Snyk and ServiceNow’s strategic partnership shows DevSecOps isn’t a fad

Try all of the on-demand periods from the Clever Safety Summit right here.

Cybersecurity isn’t simply the accountability of the safety staff. To safe fashionable cloud environments and functions, builders and safety groups want to have the ability to collaborate to determine dangers within the software program provide chain and mitigate them as quickly as potential. Enter DevSecOps.

That’s why as we speak, developer safety supplier Snyk introduced that IT operations administration vendor ServiceNow has made a $25 million strategic funding within the group, following a $196.5 million Collection G funding in December 2022.

Snyk additionally introduced the discharge of a brand new integration for ServiceNow’s Vulnerability Response answer with Snyk Open Supply, which is able to allow safety groups and builders to collaborate and handle vulnerabilities found in open-source merchandise and functions. 

The mandate for DevSecOps

This partnership displays a normal pattern of organizations implementing safety earlier within the software program improvement lifecycle to safe the software program provide chain. For example, based on GitLab analysis, over one-third of safety professionals report being “hands-on” and concerned each day with dev and ops in 2022, a rise of 11% from 2021. 

Clever Safety Summit On-Demand
Be taught the vital function of AI & ML in cybersecurity and trade particular case research. Watch on-demand periods as we speak.

Watch Right here

Within the age of cloud adoption, DevSecOps is important for enabling safety groups to successfully handle disparate functions, companies and open-source software program elements as a result of it gives them with direct entry to assist from builders, who can repair code-level vulnerabilities wherever they exist within the atmosphere.   

“In as we speak’s enterprise, new challenges and complexities have emerged as the general assault floor has expanded and the clear delineation of safety obligations has blurred. Lots of as we speak’s cloud safety failures consequence from ineffective cross-team collaboration and staff coaching to handle this transformation and guarantee a tightened safety posture,” stated Peter McKay, CEO of Snyk. 

A part of the problem is that safety groups and builders usually lack the instruments wanted to collaborate successfully. For example, McKay highlights Snyk’s State of Cloud Safety Report, which discovered that 77% of organizations cited ineffective collaboration as a major problem, with completely different groups utilizing disparate instruments or coverage frameworks.

DevSecOps gives a solution to this by giving safety groups entry to builders’ technical experience to allow them to higher perceive the dangers of implementing new software program. 

“Involving builders in safety selections ensures that safety measures are built-in into the event course of relatively than being added as an afterthought. Safety is due to this fact constructed into the system from the beginning relatively than being tacked on later, which could be harder and costly,” McKay stated. 

Snyk’s partnership with ServiceNow may also help to facilitate this communication, offering builders with an answer that mechanically integrates with the software program improvement workflow, alongside software program composition evaluation, which gives a mechanism to judge code dangers and reply to precedence threats.

A quick take a look at Snyk, SonarQube and Veracode

As increasingly organizations look to safe the software program provide chain and improve their information safety posture, researchers count on the worldwide DevSecOps market to extend from a worth of $2.59 billion in 2021 to $23.16 billion by 2029. 

With over 2,500 prospects, together with organizations like Google, Salesforce, MongoDB, New Relic, Asurion and Revolut, Snyk is without doubt one of the greatest suppliers within the house, but it surely’s additionally competing towards some vital distributors. 

Considered one of Snyk’s major rivals is SonarQube, at present valued at $4.7 billion after elevating $412 million as a part of a funding spherical in 2022. The corporate presents a code evaluation answer for checking code for reliability and safety points. SonarQube additionally presents integrations with devops platforms together with GitHub, GitLab, Bitbucket and Jenkins. 

Veracode, which analysts at present worth at $2.5 billion, gives an analogous utility safety testing answer that caters to each builders and safety groups. It’s able to scanning over 100 languages and frameworks, and producing step-by-step remediation steering. 

At this stage available in the market’s improvement, McKay argues that Snyk’s emphasis on developer-centric safety is its key differentiator from these organizations.

“Snyk allows a world the place hundreds of thousands of builders globally constructing our future even have the ability to safe it. That is completed by empowering builders with safety instruments, permitting them to proceed to develop each rapidly and securely throughout the platforms they’re already most comfy with,” McKay stated. 

VentureBeat’s mission is to be a digital city sq. for technical decision-makers to achieve data about transformative enterprise expertise and transact. Uncover our Briefings.