November 20, 20230 minutos de leitura
Snyk is excited to announce general availability of Snyk Apps, a framework for building and distributing custom security solutions to better inform security decisions and boost developer productivity.
As Snyk Apps reaches this milestone, Snyk’s Technology Alliance Partnership Program (TAPP) has more than 70 members today. Working closely with our TAPP partners, such as Atlassian, ServiceNow, new Snyk Apps are helping to improve Jira notification and ticketing, as well as vulnerability and SBOM management in ServiceNow workflows.
Integrating security early and across software development workflows have become a fundamental requirement for helping development and security teams maintain a fast pace of development, while also staying secure. These workflows are increasingly complex, based on a growing variety of different processes, tools, and technologies.
Yet, existing security solutions on the market are rigid and difficult to integrate with. Additionally, as the volume, variety, and velocity of cyber threats and attacks continue to grow, it’s increasingly difficult to rapidly identify and resolve application security issues. What's needed are security solutions that are open and flexible enough to support a range of workflows and modern application development practices. With GA of Snyk Apps, our partners are able to meet this market need by customizing and automating security with Snyk.
Snyk Apps deliver optimized performance and reliability
Snyk Apps offer an extensibility framework that provides the tools to extend, integrate, and build upon the Snyk developer security platform. Not only does this enable fast and secure software development workflows, Snyk Apps help to minimize friction, optimize productivity, and encourage developer adoption — key ingredients for the successful implementation of the DevSecOps model.
We’re pleased to promote Snyk Apps to GA and offer optimized performance and reliability, enabled FedRamp validation for Snyk Apps, and expanded coverage to all regions globally. We also have updated the Snyk CLI and Snyk Broker to be based on a Snyk App.
In the world of secure applications, authentication and authorization are the first two gates for controlling access to your data. Traditionally, applications granted access or authorization based on API tokens. While individuals or organizations can create API tokens for programmatic access, they must protect those tokens to prevent inappropriate usage, sensitive data exposure, or data loss.
Recent data breaches based on leaked API tokens are clear examples of the dangers of relying on inadequate API token protection. In one case, a code search and navigation platform announced that it has experienced a data breach after an engineer accidentally leaked an admin access token in a commit. Snyk Apps ensure our partners employ best practices for token management, so customers are well-protected.
In response to the risk of API token insecurity, many regulatory agencies now recommend or require a protocol like OAuth 2.0 to validate and manage API access and authorization. OAuth 2.0 provides the ability to grant third-party applications access to web resources without sharing a password or exposing tokens publicly. A robust OAuth 2.0 process handles expiration and rotation programmatically.
Snyk Apps extends our integration capability beyond API token-based integrations to support an OAuth security model for access management and permission granularity. They provide a way for developers to describe and register an integration (e.g. the integration’s name, description, logo, and the permissions it needs) and then expose it to others for use. Snyk Apps also provide the APIs and authentication flows needed to gain API access, allowing integrations to act autonomously or on behalf of other users. The Snyk App architecture allows users to define the permission structures on a least privilege basis for specific resources within their organization.
Partnering to build more secure applications
Our Technology Alliances offer Snyk Apps to solve the most pervasive application security challenges at enterprise-scale. To easily find and drive adoption, Snyk Apps are showcased on the Snyk Partner Solutions Directory, including the latest Snyk Apps from Atlassian, Bright Security, Phylum, ServiceNow, Slack, Tines, and Torq.
“Atlassian and Snyk teamed together to bring Security in Jira to our customers and improve their DevSecOps workflows. We have a longstanding partnership with Snyk and it made sense to collaborate with a trusted partner.”
— Suzie Prince, Head of Product Management, Atlassian.
“At Slack, we value providing an optimal experience for developer communities, whether they're building automations on Slack or looking for ways to streamline their own organization's code security measures. We're excited that Snyk's new integration will give developers new and efficient ways to further automate security and actively manage risk.”
— Steve Wood, SVP of Product, Platform at Slack.
“While SBOMs deliver improved visibility, transparency, security and integrity of code, on their own they don’t actually help security engineers mitigate risk across their software supply chain. By adding Snyk’s security insights to ServiceNow’s workflows, global enterprises can accurately pinpoint whether any part of their software supply chain is at risk and take swift action accordingly."
— Lou Fiorello, Vice President and General Manager of Security Products, ServiceNow.
"In the modern landscape, releasing applications with known vulnerabilities is simply unacceptable. The integration of Snyk and Bright revolutionizes security testing, providing our customers with swift vulnerability detection, rigorous verification, and effective remediation, all at the speed of now."
— Gadi Bashvitz, CEO of Bright Security.
“Organizations are targeted by zero-day vulnerabilities and software supply chain attacks daily. The Phylum App for Snyk alerts users when developers and applications are compromised by threats not already known to Snyk SCA, protecting secrets and keys and preventing further attack escalations.”
— Louis Lang, Co-founder and CTO, Phylum.
"With our official Snyk App, customers can effortlessly – and securely – connect to their Snyk org directly from our platform, without having to manually create and manage API tokens. This much improved experience reduces friction, and allows customers to spend more time on what they care about: connecting their Snyk alerts to powerful automated workflows, increasing the speed of response and remediation.“
— Stephen O'Brien, Head of Product, Tines.
“Torq is committed to transforming cybersecurity through our enterprise-grade, hyper automation platform. Our collaboration with Snyk enables our mutual customers to strengthen their security postures, connect previously-disparate security tools, and enjoy dramatic operational and productivity boosts."
— Eldad Livni, Torq Co-Founder & CINO.
Start building and using Snyk Apps
Application and developer-focused software companies that want to build, integrate and go-to-market with Snyk solutions are encouraged to apply for the Snyk TAPP initiative. It provides the technology, training, and resources to build and share your app with Snyk’s ecosystem. To easily find and drive adoption, a growing number of Snyk Apps are showcased on the Snyk Partner Solutions Directory.