Skip to main content

Accelerating the Snyk infrastructure as code vision with the addition of CloudSkiff

Écrit par:
wordpress-sync/blog-feature-snyk-driftctl

29 octobre 2021

0 minutes de lecture

We are thrilled to welcome the team at CloudSkiff to Snyk! Many of you may be more familiar with driftctl, the open source project started by the CloudSkiff team. I wanted to share with you why we’re excited about the addition of this fantastic group of people to Snyk, and our plans for the future of Snyk Infrastructure as Code(Snyk IaC), as well as our commitment to keeping driftctl open source.

Editor’s note: The acquisition of Cloudskiff closed on October 29, 2021. Cloudskiff is now a part of Snyk.

Who is CloudSkiff?

CloudSkiff started up in July 2019 in Paris, France with ideas about how they could help users manage their infrastructure as code (IaC) projects. The team were all experienced cloud infrastructure managers, either as developers deploying to cloud resources or as part of a larger DevOps oriented organization managing large production systems. So they were all too familiar with the “emergency” changes and tweaked settings that led the true state of their infrastructure to differ from the desired state.

A tweet shared by the CloudSkiff team pointed out the impact of fast versus slow-moving broken things. IaC drift might be one of those slow-moving broken things, but as the tweet states, “The only thing more terrifying than a fast-moving broken thing is a slow-moving broken thing that you can't get anyone to pay attention to because what harm could that iceberg do…”

The CloudSkiff team talked to over 100 IaC users, they quickly realized that drift — the changes that occur outside the IaC workflow after an environment is running — was a major source of pain for many people. The team decided developing driftctl in the open was the best way to continue gathering feedback, prioritizing their focus, and iterating on the problem.

The CloudSkiff team has continued working with the growing community of driftctl users to learn about the problems of IaC drift and unmanaged resources, and how best to address those issues. driftctl has continued to expand in usage and capabilities over the past year and along the way, the CloudSkiff team gained a great deal of expertise in the drift management domain.

Our commitment to keeping driftctl open source

We want to make it clear that we have no intention to disrupt driftctl. Snyk strongly believes in open source and we are committed to backing the driftctl project and the community surrounding and participating in it. The goal of driftctl is to provide drift detection for all major public clouds and popular IaC tools, and that goal remains the same. To that end, development of driftctl will continue in the open with the belief that value in driftctl as a standalone, open source, community-supported tool should continue. If anything, we hope we can bring even more attention and participation so that driftctl continues to grow and improve and conquer even more issues in drift management.

If you want to get involved with driftctl, we invite you to join the GitHub project and the driftctl Discord community. The live coding sessions, demos, and release events will continue and we’d love to see you over there!

What’s next for Snyk IaC?

We couldn’t be happier about welcoming the CloudSkiff team to Snyk as we work together to help our customers secure their IaC from config to cloud. Drift management has been part of our Snyk IaC roadmap for some time and we’ll be able to accelerate those capabilities with the addition of the CloudSkiff team and their knowledge.

One of the beauties of IaC is that configurations can be tested before reaching the production state. But infrastructure can be modified post-deployment by people and tools that sit outside the normal IaC workflows. Static IaC tests can neither prevent nor detect these changes and developers cannot secure what they cannot detect. With the help of the CloudSkiff team, Snyk IaC will be able to provide both: testing and fixes for IaC prior to deployment, and detect drift and unmanaged infrastructure that push environments out of compliance. We’re planning to add these features as fast as we can and hope to be able to show off new capabilities by the end of the year.

What will this mean for current Snyk IaC users and customers?

Drift management features were already part of our Snyk IaC roadmap and we will continue and accelerate that plan.

If you’re already a customer of Snyk IaC, you’ll get these new enhancements for free. If you’re not already a Snyk IaC user or customer, you can get started for free or contact sales to explore your plan options.

wordpress-sync/blog-feature-snyk-driftctl

Vous voulez l’essayer par vous-même ?

Find security issues in the pipeline before you push to production with these 8 actionable scanning and integration tips.