Amazon relaunched its Amazon Inspector late last year. Under the hood, the service includes several features security teams asked for. But more importantly, it also adds Snyk Security Intelligence through an ongoing partnership.
Amazon Inspector is an automated security assessment service that automatically discovers all running Amazon Elastic Compute Cloud (Amazon EC2) instances and container images residing in the Amazon Elastic Container Registry (Amazon ECR). It also continuously assesses for software vulnerabilities and unintended network accessibility due to misconfigurations of application workloads running on AWS.
Snyk Security Intelligence identifies vulnerable functions and known exploit maturity, with a Common Vulnerability Scoring System (CVSS) score and vector assigned to 100% of vulnerabilities. Snyk’s proprietary research, combined with community-powered databases, such as rubysec, friends of php, rustsec, and various others, allows Snyk to discover and disclose new vulnerabilities in the open source ecosystem.
The integration with Amazon Inspector allows developers and security teams on AWS to access vulnerability intelligence information via the Amazon Inspector user interface. This team-up offers numerous benefits.
For example, both teams on AWS can enable and consolidate Amazon EC2 and container vulnerability management with a few clicks. This helps to improve the accuracy of identifying transient dependency vulnerabilities.
“We didn’t trust the security coverage (provided by other evaluated solutions) was comprehensive enough, which later compared to Snyk was indeed clear,” said Leif Dreizler, security engineering manager at Segment. “When the eslint-scope vulnerability came out, it was easy to find which repositories were vulnerable, allowing us to upgrade or remove the dependency.”
Developers and security teams can also optimize their remediation efforts by keeping false-positive rates low using Snyk Security Intelligence. In addition, they can leverage Snyk’s hand-curated data to reduce mean time to resolve (MTTR) vulnerabilities while prioritizing the management of security issues to avoid impacting their production workloads.
“Like AWS, Snyk is committed to helping more global organizations to accelerate their digital transformation, fueling innovation in a secure way,” said Carey Stanton, Snyk’s vice president for global business and corporate development.
“We’re proud to be part of the new Amazon Inspector and are committed to continuing to deepen our work with AWS, ensuring that all development teams worldwide have the right tools to build software securely,” Stanton added.