The cloud native security software provider Snyk has released a package for “developer-first” SAST (static application security testing). Snyk Code, released at SnykCon last week, fills many of the gaps in existing SAST solutions for developers’ needs for testing open source code, application code, containers and infrastructure as code, the company claims.
“SAST has kind of become the poster child” of what not to do for security solutions for developers, Guy Podjarny, founder and president at Snyk, said during a SnykCon press and analyst conference. As its name suggest, SAST analyzes existing source code, byte code and binaries for known patterns of vulnerability. Snyk Code offers machine learning (ML)-aided security monitoring and remediation in a way that “rethinks development security,” Podjarny said. It improves shortcomings of existing SAST solutions by improving, among other things, speed and accuracy, he said.
Many of Snyk Code’s capabilities draw from Snyk’s acquisition of DeepCode for AI-code analysis of third-party components. “We’re building on our deep engine and speed of analysis, as well as our existing pipeline of analysis of every library and every version that gets released in the world,” Podjarny said.
The following features Snyk said Snyk Code offers include:
#cloud native #machine learning #security #profile