sb-nz logo
Story image

Datadog & Snyk integrate vulnerability management into GitHub

15 Dec 2020

Cloud application and security monitoring firm Datadog, and vulnerability database provider Snyk, have announced an integration with GitHub, which enables developers to utilise Datadog’s CI/CD capabilities within software development workflows.

Datadog Vulnerability Analysis GitHub Action is the first of DataDog’s actions listed on the GitHub marketplace, which can be found and installed directly without the need for script or infrastructure management.

GitHub’s vice president of product management, Jeremy Epling, says that IT is increasingly relying on developers for security, testing, and responsibility for production operations.

“Partnering with full-stack monitoring leaders like Datadog makes it easy for developers and DevOps teams to incorporate critical operations tooling as part of their everyday work environment, so teams can focus on delivering value, at greater velocity."

Datadog explains that often developers scan applications for known vulnerabilities, but issues found can be difficult to priorities and remediate.

The company developed its Continuous Profiler, based on Snyk vulnerability metadata, to enable developers to detect events in which vulnerable methods are used in live environments and to subsequently priorities security fixes.

“Maintaining strong security posture is critical for modern applications, but with traditional vulnerability analysis it can be difficult to distinguish the signal from the noise,” adds Datadog vice president of product and community, Ilan Rabinovitch. 

“Integrating the Continuous Profiler with the vulnerability database highlights meaningful security vulnerabilities while utilising the GitHub Action automates this process by bringing security directly into application development.”

Snyk’s CTO of global alliances Geva Solomonovich adds that the combination of Snyk’s vulnerability metadata and Datadog’s profiling abilities could help developers find exactly when an application calls vulnerable code.

“Our partnership with Datadog will allow developers to deploy their security resources with greater efficiency,” says Solomonovich.

Datadog also recently announced an extension of its partnership with Google Cloud from Europe, the Middle East and Africa, right through to North America.

Datadog’s first European Google Cloud data centre includes new regions, expanding access to Datadog’s monitoring and security platform.

“Organisations need to be able to leverage monitoring data to optimise their applications in the cloud, and we’re pleased to partner with Datadog to help them do so,” says Google Cloud global ecosystem corporate vice president Kevin Ichhpurani.

“Datadog provides important capabilities in performance monitoring across on-premises, hybrid, and public cloud infrastructure. By expanding the availability of these capabilities on Google Cloud, we can jointly help customers optimise their most critical workloads for Google Cloud.”

Story image
New research reveals evolving tactics attackers use to trick victims
"Attackers prefer to use COVID-19 in their less targeted scamming attacks that focus on fake cures and donations."More
Story image
UPDATED: RBNZ ascribes data breach to third-party file sharing service
“The nature and extent of information that has been potentially accessed is still being determined, but it may include some commercially and personally sensitive information,” says RBNZ Governor.More
Story image
Holistic web protection market to reach $3.63bn by 2025
Retail, banking and technology sectors are driving the global holistic web protection market, according to new findings from Frost and Sullivan. More
Story image
Entrust acquires HyTrust, with aim to improve data encryption solutions
Entrust says the acquisition will bolster its effort to deliver data protection and compliance solutions to its customers, while accelerating their digital transformations.More
Story image
Check Point exposes Android malware vendor using dark net to rebrand products
Check Point security researchers have exposed an Android malware vendor using a marketer on the dark net to rebrand its products, with the intention of supercharging business and throwing off security vendors. More
Story image
Hornetsecurity acquires Altaro, the latest in acquisition spree
The move is a culmination of a medley of acquisitions made by Hornetsecurity recently, following the January 2019 acquisition of Spamina, a Spanish cloud email security company, as well as EveryCloud, its British market partner, in early 2020.More