We use cookies to ensure you get the best experience on our website.Read moreRead moreGot it

close
  • Products
    • Products
      • Snyk Code (SAST)
        Secure your code as it’s written
      • Snyk Open Source (SCA)
        Avoid vulnerable dependencies
      • Snyk Container
        Keep your base images secure
      • Snyk Infrastructure as Code
        Develop secure cloud infrastructure
      • Snyk Cloud
        Keep your cloud environment secure
    • Solutions
      • Application security
        Build secure, stay secure
      • Software supply chain security
        Mitigate supply chain risk
      • Cloud security
        Build and operate securely
    • Platform
      • What is Snyk?
        Developer-first security in action
      • Developer security platform
        Modern security in a single platform
      • Security intelligence
        Comprehensive vulnerability data
      • License compliance management
        Manage open source usage
      • Snyk Learn
        Self-service security education
  • Resources
    • Using Snyk
      • Documentation
      • Vulnerability intelligence
      • Product training
      • Support & services
      • Support portal & FAQ’s
      • User hub
    • learn & connect
      • Blog
      • Community
      • Events & webinars
      • DevSecOps hub
      • Developer & security resources
    • Listen to the Cloud Security Podcast, powered by Snyk
  • Company
    • About Snyk
    • Customers
    • Partners
    • Newsroom
    • Snyk Impact
    • Contact us
    • Jobs at Snyk We are hiring
  • Pricing
Log inBook a demoSign up
All articles
  • Application Security
  • Cloud Native Security
  • DevSecOps
  • Engineering
  • Partners
  • Snyk Team
  • Show more
    • Vulnerabilities
    • Product
    • Ecosystems
Cloud Native SecurityDevSecOpsProduct

Snyk transformed cloud security in 2022 with developer-first solution

Lauren PlaceJanuary 11, 2023

2022 was a pivotal year for cloud security at Snyk.

At Snyk, we’re best known for pioneering developer-first application security, empowering developers to find and fix vulnerabilities in their code early in the development lifecycle. We revolutionized the AppSec market by breaking down silos of tools, people, and processes between security and development teams by enabling security checks to happen from the moment code is written, versus the “deploy, detect, and respond” model used by many security tools. 

And we realized that painful paradigm still exists for cloud security. The current generation of cloud security tools caters to IT security teams and still follows the same “deploy, detect, then respond” model to be used with IT-owned workloads and infrastructure. Silos exist between infrastructure as code (IaC), application, and cloud security tools. Fixes are often slow and frustrations run high because these cloud security tools catch issues too late in the infrastructure lifecycle and lack the ability to trace the cloud issues back to code (IaC).

Here at Snyk, we believe most modern, custom-developed apps should treat the cloud as code that controls the platform services integrated into those apps, so a developer-led security motion is best. This means securing programmable infrastructure (IaC and containers) pre-production and empowering developers to drive fixes at scale by enabling cloud fixes to be done in IaC —all with context from deployed cloud environments

In 2022, we completed our acquisition of Fugue and leveraged our new team members and technology to build the newest addition to the Snyk platform: Snyk Cloud, the industry’s first developer-first cloud security solution. Snyk Cloud takes a developer-first, application-centric approach to finding and fixing vulnerabilities in cloud infrastructure from the time infrastructure is defined in code, through to when resources are running in the cloud. Let’s dive into a recap of the exciting releases we’ve had over the past year…

Securing cloud infrastructure from the source

Empowering developers to proactively secure the cloud through code (IaC) is a key component of Snyk’s cloud security vision. And to accomplish this we needed to secure IaC from the start from the moment code is first written — the IDE. 

In 2022, we introduced support for IaC security checks in our Snyk VS Code extension, Jetbrains, and Eclipse plugins, allowing developers to get fast, free, and actionable feedback for securing their code, open source dependencies, and IaC configurations from directly within their IDE of choice. Snyk IDE extensions support all Snyk IaC formats including Terraform, CloudFormation, ARM templates, and Kubernetes.

Also along the lines of our mission to help developers secure infrastructure earlier in the SDLC, we introduced our introduced our Terraform Cloud and Enterprise integration, enabling users to automate IaC security checks and enforcements with Terraform run tasks. 

A deployment is scanned against Snyk’s predefined security and compliance rulesets in Terraform Cloud.

Unifying security across the SDLC, from code to cloud

Up until now, many organizations have had separate tools and processes around securing the cloud, applications and IaC. This creates challenges for developers and security teams, with conflicting results, required rework in managing them, and the lack of a single, consistent view of security posture across the software development lifecycle (SDLC). 

Snyk Cloud is powered by a unified policy engine for all Snyk IaC and Cloud workflows, so security engineers can apply Snyk security rules once, and enforce them everywhere. Snyk’s unified policy engine is built on Open Policy Agent (OPA), with consistent checks of IaC and cloud configurations at every stage of testing whether it’s in local development in the CLI/ IDE, automated scanning of Git repositories, testing, and gating in the CI/CD, or checks in your running cloud environments. For cloud environments, Snyk provides a quick and easy agentless onboarding with AWS and Google Cloud environments supported in the UI and API, and Azure support coming soon in the new year!

Unified security standards and interface for Snyk IaC and Cloud issues

Snyk Cloud also has unified, consistent interfaces for viewing issues, resources, and environments. Additional drill-down filters can help prioritize remediations and development efforts on the most critical issues whether it’s filtering for a specific production environment or showing only critical and high severity issues. 

Overview, Resource, and IaC tabs in Cloud issues

Bringing cloud back to code, providing context for developers

Visibility into the cloud is one important aspect of cloud security, but in the end, you are only as secure as the fixes you’ve made in code. So in 2022, we focused our efforts on bringing cloud context back to code, helping to contextualize and prioritize cloud issues for developers.

In May of 2022, we announced drift detection capabilities for Snyk IaC, enabling developers to identify configuration drift in their cloud environments. Leveraging the CLI, Snyk IaC uses read-only permissions to compare what’s defined in IaC to resource configurations in the cloud. Snyk reports on:

  • Configuration drift: Cloud resources that were originally configured and deployed via IaC but have now deviated from their intended state (e.g. a bad actor or someone with access to change things directly)
  • Unmanaged resources: Cloud resources that are not defined in code and therefore are not subject to the same level of security feedback during the development process.
  • % of IaC coverage in your cloud environment: Total percentage of resources that are managed (and therefore held to security and compliance standards) by IaC
A drift report of configuration drift and unmanaged resources

Traditional SAST and static analysis tools for IaC raise a large number of false positives, creating alert fatigue for security and platform development teams alike. In November of 2022 with the launch of Snyk Cloud we also released cloud context for IaC issues to reduce false positives in IaC issues

Snyk Cloud takes into account your cloud account settings and auto-supresses IaC issues that are mitigated by those settings

By connecting the cloud to code, Snyk Cloud’s unified policy engine will recognize and auto-suppress IaC misconfigurations that are already mitigated by cloud account settings. For example, if an issue is raised for a “publicly accessible S3 bucket”, but the AWS cloud account it is deployed to has restricted public access in its settings. Snyk will recognize this cloud context and auto-suppress the IaC issue so a false positive is not raised.

Looking forward to 2023

This year has been a monumental one as we continue delivering on our vision for a developer-led cloud security motion, and we’ve had a resounding amount of support and positive feedback from customers such as Tealium and Global Giving. The Snyk Platform in the future will combine full visibility of applications, infrastructure, and the running cloud throughout the SDLC— giving users one platform to identify areas of highest risk in the cloud to a vulnerability and deliver the fix in code to the right development team to make it go away.

For Snyk Cloud In the first half of 2023, we plan on enhancing our capabilities to tie back cloud issues to the code assets that created them, enabling cloud security fixes directly in IaC, and enhanced drift detection reporting. 

We will continue to build security and compliance posture views and reports to support security teams, as well as the ability to enforce security policies across the SDLC with custom rules.

For infrastructure as code specifically, we’ll continue strengthening our ruleset and engine’s filtering capabilities with greater support for Terraform workflows, new IaC formats supported, and cloud context-aware issues to minimize false positives and focus development times on just the critical alerts. 

Thank you for your interest in Snyk, we hope you have a happy new year!

Developer-first cloud security in action

Learn about Snyk's cloud security solution with a live, expert demo.

Schedule a demo

Discuss this blog on Discord

Join the DevSecOps Community on Discord to discuss this topic and more with other security-focused practitioners.

GO TO DISCORD
Footer Wave Top
Patch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo Segment
Develop Fast.
Stay Secure.
Snyk|Open Source Security Platform
Sign up for freeBook a demo

Product

  • Developers & DevOps
  • Vulnerability database
  • API status
  • Pricing
  • IDE plugins
  • What is Snyk?

Resources

  • Snyk Learn
  • Blog
  • Security fundamentals
  • Resources for security leaders
  • Documentation
  • Snyk API
  • Disclosed vulnerabilities
  • Open Source Advisor
  • FAQs
  • Website scanner
  • Code snippets
  • Japanese site
  • Audit services
  • Web stories

Company

  • About
  • Snyk Impact
  • Customers
  • Jobs at Snyk
  • Snyk for government
  • Legal terms
  • Privacy
  • Press kit
  • Events
  • Security and trust
  • Do not sell my personal information

Connect

  • Book a demo
  • Contact us
  • Support
  • Report a new vuln

Security

  • JavaScript Security
  • Container Security
  • Kubernetes Security
  • Application Security
  • Open Source Security
  • Cloud Security
  • Secure SDLC
  • Cloud Native Security
  • Secure coding
  • Python Code Examples
  • JavaScript Code Examples
  • Code Checker
  • Python Code Checker
  • JavaScript Code Checker
Snyk|Open Source Security Platform

Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.

Resources

  • Snyk Learn
  • Blog
  • Security fundamentals
  • Resources for security leaders
  • Documentation
  • Snyk API
  • Disclosed vulnerabilities
  • Open Source Advisor
  • FAQs
  • Website scanner
  • Code snippets
  • Japanese site
  • Audit services
  • Web stories

Track our development

© 2023 Snyk Limited
Registered in England and Wales
Company number: 09677925
Registered address: Highlands House, Basingstoke Road, Spencers Wood, Reading, Berkshire, RG7 1NT.
Footer Wave Bottom