The cloud native security software provider Snyk has released a package for “developer-first” SAST (static application security testing). Snyk Code, released at SnykCon last week, fills many of the gaps in existing SAST solutions for developers’ needs for testing open source code, application code, containers and infrastructure as code, the company claims.

“SAST has kind of become the poster child” of what not to do for security solutions for developers, Guy Podjarny, founder and president at Snyk, said during a SnykCon press and analyst conference. As its name suggest, SAST analyzes existing source code, byte code and binaries for known patterns of vulnerability. Snyk Code offers machine learning (ML)-aided security monitoring and remediation in a way that “rethinks development security,” Podjarny said. It improves shortcomings of existing SAST solutions by improving, among other things, speed and accuracy, he said.

Many of Snyk Code’s capabilities draw from Snyk’s acquisition of DeepCode for AI-code analysis of third-party components. “We’re building on our deep engine and speed of analysis, as well as our existing pipeline of analysis of every library and every version that gets released in the world,” Podjarny said.

The following features Snyk said Snyk Code offers include:

• Developer usability: for scanning source-code as an app is created integrations with git and integrated development environments (IDEs).
• Speed: Snyk Code is up to “50 times” faster than existing SAST solutions as vulnerability scans are initiated as code is created, thus removing a major time hurdle for many developer teams, Snyk said.

#cloud native #machine learning #security #profile