Skip to main content

Snyk Container certified “VMware PKS Partner Ready” to find and fix vulnerabilities in container workloads

Written by:
wordpress-sync/blog-pks-certified-feature

April 17, 2020

0 mins read

We are excited to share that Snyk Container is now certified for use with VMware PKS and is available on the VMware Marketplace. Snyk’s Kubernetes monitor, part of the Snyk Container product, integrates with your VMware Enterprise PKS clusters, enabling you to monitor for newly deployed or updated workloads and identify vulnerabilities in their associated container images and configurations that might make those workloads less secure.

wordpress-sync/blog-snyk-container-vmware-integrates

Detect issues in containers in development and production

As workloads are deployed or changed within your PKS clusters, Snyk detects and tests the underlying container images for vulnerabilities, plus provides information on the running pod configuration issues that might make those workloads less secure. Snyk provides ongoing protection after workloads are scanned, so you always have up-to-date vulnerability details on your production applications. What’s more, the pod configuration details help to prioritize where you should focus your fix efforts. Snyk Container’s integration with PKS clusters makes these reports clear, as shown in the example below.

wordpress-sync/blog-detect-issues-containers-snyk

Prior to deployment in your PKS clusters, Snyk Container can be used to scan container images at multiple additional points, including the developers’ desktops, in your CI/CD pipelines, and in container registries, as shown in the diagram below.

wordpress-sync/blog-snyk-container-in-multiple-points-vmware

Developer-friendly fix guidance for container vulnerabilities

Snyk’s developer-focused approach is designed to go beyond just providing vulnerability reports to make it easier for developers to address security issues. Snyk detects vulnerabilities and provides immediately usable guidance for developers to fix container issues. Starting with the container base image, where Snyk displays recommendations for base image upgrades:

wordpress-sync/blog-snyk-developer-container-vulnerabilities

Snyk also provides the layer and dependency details and Dockerfile context for user layers in container images, to help you quickly understand where you might be introducing vulnerable components to your images:

wordpress-sync/blog-snyk-dependency-details-dockerfile-context

Address vulnerabilities in open source dependencies with automated remediation

Last but certainly not least, the most important bits running in your containers is your application code, which is likely to be increasingly reliant on open source components. Snyk also helps you quickly find security issues in your open source dependencies and can automate remediation using integration directly with your source code repositories.

wordpress-sync/blog-snyk-find-fix-security-issues-open-source

Getting started with Snyk in PKS

All of these features are available now for VMware PKS customers!

  1. If you don’t already have a Snyk account, it’s free to sign up and use Snyk to scan both container images and open source dependencies.

  2. You can find instructions and details on integrating Snyk with your PKS clusters on the VMware Marketplace.

  3. Want to see a demo or ask questions? We’d love to hear from you.

Stay secure!

wordpress-sync/blog-pks-certified-feature

How to Build a Security Champions Program

Snyk interviewed 20+ security leaders who have successfully and unsuccessfully built security champions programs. Check out this playbook to learn how to run an effective developer-focused security champions program.