This integration allows customers to find and fix open source code vulnerabilities within the ThreadFix platform, empowering developers to better manage software security vulnerabilities through the platform’s comprehensive view of open source and proprietary code.
Open source code is critical to modern application development, as it allows developers to save time and reuse community work at a rapid rate. However, embedding third party code into applications entails inherent risks.
In its annual State of Open Source Security report, Snyk found an 88% increase in open source application vulnerabilities during the past two years. This rapid adoption of open source code has led to major security concerns within organizations and development teams are requiring tools to more effectively scan and remediate both proprietary and open source code.
“As application programs grow and developers are pushed to create applications at a much faster rate, it’s important to not lose sight of integrating security into development pipelines,” says Dan Cornell, CTO of Denim Group.
“We are delighted to announce our strategic partnership with Snyk as we work towards the market demand of continuously improving the future of DevSecOps and application security.”
Through the integration with ThreadFix, Snyk customers are able to consolidate their Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST) and Software Composition Analysis (SCA) results into one single unified view, streamlining their vulnerability management efforts.
The comprehensive view and risk-based filtering also allows security teams to more readily prioritize vulnerabilities based on severity, giving them the perspective they require to find and remediate the most serious vulnerabilities first.
“It’s really exciting to integrate Snyk into the ThreadFix platform, empowering more developers to use open source as securely as possible,” said Geva Solomonovich, Snyk Chief Operating Officer.
“Our partnership not only gives developers the tools they need to better manage and remediate vulnerabilities within their open source dependencies, but it also allows them to integrate security much earlier and more easily throughout the development process.”