Extending Software Composition Analysis (SCA) to Runtime


Everyone’s familiar with open source code and the associated vulnerabilities you inherit by leveraging third party packages. Many of you are familiar with traditional Software Composition Analysis (SCA) and are probably using Snyk for it! In today’s world of CI/CD pipelines and Infrastructure as Code (IaC), there’s complex machinery that sits between the code and production. This machinery works great most of the time, but can suffer from what all software does… bugs. And let’s not forget, things don’t always turn out the way they intend to. This can present challenges to security teams who want to know if there are vulns in their live system that may not show up in source code scans, as well as SOC analysts and incident responders who are trying to figure out the vulnerability exposure duration of a given vuln. This talk will cover how to leverage an end to end security approach for identifying vulnerabilities from development through runtime for web apps with both Snyk and Rapid7.

Browse SnykCon 2021 talks


Amukta Nayak
Engineer II, Rapid7