Tenable uses Snyk Vulnerability Database to secure development with containers and DevOps
Containers and DevOps methodologies deliver the agility and speed of application development that companies require to execute their digital and cloud strategies quickly. Unsurprisingly, Gartner predicts that “by 2023, 70% of applications deployed in the cloud will use containers as a packaging mechanism, up from 20% in 2020.”
However, alongside widespread adoption, there has been a surge in container vulnerabilities, with a 4X increase in reported operating system vulnerabilities in 2018. And yet, 80% of developers say they don’t test their container images during development, according to Snyk’s annual State of Open Source Security report.
Alongside tools used by security teams, there is an urgent need for developers to take the lead upstream and own security to scale DevOps methodologies.
This is a key driver for the new partnership we’re excited to announce with Tenable, a cyber exposure leader with 30,000 security customers worldwide. By partnering with Snyk, Tenable is able to help security analysts better manage and minimize the potential risk associated with open source components within container images.
With Tenable.io integrating the Snyk Intel, security teams are able to identify and resolve open source software vulnerabilities that might put them at risk by surfacing both public and Snyk-proprietary curated data for far better coverage. Through the integration, Tenable.io further enables DevOps processes by providing enhanced visibility into the security of open source components in container images—including vulnerabilities, malware, and policy violations—through integration with the build process.
Tenable’s blog post “Tenable Bolsters Container Security to Capture Open-Source Vulnerabilities” explains how combining Tenable.io and Snyk Intel creates a powerful defense against potential risks in open source software.
How the Snyk & Tenable integration works
The Snyk integration offers a seamless user experience within Tenable.io, with open-source code vulnerabilities in Ruby, Python and Node.JS appearing alongside all other vulnerabilities in a single interface.
Security analysts using the Tenable platform click on each vulnerability to access Snyk’s advisory pages and information about fix/patch (example below). Snyk’s advisory page provides detailed information for decision making and developers can also sign up to use Snyk for free to benefit from Snyk’s automated remediation and ongoing monitoring capabilities.
Major global security organizations leverage Snyk Intel
Tenable joins Red Hat, Trend Micro, Rapid7, and the Linux Foundation in leveraging Snyk Intel to complement public sources and increase coverage of container security vulnerabilities in their tools with actionable intelligence from Snyk. Widely adopted because of its timely and accurate data, Snyk Intel includes hand-curated and actionable content maintained by a dedicated Snyk research team. By partnering with Snyk, these organizations are able to help security and DevOps teams work together to mitigate the potential risk vulnerabilities in open source might create.