sb-eu logo
Story image

Datadog & Snyk integrate vulnerability management into GitHub

15 Dec 2020

Cloud application and security monitoring firm Datadog, and vulnerability database provider Snyk, have announced an integration with GitHub, which enables developers to utilise Datadog’s CI/CD capabilities within software development workflows.

Datadog Vulnerability Analysis GitHub Action is the first of DataDog’s actions listed on the GitHub marketplace, which can be found and installed directly without the need for script or infrastructure management.

GitHub’s vice president of product management, Jeremy Epling, says that IT is increasingly relying on developers for security, testing, and responsibility for production operations.

“Partnering with full-stack monitoring leaders like Datadog makes it easy for developers and DevOps teams to incorporate critical operations tooling as part of their everyday work environment, so teams can focus on delivering value, at greater velocity."

Datadog explains that often developers scan applications for known vulnerabilities, but issues found can be difficult to priorities and remediate.

The company developed its Continuous Profiler, based on Snyk vulnerability metadata, to enable developers to detect events in which vulnerable methods are used in live environments and to subsequently priorities security fixes.

“Maintaining strong security posture is critical for modern applications, but with traditional vulnerability analysis it can be difficult to distinguish the signal from the noise,” adds Datadog vice president of product and community, Ilan Rabinovitch. 

“Integrating the Continuous Profiler with the vulnerability database highlights meaningful security vulnerabilities while utilising the GitHub Action automates this process by bringing security directly into application development.”

Snyk’s CTO of global alliances Geva Solomonovich adds that the combination of Snyk’s vulnerability metadata and Datadog’s profiling abilities could help developers find exactly when an application calls vulnerable code.

“Our partnership with Datadog will allow developers to deploy their security resources with greater efficiency,” says Solomonovich.

Datadog also recently announced an extension of its partnership with Google Cloud from Europe, the Middle East and Africa, right through to North America.

Datadog’s first European Google Cloud data centre includes new regions, expanding access to Datadog’s monitoring and security platform.

“Organisations need to be able to leverage monitoring data to optimise their applications in the cloud, and we’re pleased to partner with Datadog to help them do so,” says Google Cloud global ecosystem corporate vice president Kevin Ichhpurani.

“Datadog provides important capabilities in performance monitoring across on-premises, hybrid, and public cloud infrastructure. By expanding the availability of these capabilities on Google Cloud, we can jointly help customers optimise their most critical workloads for Google Cloud.”

Story image
Kaspersky discovers COVID-19 research related cyber threats
Kaspersky researchers have identified two APT incidents that targeted entities related to COVID-19 research - a Ministry of Health body and a pharmaceutical company. More
Story image
Red Hat to acquire Kubernetes-native security provider StackRox
Red Hat will further expand its security offering, adding StackRox's complementary capabilities to strengthen integrated security across its open hybrid cloud portfolio.More
Story image
Fortinet promises free cybersecurity training until skills gap trend reverses
"We are committed to continue offering the entire catalogue of self-paced Network Security Expert training at no cost until we see the skills gap trend reverse."More
Story image
A brief history of cyber-threats — from 2000 to 2020
Many significant cybersecurity events have occurred since the year 2000 — not every one of them ‘firsts’, but all of them correlating with a change in security behaviour or protection.More
Story image
Check Point exposes Android malware vendor using dark net to rebrand products
Check Point security researchers have exposed an Android malware vendor using a marketer on the dark net to rebrand its products, with the intention of supercharging business and throwing off security vendors. More
Story image
Entrust acquires HyTrust, with aim to improve data encryption solutions
Entrust says the acquisition will bolster its effort to deliver data protection and compliance solutions to its customers, while accelerating their digital transformations.More