Skip to main content

Snyk and Red Hat empower developers to secure OpenShift applications

Written by:
wordpress-sync/Blog-Design_Red-Hat2-1

April 28, 2020

0 mins read

We are excited to share that Snyk and Red Hat have been working together to make it easier for developers to create secure applications built on open source and run them securely on OpenShift. Snyk is now available on the Red Hat Marketplace. All solutions available through the marketplace have been tested and certified for the Red Hat OpenShift Container Platform, the industry's most comprehensive enterprise Kubernetes platform, allowing them to run anywhere OpenShift runs.

Snyk helps developers and security teams work together to find and fix vulnerabilities in open source code dependencies, containers, and Kubernetes configurations. Our strategic partnership with Red Hat on its CodeReady Dependency Analytics IDE extension and our OpenShift integration put Snyk’s developer-friendly security fix data into the developer’s workflows.

wordpress-sync/redhat-marketplace-1

Jump to a section:

Detect issues in containers in development and production

As workloads are deployed or changed within your OpenShift clusters, Snyk detects and tests the underlying container images for vulnerabilities, plus provides information on the running pod configuration issues that might make those workloads less secure. Snyk provides ongoing protection after workloads are scanned, so you always have up-to-date vulnerability details on your production applications. What’s more, the pod configuration details help to prioritize where you should focus your fix efforts. Snyk Container’s integration with OpenShift clusters makes these reports clear, as shown in the example below.

wordpress-sync/blog-detect-issues-containers-snyk

Prior to deployment in your OpenShift clusters, Snyk Container can be used to scan container images at multiple points, including the developers’ desktops and IDE with CodeReady Analytics, in your CI/CD pipelines, and in container registries, as shown in the diagram below.

wordpress-sync/blog-snyk-container-in-multiple-points-redhat

Developer-friendly fix guidance for container vulnerabilities

Snyk’s developer-focused approach is designed to go beyond just providing vulnerability reports to make it easier for developers to address security issues. Snyk detects vulnerabilities and provides immediately usable guidance for developers to fix container issues. Starting with the container base image, where Snyk displays recommendations for base image upgrades:

wordpress-sync/blog-snyk-developer-container-vulnerabilities

Snyk also provides the layer and dependency details and Dockerfile context for user layers in container images, to help you quickly understand where you might be introducing vulnerable components to your images.

Create secure OpenShift and Kubernetes configurations

Save time—and avoid emergency meetings with your security team—by checking your Kubernetes configuration files as you write them, instead of much later when workloads are deployed.

Snyk’s Kubernetes configuration scanning allows you to determine whether your workload’s specifications are safe by analyzing the configuration code stored in your source code management system.

wordpress-sync/blog-snyk-kubernetes-scanning-details-context

Address vulnerabilities and license issues in open source dependencies with automated remediation

Last but certainly not least, the most important bits running in your containers is your application code, which is likely to be increasingly reliant on open source components. Snyk also helps you quickly find security issues in your open source dependencies and can automate remediation of vulnerabilities and open source license compliance using integration directly with your source code repositories.

wordpress-sync/blog-snyk-find-fix-security-issues-open-source

Address risk as early as possible, with Snyk Intel powering CodeReady Dependency Analytics

The Red Hat CodeReady portfolio is a set of open source development tools and services for creating and delivering containerized applications. Now powered by Snyk Intel data, the CodeReady Dependency Analytics extension enables users of supported IDEs (VScode, IntelliJ, and more) to view Snyk vulnerabilities as they code, including Snyk premium vulnerabilities and detailed security advisories.

Users of CodeReady Dependency Analytics extension can start the registration journey to Snyk from within the tool, to expose this data free of charge. This will equip users of the extension with the deepest and most up-to-date source for fixing open source vulnerabilities, to provide secure applications from the earliest stage possible.

About the Red Hat Marketplace

We are excited to share that Snyk is now listed on Red Hat Marketplace, an open cloud marketplace that makes it easier to discover and access certified software for container-based environments across the hybrid cloud. Through the marketplace, customers can take advantage of responsive support, streamlined billing, and contracting (coming soon for Snyk), simplified governance, and single-dashboard visibility across clouds.

wordpress-sync/Screen-Shot-2020-04-27-at-8.49.58-AM

Getting started with Snyk in OpenShift

All of these features are available now for OpenShift customers!

  1. If you don’t already have a Snyk account, it’s free to sign up and use Snyk to scan both container images and open source dependencies.

  2. Find more information on how Snyk and Red Hat partner to empower developers to secure OpenShift applications here.

  3. Snyk is now available on RedHat Marketplace with automated deployment on any cloud.

  4. Want to see a demo or ask questions? We’d love to hear from you.

Stay secure!

wordpress-sync/Blog-Design_Red-Hat2-1

How to Build a Security Champions Program

Snyk interviewed 20+ security leaders who have successfully and unsuccessfully built security champions programs. Check out this playbook to learn how to run an effective developer-focused security champions program.