Home Content News ServiceNow Will Use Snyk To Identify Open Source Security Flaws

ServiceNow Will Use Snyk To Identify Open Source Security Flaws


Users of ServiceNow Vulnerability Response now have access to the open source code scanning tool developed by Snyk.

Users of ServiceNow Vulnerability Response now have access to Snyk Open Source, a platform for software composition analysis (SCA) that aims to assist developers in identifying, prioritising, and resolving security flaws and licence problems in open source dependencies. Snyk Open Source is supported by the Israeli-American company’s in-house security intelligence, which incorporates data from the developer community, machine learning, human-in-the-loop AI, and proprietary expert research.

As a component of ServiceNow Security Operations, ServiceNow Vulnerability Response integrates vulnerability scan data from different vendors, including Snyk’s intelligence, with the workflow and automation capabilities of the Now Platform. According to a statement from Snyk Chief Product Officer Manoj Nair, the connection is made to facilitate efficient DevSecOps collaboration, strengthening organisations’ security posture.

Customers of ServiceNow Vulnerability Response have access to this integration. Common users with API privileges of Snyk’s Open Source SCA plan and ServiceNow’s AppVR can access it. With Snyk Open Source, developers won’t have to go back and redo their work to find and fix vulnerabilities. It aids in managing open source security with sophisticated software composition analysis techniques.

According to Lou Fiorello, VP and GM of security products at ServiceNow, the connection enables security teams to work more effectively with software developers and centrally track and address open source vulnerabilities across apps. As part of a series G funding, ServiceNow is also investing $25 million in Snyk, bringing the total amount of investments in Snyk to $196.5 million.

Without explicitly responding, Snyk stated that ServiceNow’s investment in Snyk illustrates the industry’s shift away from antiquated cybersecurity techniques as the emphasis on developer-centric security develops quickly.

Around the time of the series G funding, Snyk laid off 14% of its workforce, which resulted in the departure of 198 employees from the company in both Israel and the US. This happened just a few months after the business let go of 30 employees, according to Globes.

Snyk announced the acquisition of cloud security and compliance firm Fugue in February 2022. In a statement at the time, Snyk claimed that Fugue’s Unified Policy Engine was special in that it could link cloud posture to configuration code using a single set of policies to manage compliance and security throughout the full software development lifecycle (SDLC).



Please enter your comment!
Please enter your name here