Being able to work safely in cybersecurity requires knowledge, attention to detail, and a good software portfolio to rely on.
One of the tools that I've learned and used during the last months is Snyk.
Call Snyk tools is not correct because it's a security platform with a series of tools that could operate on every code built:
During the last few years, the lines of code produced were growing exponentially. The availability of tons of open-source libraries and containers has boosted the speed of developers, but how can we be sure that all these resources are safe?
How developers could be responsible for the security of their code and of the work made by someone else? How security officers could handle this scenario without being a bottleneck to productivity?
Snyk could help integrate his tools in IDE, git repository, or in pipelines CI/CD with fast analysis and suggesting the solution of the detected issue
To provide some examples Snyk could be installed as VSCode plugin, or could be set to scan git repositories and in case of an issue could open automatically a pull request proposing a resolution.
Snyk is also fully integrable in the customer environment, both for access and security policies, to be full compliance with the customer needs. Customizable dashboards and reports are also available to make security officers able to understand fast the security situation of a project.
Another interesting fact is Snyk has builded also an open-source vulnerability database that catalogues the vulnerabilities and provides examples and tutorials for devs.
The great news is that make a test it's easy because a free (limited) plan is also available!
If you could be interested to have more info about Snyk, please read the blog article published by my colleague Luca Bandini about our experience with Snyk, used also to check the code of Fury the Kubernetes distribution developed by SIGHUP.
No comments:
Post a Comment