Snyk, a leader in developer security, announced that AWS has integrated Snyk Security Intelligence into a new, significantly enhanced Amazon Inspector, empowering both developer and security teams with trusted data and actionable insights to better help them build secure software.
Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on Amazon Web Services (AWS). Once enabled, Amazon Inspector automatically discovers all running Amazon Elastic Compute Cloud (Amazon EC2) instances as well as container images residing in the Amazon Elastic Container Registry (Amazon ECR), and continuously assesses for software vulnerabilities and unintended network accessibility due to misconfigurations of application workloads running on AWS. Amazon Inspector generates security findings that are aggregated in an improved Amazon Inspector console as well as pushed to AWS Security Hub and Amazon EventBridge, allowing customers to further automate remediation workflows.
Snyk Security Intelligence is an important source of vulnerability intelligence for the new Amazon Inspector, helping developer and security teams improve the accuracy of transient dependency vulnerabilities by enriching Inspector findings, and helping practitioners prioritize the management of security issues to avoid impacting their production workloads. From the Amazon Inspector user interface (UI), users can easily click through to the corresponding Snyk vulnerability page to find out more about the software vulnerabilities identified by the service.
Maintained with hand-curated content and enriched meta-data, Snyk Security Intelligence identifies vulnerable functions as well as known exploit maturity, with a Common Vulnerability Scoring System (CVSS) score and vector assigned to 100% of vulnerabilities. Snyk’s proprietary research, combined with community-powered databases, such as rubysec, friends of php, rustsec, and various others, allows Snyk to discover and disclose new vulnerabilities in the open source ecosystem in a timely and accurate manner, and helps users prioritize vulnerability remediation based on accurate data and a low false-positives ratio
“Like AWS, Snyk is committed to helping more global organizations to accelerate their digital transformation, fueling innovation in a secure way,” said Carey Stanton, Vice President, Global Business and Corporate Development at Snyk. “