ServiceNow Vulnerability Response users will now have access to Snyk Open Source. This will represent the Israeli-US vendor’s advanced software composition analysis (SCA) backed by Snyk’s security intelligence — a combination of public sources, data from the developer community, proprietary expert research, machine learning, and human-in-the-loop AI.
ServiceNow Vulnerability Response is part of ServiceNow Security Operations and connects the workflow and automation capabilities of the ServiceNow platform with vulnerability scan data from other vendors which now includes Snyk’s intelligence.
Snyk Open Source on the other hand provides a developer-first SCA solution, designed to help developers find, prioritise, and fix security vulnerabilities and license issues in open source dependencies since 2015.
What the ServiceNow/Snyk integration means to users
The integration is designed to enable effective DevSecOps collaboration, which bolsters security posture of enterprises, Snyk Chief Product Officer Manoj Nair said in a statement.
This integration is available to ServiceNow Vulnerability Response customers. It can be accessed by common customers of ServiceNow’s AppVR and Snyk’s Open Source SCA plan who have API entitlements.
Snyk Open Source is designed to prevent developers from having to backtrack their development to detect and secure vulnerabilities. Through advanced software composition analysis tools, it helps with open source security management.
“These tools allow developers to continuously monitor their ongoing projects and identify and fix security vulnerabilities in real time, all while automatically evaluating compliance against regulatory policies,” Nair said. “The automated workflows and actionable advice empower developers to prioritise security from early on, ultimately strengthening the enterprise’s security posture.”
The integration enables security teams to better collaborate with software developers and centrally manage and respond to open source vulnerabilities across applications, Lou Fiorello, VP and GM of security products at ServiceNow, said in a statement.
ServiceNow invests $25 million in Snyk
ServiceNow is also investing $25 million in Snyk as part of a series G funding, taking Synk’s overall investments to $196.5 million.
Snyk didn’t directly reply to a possible connection regarding the investment and the product integration saying that ServiceNow’s investment in Snyk represents the industry’s shift away from outdated cybersecurity practices as the emphasis on developer-centric security grows rapidly.
“The integration of Snyk into ServiceNow Vulnerability Response is another step toward this growth, making DevSecOps more accessible to enterprises by making it available on one of the most popular IT platforms,” said Nair.
Just around the time of the series G funding, Snyk laid off 14 per cent of its workforce, which saw 198 employees in both Israel and the US leaving the company. As reported by Globes, this took place only months after the company had laid off 30 employees.
In February 2022, Snyk announced the acquisition of cloud security and compliance company Fugue. At the time, Snyk said in a statement that Fugue’s Unified Policy Engine is unique in its ability to connect cloud posture back to configuration code using one set of policies, in order to manage compliance and security throughout the entirety of the software development lifecycle (SDLC).