News

Snyk Announces Partnerships with Docker, IBM Following DeepCode Acquisition

• By John K. Waters
• 10/28/2020

Cloud native application security provider Snyk announced new partnerships with Docker and IBM Cloud, along with updates to its security platform, at SnykCon, the company's first user conference.

Docker has named Snyk its exclusive provider of security insights for Docker Official Images and other future content certification programs. Devs will be able to can scan these images using Snyk's vulnerability risk assessment at each step in the container-based app development and deployment process.

"Developers build from Docker's Official Images because they want the assurance of knowing the images are up-to-date and are well maintained," said Docker CEO Scott Johnston, in a statement. "With Snyk security insights for Docker Official Images, simplified workflows designed for developer-first security is now a foundational part of a developer's toolbox to seamlessly create and ship more applications with confidence."

The IBM partnership will involve the integration of the Snyk Intel vulnerability database with IBM Cloud security capabilities to enhance security for enterprise workloads. The integration of Snyk's comprehensive security coverage with IBM's public cloud security capabilities will help developers automatically find, and fix vulnerabilities in open-source dependencies and containers throughout their entire workflow, IBM said in a statement.

The news of the new partnerships comes hot on the heels of the Snyk's acquisition of DeepCode, a provider of real-time semantic code analysis powered by artificial intelligence (AI). The company plans to integrate the DeepCode AI engine with its security platform, which includes open-source security, container security, and infrastructure as code security, using integrated machine learning (ML)-based intelligence to more identify vulnerabilities.

"Traditional security tools are fatally flawed in today's fast-paced development environment," said Peter McKay, CEO of Snyk, when the acquisition was announced. "They are too slow for developers to use in their daily work, and they result in too many false positives, often leading to wasted time or overlooked threats. DeepCode's AI engine brings a level of speed and accuracy to Snyk's technology platform that will give customers a level of security intelligence they've never had before. Additionally, we now can apply those capabilities to the proprietary code written by developers, extending the Snyk platform's coverage for securing cloud native applications."

The company is already touting a new static application security testing product based on DeepCode's semantic code analysis, which provides security visibility and remediation for cloud-based applications. The solution covers the application code, open source libraries, container infrastructure, and infrastructure as code.

"Core to our focus at DeepCode was creating a sophisticated AI platform that blends advanced machine learning algorithms and semantic analysis which makes scanning of code lightning-fast and incredibly accurate," said Boris Paskalev, CEO of DeepCode, in a statement. "By leveraging Snyk's security expertise and comprehensive vulnerability database to train our engine, our accuracy will become better even faster, and we can reduce false positives to near-zero.  This provides massive productivity benefits for developers and security teams and overall risk reduction."