Extensibility and the Snyk API: our vision, commitment, and progress
Pat Poels
17 février 2021
0 minutes de lectureAt Snyk, we strongly believe in empowering developers to take ownership of security.
Developers are the builders of today and ultimately hold the keys to successfully securing their code. Only a developer-first approach, one that combines developer-friendly tooling together with guidance by security, can help organizations traverse the path to better-secured applications.
We are continuously striving to ensure this developer-first approach is apparent across our platform and that it is felt by our customers. Whether you are a developer or a security engineer, you should see a continuous improvement in your ability to tune Snyk’s security automation to fit your specific needs. A big part of this also means that you are increasingly able to tune Snyk’s security automation to your specific workflows and that you are not constrained to security processes within Snyk products. With that level of extensibility as our north star, you should experience an agile partner who is improving that platform every day.
This is the vision that Snyk is committed to achieving.
A key piece of the platform — the Snyk API
Snyk’s platform was designed to help you secure all the different building blocks making up your cloud native applications, helping you to find and fix vulnerabilities in your open source code, containers, infrastructure as code, and custom code. But the functionality provided in these products is backed by an additional core component of the platform — Snyk's API.
Developer-friendly, comprehensive, and designed to support security at scale, Snyk's API provides you with a programmatic ability to import your projects, test those projects for vulnerabilities, and track the status of those vulnerabilities. The various Snyk API endpoints that you can access programmatically expose some of the same capabilities of our products. This programmatic access helps to facilitate the customization, integration, and automation of Snyk's security as part of your unique workflows.
Snyk customers are leveraging the API in a variety of different ways and to support a myriad of interesting use cases. Some teams used the API to build tools that are automatically exporting Snyk’s data into monitoring systems already being used by developers, such as Prometheus and Grafana, or ticket and incident management platforms such as Confluence and Jira. Others are using the API to automate security processes at scale, creating scripts that automatically import new projects, tag them, or update them in Snyk when changes are applied.
We are excited each time we learn of a new use case and are committed to improving the experience our customers have with the Snyk API.
Investing in modularity
We are extremely proud of the cloud native application security platform that we have built but this is just a start.
Our vision for our platform is to help you secure your applications without needing to deploy multiple tools. We see our platform supporting your entire software development lifecycle, continuously growing together with you to support your changing needs, and most importantly — being ridiculously easy for developers to work with.
To achieve this vision, we are doubling down on the modularity of our platform. Our products are built as modular components wherever possible, allowing us to build capabilities once that can be used across our platform. The more modular our platform, the more rapidly we can expand our products and develop our cloud native application security platform.
Investing in our API aligns well with this strategy, as the same API endpoints that we expose to you as a developer also act as the modular core for our UI and our command-line interface (CLI). Helping you have more control over your Snyk experience actually helps us move faster. We are committed to continuing investment in the modularity of our platform. You can depend on Snyk to offer a powerful, reliable, performant, and complete API.
Our recent progress — Custom Webhooks!
In line with this commitment to API functionality, we are proud to announce the beta release of Snyk’s custom webhooks!
Enabling our customers to subscribe to push events from Snyk, this new API functionality can be used to receive Snyk payloads in third-party systems — collaboration tools or incident management platforms — when a Snyk event is triggered, such as when a new vulnerability is identified.
We will be publishing some examples of how to use Snyk’s Custom Webhooks on the Snyk Blog so stay tuned. In the meantime, feel free to refer to our documentation for more information.
Accelerating our API vision
We know our customers are moving fast and want our platform to move at the same pace. To further fuel our platform push, we acquired Manifold — a Halifax, Canada-based company that is no stranger to extensibility and API. Previously building a Marketplace as a Service company for API-first products, Manifold brings tremendous platform talent and experience to Snyk. They extend our development footprint into North America, allowing for better global coverage and a great new location for hiring R&D talent.
The Manifold team has been working on building a platform for platforms, and their experience with building in a modular, API-first manner are a great complement to the Snyk team. Additionally, engineers from Manifold allow us to also accelerate our work on partner integrations. Modularity and extensibility make it easier to improve the breadth and depth of our service through integrations with other players in the security ecosystem, and Manifold will help bring those integrations to life.
2021 is going to be an exciting year for Snyk customers. As we continue to invest in extensibility and API, tuning Snyk’s security automation to your specific workflows will be simpler. This will ensure developer experience and also help guarantee consistent governance across the Snyk platform, ultimately resulting in better-secured applications.
Détecter et corriger automatiquement les vulnérabilités
Snyk fournit des PR de correction en un clic et des conseils de remédiation pour votre code, vos dépendances, vos conteneurs et votre infrastructure de cloud.