Snyk enables Bitbucket Cloud users to manage and mitigate their open source risk

By | 6:13 PM Leave a Comment

Snyk announced that Snyk is now integrated into Bitbucket tooling, giving Bitbucket Cloud users rich security insights without having to leave the product.

In addition, and as a further sign of the two companies’ continued commitment to the ongoing partnership, Atlassian has designated Snyk as the company’s featured security partner for its critical Open DevOps initiative.

This newest collaboration will surface Snyk’s developer-first security solution in the Bitbucket Cloud platform for the first time, empowering all Bitbucket Cloud users to now manage and mitigate their open source risk as part of the development process and throughout Bitbucket workflows.

This enables the following:

  • Individual developers: While building their applications on Bitbucket Cloud, these users can seamlessly integrate Snyk’s security insights and automated remediation to more easily find, prioritize and fix vulnerabilities in their open source dependencies and containers.
  • Developer team managers: Team leaders can understand exactly what risk exists within the codebases their teams contribute to daily in order to proactively resolve issues before they are escalated to security teams (with minimal interruption to their efficient, fast workflows).
  • Security analysts: This integration offers security practitioners greater visibility into existing vulnerabilities and license issues to better understand their cloud application risk and identify how to better prioritize fixes.

“Atlassian is deepening our existing partnership with Snyk so our millions of worldwide users can leverage the company’s unparalleled, actionable security intelligence to eliminate risk before production, which is vital to developers to build software securely,” said Suzie Prince, Head of Product, DevOps, Atlassian.

“This new joint development is a crucial part of our overall commitment and ongoing effort to ensure security is front and center and fully embraced by all teams committed to the future of Open DevOps.”

With a shared mission to provide developers with a more integrated, accessible security experience directly within Bitbucket, the new integration provides:

  • Repo scanning during coding, allowing developer teams to prioritize fixes during development (vs. waiting for security to flag urgent issues after shipping to production).
  • Automated pull requests within Bitbucket Cloud to fix vulnerabilities with security analysis for pull requests within Code Insights.
  • Security embedded into continuous integration/continuous delivery (CI/CD) workflows via Bitbucket Pipes.

“Snyk has long admired Atlassian’s focus on the developer experience, which is also fundamental to our company ethos,” said Geva Solomonovich, CTO, Global Alliances, Snyk.

“In a world where developers need to continuously manage and connect multiple tools, making Bitbucket and Snyk now so tightly interoperable is removing a major pain point from the developer’s day-to-day experience.

“Snyk is also honored to be the featured security partner for Atlassian’s important Open DevOps initiative, working in lockstep to help more developers worldwide embrace and evangelize a security mindset.”

Building on the long-standing partnership between the two companies, Snyk is also a Strategic Sponsor for Atlassian Team ’21 alongside AWS and Slack.

Prior to announcement, the Snyk and Atlassian partnership included integrations with Bitbucket Cloud, Bitbucket Pipelines and Jira.


from Help Net Security https://ift.tt/32YwIsD

0 comments:

Post a Comment