Amazon Inspector, Snyk Security Intelligence Integration Just Made Developing Secure Software Easier

Amazon relaunched its Amazon Inspector late last year. Under the hood, the service includes several features security teams have requested. But more importantly, it also adds Snyk Security Intelligence through an ongoing partnership.

inspector Amazon is an automated security assessment service that automatically discovers all running Amazon Elastic Compute Cloud (Amazon EC2) instances and container images residing in Amazon Elastic Container Registry (Amazon ECR). It also continuously assesses software vulnerabilities and unintended network accessibility due to misconfigurations of application workloads running on AWS.

Snyk Security Intelligence identifies vulnerable functions and known exploit maturity, with a Common Vulnerability Scoring System (CVSS) score and vector assigned to 100% of vulnerabilities. Snyk’s proprietary research, combined with community-powered databases, such as rubysec, friends of php, rustsec and many others, allows Snyk to discover and disclose new vulnerabilities in the open source ecosystem.

Integration with Amazon Inspector allows developers and security teams on AWS to access vulnerability information through the Amazon Inspector user interface. This association offers many advantages.

For example, both teams on AWS can enable and consolidate Amazon EC2 and container vulnerability management with just a few clicks. This helps improve the accuracy of identifying transient dependency vulnerabilities.

“We didn’t think the security coverage (provided by other evaluated solutions) was comprehensive enough, which later, compared to Snyk, was indeed clear,” said Leif Dreizler, Head of Engineering security at Segment. “When the eslint-scope vulnerability emerged, it was easy to find which repositories were vulnerable, allowing us to upgrade or remove the dependency.”

Developers and security teams can also optimize their remediation efforts by keeping false positive rates low using Snyk Security Intelligence. Additionally, they can take advantage of Snyk’s hand-picked data to reduce mean-time-to-resolve (MTTR) vulnerabilities while prioritizing security issue management to avoid impacting their workloads. production.

“As AWS Snyk is committed to further assist global organizations to accelerate their digital transformation, fueling innovation in a secure manner,” said Carey Stanton, vice president of Snyk for global business and business development .

“We are proud to be part of the new Amazon Inspector and we pledge to continue to deepen our work with AWS, ensuring that all development teams in the world have the right tools to create software safely” Stanton added.

Image credit: iStockphoto/metamorworks

Gordon K. Morehouse