I use Snyk ( /products/snyk-reviews ) in the DevOps pipeline to identify vulnerabilities before deploying the application. It integrates with Jenkins ( /products/jenkins-reviews ).
I lead a code security practice for our organization. We integrated Snyk into our GitHub, using CLI to automatically scan codebases and identify issues. We are a large organization with three independent entities, consolidating Snyk across all entities. We also provide access through numerous CI/CD tools. Our default implementation mechanism is CLI, but we also use the Web UI for a comprehensive view and recommendations.
The main tool today is used to check for security issues in our products. We use it to analyze all the projects, and our security efforts are based partly on this tool.
We are using an enterprise version of Snyk for image scanning. We use Snyk to identify and address vulnerabilities in our open-source dependencies and to scan the Docker images.
We use Snyk for the generation of SBOM for Docker. We use it to check the standards of the CSI benchmark that we have implemented in the containers and the applications by Java Spring Boot.
We use the product mainly for software composition analysis. It is used to identify vulnerabilities in the application plug-ins. If we use Python 3.8, it’ll tell us that the version is outdated and that it has several vulnerabilities. It also helps in threat identification. It also provides infrastructure as code.
Devops & Cloud Architect at Hexaware Technologies Limited
Reseller
Top 5
2023-11-14T09:57:17Z
Nov 14, 2023
The major problem my company found in relation to our customers was in the area of Zip Slip security as they don't have any security tools in place. My company's customers don't have any security tools integrated into the CI/CD pipelines they use in their company. With Snyk, SCA checks code and third-party dependencies upfront.
We use some legacy and some new languages as we are aiming for serverless solutions. We're using serverless as is and with Python. We import it to Snyk to do SAST scanning for every one of our repositories on the Bitbucket pipeline. At least 350 repositories, including libraries and some automation such as robots or scripts. We have a huge background in using this tool.
At a high level, Fugue extends and augments compliant reporting capabilities provided by major cloud suppliers. It enhances the visibility, again, from a compliance standpoint, into cloud-based or multi-cloud-based environments.
We use Fugue to gain better visibility. It enhances the ability of Kubernetes operational management within the Azure platform. We use it to extend, monitor, and operationally manage the capabilities of Kubernetes' workloads.
Snyk's AI Trust Platform empowers developers to innovate securely in AI-driven environments, ensuring rapid and secure software development with enhanced policy governance.Snyk’s platform integrates AI-ready engines across the software development lifecycle, offering broad coverage with high speed and accuracy essential for fast-paced coding environments. AI-driven features include visibility, prioritization, and tailored security policies that enable proactive threat prevention and quick...
I use Snyk ( /products/snyk-reviews ) in the DevOps pipeline to identify vulnerabilities before deploying the application. It integrates with Jenkins ( /products/jenkins-reviews ).
I lead a code security practice for our organization. We integrated Snyk into our GitHub, using CLI to automatically scan codebases and identify issues. We are a large organization with three independent entities, consolidating Snyk across all entities. We also provide access through numerous CI/CD tools. Our default implementation mechanism is CLI, but we also use the Web UI for a comprehensive view and recommendations.
The main tool today is used to check for security issues in our products. We use it to analyze all the projects, and our security efforts are based partly on this tool.
Snyk protects vulnerabilities in the code as usual, detects abnormal data flow inside the field, and similar tasks.
I use the tool in my company to scan open-source projects.
We are using an enterprise version of Snyk for image scanning. We use Snyk to identify and address vulnerabilities in our open-source dependencies and to scan the Docker images.
We use Snyk for the generation of SBOM for Docker. We use it to check the standards of the CSI benchmark that we have implemented in the containers and the applications by Java Spring Boot.
We use the product mainly for software composition analysis. It is used to identify vulnerabilities in the application plug-ins. If we use Python 3.8, it’ll tell us that the version is outdated and that it has several vulnerabilities. It also helps in threat identification. It also provides infrastructure as code.
We use Snyk to check vulnerabilities and rectify potential leaks in GitHub.
The major problem my company found in relation to our customers was in the area of Zip Slip security as they don't have any security tools in place. My company's customers don't have any security tools integrated into the CI/CD pipelines they use in their company. With Snyk, SCA checks code and third-party dependencies upfront.
In my company, Snyk is useful because it provides container security and DAST.
We use some legacy and some new languages as we are aiming for serverless solutions. We're using serverless as is and with Python. We import it to Snyk to do SAST scanning for every one of our repositories on the Bitbucket pipeline. At least 350 repositories, including libraries and some automation such as robots or scripts. We have a huge background in using this tool.
At a high level, Fugue extends and augments compliant reporting capabilities provided by major cloud suppliers. It enhances the visibility, again, from a compliance standpoint, into cloud-based or multi-cloud-based environments.
We use Fugue to gain better visibility. It enhances the ability of Kubernetes operational management within the Azure platform. We use it to extend, monitor, and operationally manage the capabilities of Kubernetes' workloads.