AWS Vulnerability Scanning from Snyk
Amazon Web Services and Snyk partner to help customers deliver secure cloud, container, or serverless applications deployed on AWS.
Snyk empowers developers to own the security of their applications and containers with a scalable, developer-first approach to finding and fixing vulnerabilities. Snyk integrates seamlessly into existing workflows and provides automated remediation via its curated, best-in-class vulnerability database.
Develop fast. Stay secure.
Snyk enables more than 1.5 million developers to continuously find and fix vulnerabilities in open source libraries and containers.
Snyk secures development across the AWS ecosystem. Snyk Open Source automatically and continuously finds and fixes application vulnerabilities in source control and function repositories, enabling developers to securely use open source with AWS services such as Amazon EC2 and AWS Lambda while accelerating delivery of cloud-native applications.
Snyk Container empowers developers to easily find and fix vulnerabilities in containers and Kubernetes applications. From native detection of vulnerabilities within Amazon Elastic Container Registry and integration throughout the software development lifecycle, to the applications running on Amazon Elastic Kubernetes Service or on self-managed Kubernetes clusters, Snyk helps you use containers and stay secure.
Snyk vulnerability database
Snyk maintains the industry’s most comprehensive and actionable open source vulnerability data. Snyk’s coverage goes beyond CVEs and includes many additional non-CVE vulnerabilities. Snyk security experts deliver precision patches and collaborate with researchers, analysts and maintainers to ensure the Snyk database delivers a high level of accuracy with a low false-positive rate.
Integrating into your native environment
from code development to production
Integrated IDE check
Detect vulnerabilities in open source dependencies early in the development cycle by scanning directly from the developers’ workstations, to minimize development time and effort on future fixes.
Native Git scanning
Scan pull request before merging. Test your projects and Lambda functions directly from the repository, and your container images directly from the registry. Ongoing monitoring and automated fix pull requests for vulnerabilities keep your code and containers protected against the latest threats.
CI/CD security gate
Integrate security directly into your pipeline. Use Snyk with AWS CodeBuild, or your choice of CI/CD tools, to gate deployments of vulnerable code and container images.
Test in production
Scan images in Amazon ECR and other registries, as well as Amazon EKS and your own Kubernetes clusters, to detect vulnerable images and insecure configuration. Continuously monitor and alert on new vulnerabilities on all AWS Lambda functions. Map new vulnerabilities to images deployed in your Amazon EKS or Kubernetes environment.