Skip to main content

Snyk Adds Developer-first SAST Solution to Cloud Native Application Security Platform

wordpress-sync/SAST-annoucment-2

21. Oktober 2020

BOSTON - October 21, 2020 Cloud native application security company Snyk announced today it has launched Snyk Code, a developer-first SAST (static application security testing) solution to complete its market-leading cloud native application security platform. With the addition of Snyk Code, Snyk now provides security visibility and remediation as a platform for all of the critical components of the modern application including the application code, open source libraries, container infrastructure, and infrastructure as code.

Until now, legacy SAST tools have been difficult for developers to use, often taking hours or days to complete a vulnerability scan; providing high false positive rates; and requiring deep security knowledge to address the issues and fix them quickly. With Snyk Code, Snyk is re-imagining SAST in a way that developers can actually use as a seamless part of their development process - enabling them to build software fast and securely. Snyk Code gives developers automated and real-time insight into issues and vulnerabilities within the code they are creating, combining those with insights from other Snyk security solutions for open source libraries, containers and Infrastructure as code. By approaching application security with this holistic, developer-first approach,  software-driven organizations can ensure a continuous, scalable security posture even before deploying into production. 

"Snyk Code has been a missing piece to complete our cloud-native application security platform and we are excited to announce today at SnykCon the availability of this integrated and holistic approach to securing modern applications," said Peter McKay, CEO, Snyk.  "We are leveraging the machine learning based technology we acquired through DeepCode to bring speed, accuracy, and developer-first experience to SAST, a traditionally non-developer friendly aspect of the security process. Snyk Code will change the acceptable standards for how developers secure their own code and continue to transform the security market to keep up with the unrelenting pace of digital transformation." 

Snyk Code offers developers a differentiated SAST experience unlike any other solution in the market today by ensuring: 

  • Developer usability - Snyk Code prioritizes the developer experience, combining its speed and accuracy with the ability to scan source-code before an app is built, unlocking previously impossible seamless integrations in git and IDEs, and fix recommendations based on real-world, real-time data.

  • Speed  - Snyk Code is up to 50x faster than traditional SAST solutions, allowing seamless integration into the fast pace of continuous integration and delivery (CI/CD) pipelines, and unlocking vulnerability detection as you code, improving what has been a slow and disruptive extra step that can sometimes take many hours.

  • Accuracy - Snyk Code is focused on providing actionable results that matter, automatically modelling APIs and learning practices from the world's code, then training those models on Snyk's expansive, hand curated vulnerability database, significantly reducing false positives.

"From its inception, Snyk has sought to rethink application security as a dev-first process, requiring developer-centric tooling, integrations and workflows," said Guy Podjardny, President and Co-founder of Snyk. "This was our approach to SCA, to container security and most recently to securing infrastructure as code.  And this is now critical for SAST, where traditional SAST products are universally disliked by developers, but is a required aspect to maintaining an acceptable security posture.  We've taken the same approach with Snyk Code, delivering a differentiated, developer-first SAST solution that prioritizes the developer experience." 

Snyk Code launched at SnykCon, Snyk's first annual user conference, drawing a global audience of customers, users and the broader devsecops community.

About Snyk

Snyk, the cloud native application security leader, has a vision to empower every software developer in the world to develop fast and stay secure. Only Snyk provides a platform to secure all of the critical components of today's cloud native application development including the code, open source libraries, container infrastructure and infrastructure as code. Snyk's developer-first approach enables technology-driven companies to scale security in today's fast-paced digitally transforming world.  Snyk's security platform is powered by its industry-leading proprietary vulnerability database, maintained by the expert Snyk security research team, that also powers security solutions from strategic partners such as Datadog, Docker, IBM Cloud, Rapid7, Red Hat and Trend Micro. The company works with global customers of all sizes to empower developers to automatically integrate security throughout their existing workflows.

Named to the 2020 Forbes Cloud 100, the definitive ranking of the top 100 private cloud companies in the world, Snyk was also recently recognized by Comparably as the #3 small-to-medium business for Happiest Employees in 2020.For more information and to get started with Snyk for free today, visit https://snyk.io.