Today, we are excited to announce a strategic partnership with Snyk, the leader in developer security. Our goal with this partnership is to combine our runtime analysis with Snyk’s static analysis capabilities, which include the best proprietary vulnerability database.
The modern Software Development Lifecycle (SDLC) is becoming more and more complex, driven by the acceleration in the release cadence and the increasing strategic value of internet applications. Agile methodologies such as DevOps, as well as constant deployments, often made daily or even hourly, make it impossible to apply manual security activities as part of the build pipeline. At the same time, from the point of view of security, we find an increased volume of attacks, both automatic and also targeted, which tend to be much more sophisticated.
Why we are partnering with Snyk
Hdiv Security is rooted in the idea of security automation for all teams involved in the SDLC. Our Unified Application Security platform helps teams find and fix security vulnerabilities, and block attacks to production applications.
We also believe in partnering with best-in-class vendors to provide a more cohesive response to the SDLC teams. That is why we are partnering with Snyk, so we can jointly address the challenges above:
Faster time-to-market, by improving developer productivity
We believe that runtime observability is critical to an effective analysis of the security of the applications. However, developers spend a lot of time working on the code, and we want to make sure that they can leverage actionable security information in real-time while they code. So on top of our Hdiv -IDE integrations, we’ve partnered with Snyk to provide our joint customers with Snyk’s capabilities in static application analysis.
On one hand, the static analysis results will be informed by runtime execution insights, which increases the accuracy. And on the other hand, even the source code that has not been executed will be part of the security analysis, which in turn will increase the application coverage and help bridge the gap between development and security teams when remediating security risks.
The combination of Snyk’s static analysis, and Hdiv runtime visibility means better security insights so that developers can write secure code, from the very beginning, in the most efficient way.
Increase security, by expanding our dependencies analysis
In modern applications, the proportion of third-party code vs custom code is increasing, driven mainly by open-source dependencies. Teams are often aware of their first-order open-source dependencies, but not so much of the “dependencies of the dependencies”, which makes the manual management of this aspect a very complex task prone to oversight. That is why from the very beginning we included Software Composition Analysis (SCA) features in our vulnerability detection product. Out of the box, we reference internal research intelligence and the best public repositories of known vulnerabilities.
However, some of our clients want to have the option to include private sources of vulnerability intelligence. Snyk, the market leader in SCA, is the best partner we could find to meet this demand. The proprietary vulnerability feed that Snyk publishes is one of the most trusted sources of information, driven by a team of dozens of security professionals that discover, catalog, and document vulnerabilities in open-source dependencies. This team has discovered and disclosed nearly 1,000 original vulnerabilities.
We look forward to bringing these and more capabilities to our family of clients. Drop us a note if you would like to know more details. In the meantime, we want to send a big thank you to our friends at Snyk for teaming up with us.