that is often hard to tune out. An overflowing email inbox, reports lost in a flood of information overload, calendar creep…not to mention the list of tools that goes on and on.

The downside of traditional incident management is the lack of scalability and automation

Traditional incident management is not only too manual but it cannot scale to support distributed modern cloud infrastructure configurations.

Traditional incident management, something common to anyone in operations, involved monitoring tools and on-call alerts, systems administrators reviewing system and application logs and ultimately often pulling in the development team. Only to discover much later that the system was a victim of a denial of service attack. Yet, a postmortem would reveal the development team updated the application code and introduced a vulnerability. If everyone had only known sooner, think of the many hours everyone would have back?  

This may seem like an over-dramatized relic of the past, but if you are a digital veteran like me, you have likely experienced events like this. I will even go a step further and say that I suspect some organizations still experience this today. 

This also impacts modern developers—their job has gradually become more complex over the years. Today, highly specialized skills and diverse knowledge is required in many relevant areas. Case in point: security. This is why the Snyk Security Platform adds immense value. It offers clear and accurate insights into potential security issues in your code without requiring  becoming a security subject matter expert. Snyk seamlessly integrates into your developer workflow to provide comprehensive security coverage across the entire software development lifecycle. 

So, how do we tune out the noise and focus on security incidents and things that matter? 

The flexibility and extensibility of the Snyk platform is integral to many of our partnerships, including our increasingly deeper collaboration with Atlassian. 

Last year, we enhanced end-to-end security for Bitbucket Cloud development workflows beyond the existing integration with Bitbucket Cloud. We added support for Code Insights, an enhanced Snyk Pipe and other valuable features to bring security to the forefront of the developer workflow.

Introducing flexible security tooling that recognizes development workflows and changes with them

We are now excited to announce another milestone with Atlassian, providing incident alerts within Opsgenie and on-call management. 

Snyk recognizes that development workflows are constantly changing, which requires security tooling that is flexible enough to change with them. This new integration is a perfect example of this. It leverages the Snyk API and extensibility and our new custom webhooks to seamlessly insert Snyk’s security automation into Opsgenie workflows.  

This Atlassian article “The importance of an incident postmortem process” documents the path to better incident management with Opsgenie. When applying this process, developer teams gain “a chance to uncover vulnerabilities in your system. An opportunity to mitigate repeat incidents and decrease time to resolution. A time to bring your teams together and plan for how they can be even better next time.”  

security incident management

The reality is that it is unrealistic to expect an absolute immutable deployment that is immune to incidents. Change is inevitable. It is also a necessary part of software development. However, incidents can be mitigated by introducing security early in the process with mechanisms that support a proactive response to potential issues.

How does the Snyk integration help with security incident management? 

Snyk’s integration with Opsgenie allows you to achieve this by proactively alerting you of any changes in your source code that introduce vulnerabilities. The moment a new vulnerability is discovered, an alert is triggered and your on-call is able to respond to the issue before it becomes an incident.

security incident management with Snyk and Opsgenie integration

Opsgenie provides you with actionable and reliable alerting that is further enriched by Snyk’s integration, which includes detailed contextual information on security vulnerabilities. 

From within the Opsgenie console you can obtain details about the issue and link to the Snyk Intel Vulnerability database for fix advice.

In this new Opsgenie blog post, Kate Clavet shares how easy-to-use and comprehensive Snyk’s Custom Webhooks API is, detailing how automated security and vulnerability management will enhance the Opsgenie user experience.  

The Snyk Webhooks integration for Opsgenie allows you to be notified of Snyk system events, enabling you to build notifications and react to changes in your projects. When events are triggered, Snyk sends HTTP POST requests to Opsgenie for those events, with the information you need to get ahead of an issue before it reaches production and impacts your business.

The Opsgenie integration is available for all paid plans.

Book a demo to learn more!

Schedule a demo

Log4Shell resource center

We’ve created an extensive library of Log4Shell resources to help you understand, find and fix this Log4j vulnerability.

Browse Resources
Footer Wave Top
Patch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo Segment
Develop Fast.
Stay Secure.
Snyk|Open Source Security Platform
Sign up for freeBook a demo

Product

  • Developers & DevOps
  • Vulnerability database
  • Pricing
  • Test with GitHub
  • API status
  • IDE plugins
  • What is Snyk?

Resources

  • Snyk Learn
  • Blog
  • Security fundamentals
  • Resources for security leaders
  • Documentation
  • Snyk API
  • Disclosed vulnerabilities
  • Open Source Advisor
  • FAQs
  • Website scanner
  • Japanese site
  • Audit services
  • Web stories

Company

  • About
  • Snyk Impact
  • Customers
  • Jobs at Snyk
  • Snyk for government
  • Legal terms
  • Privacy
  • Press kit
  • Events
  • Security and trust
  • Do not sell my personal information

Connect

  • Book a demo
  • Contact us
  • Support
  • Report a new vuln

Security

  • JavaScript Security
  • Container Security
  • Kubernetes Security
  • Application Security
  • Open Source Security
  • Cloud Security
  • Secure SDLC
  • Cloud Native Security
  • Secure coding
  • Python Code Examples
  • JavaScript Code Examples
Snyk|Open Source Security Platform

Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.

Resources

  • Snyk Learn
  • Blog
  • Security fundamentals
  • Resources for security leaders
  • Documentation
  • Snyk API
  • Disclosed vulnerabilities
  • Open Source Advisor
  • FAQs
  • Website scanner
  • Japanese site
  • Audit services
  • Web stories

Track our development

© 2022 Snyk Limited
Registered in England and Wales
Company number: 09677925
Registered address: Highlands House, Basingstoke Road, Spencers Wood, Reading, Berkshire, RG7 1NT.
Footer Wave Bottom