Skip to main content

Snyk highlighted on the ThoughtWorks Technology Radar

著者:
wordpress-sync/Snyk-highlighted-on-the-ThoughtWorks-Technology-Radar-

2018年12月13日

0 分で読めます

Snyk has recently been included in the ThoughtWorks Technology Radar, alongside some of our friends, and we think that deserves a deep dive, with examples of how we use some of these tools ourselves as part of our stack.

Screen_Shot_2018-12-13_at_10.51.15

What is the ThoughtWorks Technology Radar?

ThoughtWorks is a Chicago-based software design, delivery, and consulting firm. About twice a year, ThoughtWorks publishes its Technology Radar, which tends to get a lot of attention from the wider IT industry, not just from ThoughtWorks’ clients.

The Technology Radar, as its name suggests, maps different technologies on different layers of a radar’s surface. Solutions included in the radar are typically ones that symbolize a meaningful trend in software development, from a vendor that ThoughtWorks or its clients know. More about the Radar can be found on their FAQ page.

The radar includes four ‘rings’ for different recommended levels of adoption:

  • Adopt represents tools that should be used now.

  • Trial relates to tools that are ready for use, for the right use case.

  • Assess is about tools that should be, well, assessed.

  • Hold, as its name suggests, is for tools that ThoughtWorks haven't had a good experience with.

Snyk’s open source security tooling—which uniquely enables developers to Find, Fix, Prevent, and Monitor open source vulnerabilities in their code—has been included in the Trial ring under the Tools category (note that no solution appears in ‘Adopt’). As confident as we are in our product vision, that still makes us happy!

Who else is included?

There are several key solutions included in the same ring, under the Tools category. Here are some that we use, or are advocates for, that we’d like to tell you about.

  • Git-secrets. We’ve covered git-secrets in our Git Security Cheat Sheet some months ago, as a recommended tool for static analysis of commits to avoid security breaches or IP leakage.

  • Cypress. We use Cypress, an end-to-end JavaScript test framework, as part of our software development in-house. Cypress makes it really easy to write and run tests, and we found it simple to adopt; in addition, our test suites that use Cypress are very easy to maintain.

  • Visual Studio Code. Microsoft's widely-used IDE hardly needs introduction, but it has seen some tremendous growth over the past few years and is now even breaking into the Java market, as shown by our recent JVM ecosystem report. This is due, in our opinion, to the pace and quality with which this tool is improving and evolving, with new languages supported, real-time collaboration and more. At Snyk, many of our developers use VS Code extensively as their main IDE.

Overall, we’re super excited to have been included in the “Trial” category on the ThoughtWorks Technology Radar, another important external validation on our journey to help our customers use open source and stay secure.

wordpress-sync/Snyk-highlighted-on-the-ThoughtWorks-Technology-Radar-

CISOのための開発のセキュリティガイド

開発チームに安全な開発の手法を浸透させたいですか?本ガイドをダウンロードし、開発者がセキュリティツールを採用する際の具体的なステップや、現在CISOがどのようにこれを取り入れているかを学びましょう。