Open-Source Visibility – Bridging Dev and SecOps

Eliminate blindspots and open-source development risks

Implement security early in your application development

Trend Micro, the leader in cloud security, and Snyk, the leader in developer-first security for open-source, have partnered to help ensure that the software you deploy is protected from exploits in the ever-shifting cyber threat landscape.

Open-source packages are the foundation for application development and accelerate time to market. Security teams need help to identify the impact of open-source code and dependency risk across their organization’s application development environments.

Hackers take advantage of vulnerabilities in open-source packages and dependencies to carry out attacks across multiple organizations that are using the same unsecured source code in their applications. For example, all versions of NodeJS package (1337qq-js) contain malicious code. The package exfiltrates sensitive information through install scripts and targets UNIX systems. While it can be difficult for application developers to keep track of all of the code packages they are using, it becomes an even greater challenge to keep track of package vulnerabilities and patches.

The value of the partnership

Responding to security challenges

We don’t overlook development teams – we help them become security savvy

Bringing security and developer teams together

Imagine cloud builders and cloud security engineers having complete collaboration and coverage from code creation to runtime – across any development environment from the moment open-source code is introduced, without interrupting the software delivery process.

Together with Snyk, we are bringing developer and security operations teams closer with the first ever, purpose-built service for greater focus and collaboration of security across the build and operations life cycle.

Launching in early 2021, this offering will be available in the Trend Micro Cloud One™ platform to help security operations

  • Gain visibility directly from source code management and build pipelines
  • Manage the risk of open-source vulnerabilities
  • Direct and help solve security issues before they become a threat

This expanding partnership complements Trend Micro’s existing offering to help security operations teams with container image and registry security and includes source code vulnerability scanning from Snyk.

Learn what vulnerabilities are currently in your container images

According to Gartner Research

90% of technologists rely on open-source components. 1

Trend Micro’s container security provides best-in-class container image scanning for detecting security concerns, including malware, secrets and keys, compliance violations, and vulnerabilities, from one solution.

Developer teams have vulnerability detection not only of package manager installed apps, but also of direct installed apps as well, with rule feeds from our world-class threat intelligence team.

Open-source software dependencies can lead to vulnerabilities in your code, ultimately exposing software to exploitation that can result in the loss of confidential information. With Synk’s open-source vulnerability database, Trend Micro’s container security shifts security even further left by extending vulnerability detection to include open-source code.

What capabilities are available today?

Trend Micro’s container security offers integration with Snyk and includes both Trend Micro™ Deep Security™ Smart Check – Container Image Security and Trend Micro Cloud One™ – Container Security.

It delivers a complete security approach to build pipeline image and registry protection with malware, vulnerability, content, and compliance scanners. And it scans container images in the software build pipeline, looking for vulnerabilities, malware, secrets and keys, and compliance violations.

Combining our vulnerability intelligence with Snyk’s open-source vulnerability database builds an inventory of the open-source libraries that are in use in a container image, and if a vulnerability is discovered in a package, then the system automatically cross-references it with Snyk’s open-source vulnerability database to see if there is a match.

Trend Micro’s container security notifies DevOps teams and the Snyk Application Security Management enables developers to easily fix their source-code vulnerabilities.

With these sophisticated capabilities, paired with implementing security earlier in the development process, you no longer have to delay the deployment of your containers because of unforeseen threats.

About Snyk

Snyk logo

Snyk is a developer-first security solution that helps you use open-source code and stay secure. Building on its unique vulnerability database, Snyk continuously finds and fixes known vulnerabilities and license violations in open-source dependencies. Snyk integrates into the developer workflow, integrating with source control (e.g. GitHub, BitBucket, GitLab), hooking into your CI/CD pipelines and continuously monitoring platform as a service (PaaS) and serverless apps in production.

300K+ developers are already enjoying Snyk

Partnership Announcement