Cloud Security

Snyk cloud platform extends support for SBOMs

A visitor tries out a tablet computer next to a cloud computing and technology symbol at a technology trade fair.

In announcing the general availability last month of its cloud security platform, Snyk Cloud, extended support for a software bill of materials (SBOM), as well as new reporting and self-service features.

First announced in July 2022 with limited availability, Snyk Cloud is supposed to help developers apply the same security rules to infrastructure as code (IaC) files and runtime cloud resources. Snyk Cloud promises to let developers scan the code, containers, and third-party dependencies as well.

Bud Broomhead, chief executive officer at Viakoo, said it all comes down to the compromises usually made between time-to-market and safety. Broomhead said by implementing SBOM vulnerability analysis into a cloud-based development platform, Snyk lets development teams produce secure solutions much faster. 

“Threat actors have been focused on exploiting open source vulnerabilities in part because finding and remediating those vulnerabilities is complex and time consuming,” said Broomhead. “By automating SBOM analysis, threat assessment, and remediation into a fully cloud-based flow Snyk helps development teams achieve all the benefits of cloud-based development without the painful ‘cost’ of missing vulnerabilities within their code.”

Frank Dickson, who covers security and trust at IDC, said that while shifting left can rule out most vulnerabilities, misconfigurations still exist and will continue until humans are removed from the equation. Dickson said Snyk recognized that developers' scope and responsibility have expanded well after the code has been deployed.

Toward that end, acquisitions made within the past 18 months include CloudSkiff, FossID, Manifold, and DeepCode. In February 2022, Snyk addressed this by acquiring Fugue, a cloud security and compliance company, improving its capabilities in detecting and remediating misconfigurations.

“Snyk's distinctive competency is addressing vulnerabilities in code inclusive of open source dependencies,” Dickson added.

Editor's Note: This story was updated to reflect that Snyk Cloud was generally available at the beginning of November 2022 where it was announced at SnykLaunch 2022.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.