Earlier this year, Rapid7 and Snyk partnered together with the goal of securing cloud-native apps across the software development lifecycle (SDLC). As modern development teams continue to adopt new technology that helps them accelerate their efforts, security teams are tasked with making sure they can advance their security strategies in similar ways. This is why the Rapid7 and Snyk partnership is so powerful. It allows security teams to embed security from the farthest “left” of the SDLC to the farthest “right” of the SDLC with a holistic approach to testing and monitoring across the application layer.
How Rapid7 and Snyk work together
When Rapid7 and Snyk announced their partnership earlier this year, it included an integration between tCell by Rapid7, a next-gen cloud WAF and RASP technology, and Snyk’s vulnerability database, Snyk Intel. The integration allows tCell to leverage the same powerful database that thousands of engineers depend on during development, at runtime, encircling applications with continuous security.
So, what’s new?
Almost all applications built in the past 25 years have been built using open source packages, which inevitably can introduce vulnerability risk to an organization. While Rapid7 and Snyk had previously partnered to expand tCell by Rapid7’s Packages and Vulnerability functionality by leveraging Snyk Intel, we have expanded coverage to include functionality for our app-server agents written in Java, Ruby, Python, node.js, .NET, and .NET Core.
How does this work? tCell by Rapid7 inspects packages at the startup of the server. The information that is gathered is sent to the backend cloud service, which has information on the latest packages and their vulnerabilities. tCell can track what packages are being used during runtime. The correlation of this information allows customers to see which third-party packages and versions exist in their applications, which packages are out-of-date, and which packages may be on different versions than others. Additionally, tCell will also leverage the Snyk vulnerability database to see whether any known vulnerabilities exist. Finally, in addition to the overview and detailed remediation information that teams will get, they also can leverage Snyk to remediate these features via their automatically generated pull request functionality.
Check out the video below for more information!