Datadog & Snyk integrate vulnerability management into GitHub

Source:-https://securitybrief.eu

Cloud application and security monitoring firm Datadog, and vulnerability database provider Snyk, have announced an integration with GitHub, which enables developers to utilise Datadog’s CI/CD capabilities within software development workflows.

Datadog Vulnerability Analysis GitHub Action is the first of DataDog’s actions listed on the GitHub marketplace, which can be found and installed directly without the need for script or infrastructure management.

GitHub’s vice president of product management, Jeremy Epling, says that IT is increasingly relying on developers for security, testing, and responsibility for production operations.

“Partnering with full-stack monitoring leaders like Datadog makes it easy for developers and DevOps teams to incorporate critical operations tooling as part of their everyday work environment, so teams can focus on delivering value, at greater velocity.”

Datadog explains that often developers scan applications for known vulnerabilities, but issues found can be difficult to priorities and remediate.

The company developed its Continuous Profiler, based on Snyk vulnerability metadata, to enable developers to detect events in which vulnerable methods are used in live environments and to subsequently priorities security fixes.

“Maintaining strong security posture is critical for modern applications, but with traditional vulnerability analysis it can be difficult to distinguish the signal from the noise,” adds Datadog vice president of product and community, Ilan Rabinovitch.

“Integrating the Continuous Profiler with the vulnerability database highlights meaningful security vulnerabilities while utilising the GitHub Action automates this process by bringing security directly into application development.”

Snyk’s CTO of global alliances Geva Solomonovich adds that the combination of Snyk’s vulnerability metadata and Datadog’s profiling abilities could help developers find exactly when an application calls vulnerable code.

“Our partnership with Datadog will allow developers to deploy their security resources with greater efficiency,” says Solomonovich.

Datadog also recently announced an extension of its partnership with Google Cloud from Europe, the Middle East and Africa, right through to North America.

Datadog’s first European Google Cloud data centre includes new regions, expanding access to Datadog’s monitoring and security platform.

“Organisations need to be able to leverage monitoring data to optimise their applications in the cloud, and we’re pleased to partner with Datadog to help them do so,” says Google Cloud global ecosystem corporate vice president Kevin Ichhpurani.

“Datadog provides important capabilities in performance monitoring across on-premises, hybrid, and public cloud infrastructure. By expanding the availability of these capabilities on Google Cloud, we can jointly help customers optimise their most critical workloads for Google Cloud.”