Datadog and Snyk Launch GitHub Integration
December 14, 2020

Datadog announced the Datadog Vulnerability Analysis GitHub Action.

GitHub Actions provide powerful, flexible CI/CD with the ability to automate any software development workflow. The Datadog action continuously monitors dependency and version information of code being deployed. By integrating this data with Datadog’s Continuous Profiler and Snyk’s Vulnerability database, this provides a real-time view of what code is actually accessible and vulnerable in production.

Scanning applications for known vulnerabilities often yields a long list of issues that are difficult to prioritize and subsequently fix. With the data collected by the new action, vulnerability analysis will be performed by the Datadog Continuous Profiler based on Snyk vulnerability metadata. This allows engineering teams to immediately detect when and how often vulnerable methods are invoked in live environments and prioritize their security fixes based on real-world application behavior. The Datadog Vulnerability Analysis GitHub Action can be found and installed directly from the GitHub Marketplace without needing to manage scripts or infrastructure.

“Maintaining strong security posture is critical for modern applications, but with traditional vulnerability analysis it can be difficult to distinguish the signal from the noise,” said Ilan Rabinovitch, VP, Product and Community at Datadog. “Integrating the Continuous Profiler with the vulnerability database highlights meaningful security vulnerabilities, while utilizing the GitHub Action automates this process by bringing security directly into application development.”

“We’re moving towards a world where security, testing, and even responsibility for production operations are shifting left towards the developer,” said Jeremy Epling, VP, Product Management at GitHub. “Partnering with full-stack monitoring leaders like Datadog makes it easy for developers and DevOps teams to incorporate critical operations tooling as part of their everyday work environment, so teams can focus on delivering value, at greater velocity."

“By combining Snyk-enriched vulnerability metadata with the Datadog Continuous Profiler, for the first time developers can precisely pinpoint when an application actually calls vulnerable code, to better prioritize remediation efforts,” said Geva Solomonovich, CTO Global Alliances, Snyk. “Our partnership with Datadog will allow developers to deploy their security resources with greater efficiency.”

Share this

Industry News

January 20, 2021

Hitachi Vantara announced the availability of Hitachi Kubernetes Service, enabling customers to consistently and securely deploy, manage, monitor, and govern Kubernetes clusters across major cloud providers and on premises.

January 20, 2021

Internal announced the launch of an enterprise-ready app development platform for internal tools.

January 20, 2021

StackPulse announced a $20 million Series A led by GGV Capital.

January 19, 2021

GitLab announced GitLab Ultimate for IBM Cloud Paks, which is designed to help streamline team collaboration and increase team productivity with a comprehensive, easy-to-use DevOps platform.

January 19, 2021

Fugue announced new capabilities for bringing public cloud container resources into compliance and ensuring the continuous security of container runtime configurations.

January 19, 2021

Rookout announced new functionality that empowers software developers to debug other people’s code.

January 14, 2021

Oracle is making its popular APEX low-code development platform available as a managed cloud service that developers can use to build data-driven enterprise applications quickly and easily.

January 14, 2021

Parasoft announced its C/C++test update to support IAR Systems' build tools for Linux for Arm.

January 14, 2021

Harness raised $115 million in financing, reaching a valuation of $1.7 billion in just three years after launching from stealth.

January 13, 2021 launched with its cloud-based DevOps automation platform built specifically for software developers.

January 13, 2021

WhiteSource announced new WhiteSource Advise support for JetBrains' PyCharm and WebStorm integrated development environments (IDEs).

January 12, 2021

Red Hat has added new features to Red Hat Runtimes.

January 11, 2021

KubeSphere announced its expanded relationship with AWS to offer KubeSphere as an AWS Quick Start.

January 07, 2021

Red Hat announced its intent to acquire StackRox

January 07, 2021

Cigniti Technologies announced a partnership with Sonatype to help enterprise customers innovate faster and easily mitigate security risk inherent in open source.