Teaming up with Sysdig to deliver developer and runtime Kubernetes security

Today, we’re excited to announce a partnership with Sysdig to provide container and Kubernetes security together — from code to cluster. Together, Snyk and Sysdig can help developers secure code and containers in development, protect the runtime Kubernetes environment, and deliver feedback and visibility from production back to developers, eliminating the noise of container vulnerabilities. Containers have been a foundational technology enabler in the DevOps movement, and Kubernetes has brought scale and flexibility to the process of deploying multiple containerized workloads across every cloud. Now, for the first time, there’s a security solution that spans the full cycle of DevOps practices for container workloads. It enables developers to build safer containers to run their applications, resulting in a more secure production environment and an ongoing feedback loop for improving and fixing critical issues.

Combining development and runtime security to eliminate vulnerability noise

Developers already have to deal with increasing security work spanning several aspects of an application: the code and dependencies, the deployment configuration, and the containers that ship and run code. At the same time, security and operations teams working with live environments have to manage these vulnerabilities and issues en masse: hundreds of vulnerabilities spanning thousands of containers and €Œ many clusters. They need developers on board to fix €Œsecurity issues. But container vulnerabilities have been particularly thorny, due to a lack of systems expertise on dev teams and the clunky nature of legacy vulnerability tools. As a result, some vulnerabilities can take up to six months to fix, extending the security backlog for developers and clouding the risk picture for security and operations teams.

Snyk Container already provides early feedback in the development process, guiding container users when better base images are available. These alternate images are more secure, updated, and often slimmer. This step alone can cut out 70% or more of initial vulnerabilities. But that still leaves 30% of the vulnerabilities — and with hundreds of vulnerabilities in some container images, handling that 30% can be a daunting task for developers.

With Sysdig’s runtime intelligence, we’re now able to provide advanced prioritization for container vulnerabilities. No longer is the container a mysterious and noisy collection of packages and vulnerabilities — developers have visibility into exactly which packages are being used when their container is running, and the vulnerabilities affecting those executed packages. Developers can clearly see which issues are the most important to fix, and with this additional feedback, they can fix critical issues faster. In turn, security and ops teams can focus their attention on real-time threats and incident response, instead of tedious vulnerability management tasks.

Why we’re partnering with Sysdig

We’re excited to partner with Sysdig because we share a common vision for enabling organizations embracing DevSecOps to have a complete view of security and performance, throughout the lifecycle of applications and the cloud-native stack. While our technical integration is focused on containers and Kubernetes, the combination of the full Snyk and Sysdig platforms secures everything: from the code a developer writes in their IDE to the full infrastructure running the Kubernetes cluster. It provides the tools developers, security, and operators need for vulnerabilities, real-time threat response and analysis, and cluster and application monitoring and troubleshooting. For Sysdig’s take on how integrated prioritization aligns developers and SecOps to enable focused remediation, read their blog post.

Additional Resources

To help you get started and see the integration in action, we have two webinars planned.

• Join us March 2 at 3pm for a Security Boulevard demo-led webinar with experts from Snyk, Sysdig, and AWS.

• On March 10, Sysdig and Snyk will team up again to demonstrate ways to use the new integration to eliminate noise from code to production.

We’re excited to have you test it out and let us know what you think. We’re already planning the next features in our integration with Sysdig, and we’d love to hear your thoughts on what else we can do to help you keep using containers and Kubernetes, and stay secure.