We use cookies to ensure you get the best experience on our website.Read moreRead moreGot it

close
  • Products
    • Products
      • Snyk Open Source
        Avoid vulnerable dependencies
      • Snyk Code
        Secure your code as it’s written
      • Snyk Container
        Keep your base images secure
      • Snyk Infrastructure as Code
        Fix misconfigurations in the cloud
    • Platform
      • What is Snyk?
        See Snyk’s developer-first security platform in action
      • Developer Security Platform
        Secure all the components of the modern cloud native application in a single platform
      • Security Intelligence
        Access our comprehensive vulnerability data to help your own security systems
      • License Compliance Management
        Manage open source license usage in your projects
    • Self-paced security education with Snyk Learn
  • Resources
    • Using Snyk
      • Documentation
      • Vulnerability intelligence
      • Product training
      • Customer success
      • Support portal & FAQ’s
    • learn & connect
      • Blog
      • Community
      • Events & webinars
      • DevSecOps hub
      • Developer & security resources
    • Self-paced security education with Snyk Learn
  • Company
    • About Snyk
    • Customers
    • Partners
    • Newsroom
    • Snyk Impact
    • Contact us
    • Jobs at Snyk We are hiring
  • Pricing
Log inBook a demoSign up
All articles
  • Application Security
  • Cloud Native Security
  • DevSecOps
  • Engineering
  • Partners
  • Snyk Team
  • Show more
    • Vulnerabilities
    • Product
    • Ecosystems
Application SecurityDevSecOpsVulnerabilities

Teaming up with Sysdig to deliver developer and runtime Kubernetes security

Jim Armstrong
Jim ArmstrongFebruary 16, 2022

Today, we’re excited to announce a partnership with Sysdig to provide container and Kubernetes security together — from code to cluster. Together, Snyk and Sysdig can help developers secure code and containers in development, protect the runtime Kubernetes environment, and deliver feedback and visibility from production back to developers, eliminating the noise of container vulnerabilities. Containers have been a foundational technology enabler in the DevOps movement, and Kubernetes has brought scale and flexibility to the process of deploying multiple containerized workloads across every cloud. Now, for the first time, there’s a security solution that spans the full cycle of DevOps practices for container workloads. It enables developers to build safer containers to run their applications, resulting in a more secure production environment and an ongoing feedback loop for improving and fixing critical issues.

details from two scans, showing reduction in vulnerabilities

Combining development and runtime security to eliminate vulnerability noise

Developers already have to deal with increasing security work spanning several aspects of an application: the code and dependencies, the deployment configuration, and the containers that ship and run code. At the same time, security and operations teams working with live environments have to manage these vulnerabilities and issues en masse: hundreds of vulnerabilities spanning thousands of containers and‌ many clusters. They need developers on board to fix ‌security issues. But container vulnerabilities have been particularly thorny, due to a lack of systems expertise on dev teams and the clunky nature of legacy vulnerability tools. As a result, some vulnerabilities can take up to six months to fix, extending the security backlog for developers and clouding the risk picture for security and operations teams. 

Snyk Container already provides early feedback in the development process, guiding container users when better base images are available. These alternate images are more secure, updated, and often slimmer. This step alone can cut out 70% or more of initial vulnerabilities. But that still leaves 30% of the vulnerabilities — and with hundreds of vulnerabilities in some container images, handling that 30% can be a daunting task for developers.

With Sysdig’s runtime intelligence, we’re now able to provide advanced prioritization for container vulnerabilities. No longer is the container a mysterious and noisy collection of packages and vulnerabilities — developers have visibility into exactly which packages are being used when their container is running, and the vulnerabilities affecting those executed packages. Developers can clearly see which issues are the most important to fix, and with this additional feedback, they can fix critical issues faster. In turn, security and ops teams can focus their attention on real-time threats and incident response, instead of tedious vulnerability management tasks. 

detail showing insights from runtime execution

Why we’re partnering with Sysdig

We’re excited to partner with Sysdig because we share a common vision for enabling organizations embracing DevSecOps to have a complete view of security and performance, throughout the lifecycle of applications and the cloud-native stack. While our technical integration is focused on containers and Kubernetes, the combination of the full Snyk and Sysdig platforms secures everything: from the code a developer writes in their IDE to the full infrastructure running the Kubernetes cluster. It provides the tools developers, security, and operators need for vulnerabilities, real-time threat response and analysis, and cluster and application monitoring and troubleshooting. For Sysdig’s take on how integrated prioritization aligns developers and SecOps to enable focused remediation, read their blog post.

Additional Resources

To help you get started and see the integration in action, we have two webinars planned.

  • Join us March 2 at 3pm for a Security Boulevard demo-led webinar with experts from Snyk, Sysdig, and AWS. 
  • On March 10, Sysdig and Snyk will team up again to demonstrate ways to use the new integration to eliminate noise from code to production.

We’re excited to have you test it out and let us know what you think. We’re already planning the next features in our integration with Sysdig, and we’d love to hear your thoughts on what else we can do to help you keep using containers and Kubernetes, and stay secure.

Log4Shell resource center

We’ve created an extensive library of Log4Shell resources to help you understand, find and fix this Log4j vulnerability.

Browse Resources
Footer Wave Top
Patch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo Segment
Develop Fast.
Stay Secure.
Snyk|Open Source Security Platform
Sign up for freeBook a demo

Product

  • Developers & DevOps
  • Vulnerability database
  • Pricing
  • Test with GitHub
  • API status
  • IDE plugins
  • What is Snyk?

Resources

  • Snyk Learn
  • Blog
  • Security fundamentals
  • Resources for security leaders
  • Documentation
  • Snyk API
  • Disclosed vulnerabilities
  • Open Source Advisor
  • FAQs
  • Website scanner
  • Japanese site
  • Audit services
  • Web stories

Company

  • About
  • Snyk Impact
  • Customers
  • Jobs at Snyk
  • Snyk for government
  • Legal terms
  • Privacy
  • Press kit
  • Events
  • Security and trust
  • Do not sell my personal information

Connect

  • Book a demo
  • Contact us
  • Support
  • Report a new vuln

Security

  • JavaScript Security
  • Container Security
  • Kubernetes Security
  • Application Security
  • Open Source Security
  • Cloud Security
  • Secure SDLC
  • Cloud Native Security
  • Secure coding
  • Python Code Examples
  • JavaScript Code Examples
Snyk|Open Source Security Platform

Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer's toolkit.

Resources

  • Snyk Learn
  • Blog
  • Security fundamentals
  • Resources for security leaders
  • Documentation
  • Snyk API
  • Disclosed vulnerabilities
  • Open Source Advisor
  • FAQs
  • Website scanner
  • Japanese site
  • Audit services
  • Web stories

Track our development

© 2022 Snyk Limited
Registered in England and Wales
Company number: 09677925
Registered address: Highlands House, Basingstoke Road, Spencers Wood, Reading, Berkshire, RG7 1NT.
Footer Wave Bottom