Datadog and Snyk unveil GitHub integration to automate software development workflow

Limited Time Offer!

For Less Than the Cost of a Starbucks Coffee, Access All DevOpsSchool Videos on YouTube Unlimitedly.
Master DevOps, SRE, DevSecOps Skills!

Enroll Now

Source:-https://www.helpnetsecurity.com

Datadog announced the Datadog Vulnerability Analysis GitHub Action, Datadog’s first action listed on the GitHub Marketplace. GitHub Actions provide powerful, flexible CI/CD with the ability to automate any software development workflow.
The Datadog action continuously monitors dependency and version information of code being deployed. By integrating this data with Datadog’s Continuous Profiler and Snyk’s Vulnerability database, this provides a real-time view of what code is actually accessible and vulnerable in production.
Scanning applications for known vulnerabilities often yields a long list of issues that are difficult to prioritize and subsequently fix. With the data collected by the new action, vulnerability analysis will be performed by the Datadog Continuous Profiler based on Snyk vulnerability metadata.
This allows engineering teams to immediately detect when and how often vulnerable methods are invoked in live environments and prioritize their security fixes based on real-world application behavior.
The Datadog Vulnerability Analysis GitHub Action can be found and installed directly from the GitHub Marketplace without needing to manage scripts or infrastructure.
“Maintaining strong security posture is critical for modern applications, but with traditional vulnerability analysis it can be difficult to distinguish the signal from the noise,” said Ilan Rabinovitch, Vice President, Product and Community at Datadog.
“Integrating the Continuous Profiler with the vulnerability database highlights meaningful security vulnerabilities, while utilizing the GitHub Action automates this process by bringing security directly into application development.”
“We’re moving towards a world where security, testing, and even responsibility for production operations are shifting left towards the developer,” said Jeremy Epling, Vice President, Product Management at GitHub.
“Partnering with full-stack monitoring leaders like Datadog makes it easy for developers and DevOps teams to incorporate critical operations tooling as part of their everyday work environment, so teams can focus on delivering value, at greater velocity.”
“By combining Snyk-enriched vulnerability metadata with the Datadog Continuous Profiler, for the first time developers can precisely pinpoint when an application actually calls vulnerable code, to better prioritize remediation efforts,” said Geva Solomonovich, CTO Global Alliances, Snyk.
Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x