Skip to main content

Snyk achieves AWS Security Competency status

Written by:
wordpress-sync/blog-feature-snyk-aws-purple-wave

November 30, 2021

0 mins read

We are very excited to announce that Snyk has achieved AWS Security Competency status, further validating our commitment to security excellence in partnering with AWS!

Tested and Trusted by AWS

AWS Competency Programs, such as the AWS Security Competency, validate that partners like Snyk have demonstrated technical proficiency and proven customer success in areas like security, DevOps, containers, and several others. To achieve this designation, Snyk underwent a rigorous process of technical and commercial validation related to securing applications across the software development lifecycle (SDLC). This AWS Security Competency validation gives AWS customers a high degree of confidence when choosing security solutions from the tens of thousands available throughout the AWS Partner Network.

The AWS Security Competency designation recognizes Snyk’s deep technical expertise and proven customer satisfaction in securing applications running on AWS and differentiates Snyk as a strategic security partner that provides an agile approach to security — helping enterprises securely adopt, develop, and deploy applications on AWS.

As an Advanced Technology Partner with AWS, and a recipient of several other AWS Competencies and AWS Service Ready validations, Snyk partners closely with AWS to provide seamless integrations into AWS services across the application lifecycle, making it easy for customers to automate security controls across the SDLC when building applications using AWS services.

Modern security risks require modern security solutions

When it comes to cloud native applications, custom code no longer makes up the majority of the SDLC. Instead, development teams rely on open source components, containers, infrastructure as code (IaC), and other technologies more than ever. And if security isn’t implemented throughout the entire SDLC, these additional components will introduce new attack vectors in an application workload.

Customers choose AWS for proven technologies that drive innovation and can scale to meet their business needs, but are still responsible for the security of their applications, encompassing all of these components and more.

wordpress-sync/blog-aws-security-competency-brrr

At Snyk, we like to think of an application like an iceberg — what we see on the surface, such as proprietary code, isn’t the only thing making up our software development lifecycle. There are now a number of additional components that have to be considered and secured throughout the development process.

To secure these components, Snyk works seamlessly with AWS services to provide comprehensive coverage across the cloud native application stack. Our integrations make it easy to identify security issues early in the development process and remediate them at scale.

Snyk’s integrations with AWS services across the SDLC

In this cloud native world, security starts with the developer. That's why Snyk’s mission is to make security easier for development teams. Snyk has built numerous integration points with leading development tools that enable developers to implement security throughout the entire SDLC. Along with IDE plugins, Snyk has coverage for code repositories, CI/CD tools, and several other services across the application lifecycle in order to ensure all security risks are mitigated from the start. Snyk’s developer security platform was built to look and feel like the tools developers are using today, and has been integrated into AWS services to allow AWS users to seamlessly automate security controls throughout the SDLC when building apps on AWS.

wordpress-sync/blog-aws-security-competency-snyk

Snyk for AWS CodeCommit users

AWS CodeCommit is a managed source control service for hosting private Git repositories in the cloud. Snyk’s support for AWS CodeCommit helps developers automatically detect vulnerabilities before new code is merged into the central source code repository. This ensures developers are building secure applications from the start. AWS users can get hands-on experience through a neatly curated workshop.

Snyk for AWS CodeBuild users

AWS CodeBuild is a fully managed continuous integration service for more easily building and testing code. Snyk’s support for AWS CodeBuild enables development teams to automate vulnerability scanning during the build process. This allows developers to remediate vulnerabilities before the applications get deployed.

Snyk for AWS CodePipeline users

AWS CodePipeline is an automated continuous delivery service for all phases of the development process. Snyk has a native integration with AWS CodePipeline so that developers can conduct vulnerability scans without leaving the AWS console. This enables development teams to make security an automated part of their build, test, and deploy phases without having to leave the AWS console.

Snyk for AWS Lambda and AWS Fargate users

AWS Lambda is a serverless compute service for running code without worrying about provisioning or managing cloud resources. Similarly, AWS Fargate is a serverless compute service specifically for containers. Snyk’s support with these AWS services streamlines vulnerability management for the open source code that any serverless deployments may rely on.

Snyk for Amazon ECR users

Amazon ECR is a managed container registry for storing, sharing, and deploying container images. Snyk’s integration with Amazon ECR enables development teams to monitor containers stored on the managed registry for potential vulnerabilities. This provides centralized control over container security by ensuring development teams have a trusted source of container images to use within their applications.

Snyk for Amazon EKS users

Amazon EKS is a managed container service for running and scaling Kubernetes applications in the cloud or on-premises. The Snyk controller for EKS enables teams to identify vulnerabilities within container images and configuration files. This ensures EKS workloads are being monitored for security issues as new images are deployed or Kubernetes configurations change.

Snyk for AWS CloudFormation users

AWS CloudFormation is an IaC service for provisioning and managing AWS and third-party cloud resources. Snyk’s integration with AWS CloudFormation detects misconfigurations within YAML and JSON template files based on a set of AWS security rules. This enables organizations to shift security left — i.e., earlier in the application delivery process — for AWS CloudFormation deployments.

Snyk has also recently published an officially supported extension in the AWS CloudFormation Registry. The AWS CloudFormation Registry lets you manage the extensions that are available for use in your CloudFormation account. Public third-party extensions, like Snyk Container, are made available in the registry for use by all CloudFormation users alongside those published by Amazon

Snyk for AWS Control Tower

AWS Control Tower provides customers with governance at scale by providing security across multi-account environments. Snyk is now available as a solution for AWS Control Tower. Customers can learn more by reading our implementation guide.

Snyk for AWS Service Catalog

AWS Service Catalog provides customers with an approved, curated catalog of solutions their organization has approved to deploy on AWS. Today, Snyk solutions are available in the AWS Service Catalog allowing customers to scan and fix container images in Amazon ECR, Kubernetes workloads running on Amazon EKS, and serverless functions on AWS Lambda — with several more solutions to be included throughout 2022.

Snyk Security Intelligence within Amazon Inspector

Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. Once enabled, Amazon Inspector continuously and automatically discovers all running Amazon EC2 instances as well as container images residing in the Amazon ECR, and then generates security findings that can be pushed to AWS Security Hub and Amazon EventBridge, allowing customers to further automate remediation workflows.

Snyk Security Intelligence is now the primary source of vulnerability intelligence for this new Amazon Inspector service, helping developers and security teams improve the accuracy of transient dependency vulnerabilities by enriching Inspector findings and helping practitioners prioritize the management of security issues to avoid impacting their production workloads. From the Amazon Inspector UI, users can easily click through to the corresponding Snyk vulnerability page to find out more about the issue, speeding up their mean-time-to-remediate (MTTR).

Deploying Snyk on AWS through automated reference deployments

Since modern cloud native applications consist of so many different components and services, it’s crucial to implement automated security throughout the entire SDLC. As a result, Snyk has built automated reference deployments that help developers and DevOps teams deploy Snyk products according to AWS best practices, reducing lengthy manual procedures to just a few steps.

One example is the Snyk Security Quick Start, which helps you deploy Snyk to securely build, deploy, and maintain serverless applications or container images that use AWS Lambda or Amazon ECR.

You can also use the Snyk Controller Quick Start to manage security risks on Amazon EKS. Snyk Controller for Amazon EKS lets you import and test your running EKS workloads to identify vulnerabilities in associated images and configurations that might make workloads less secure. As new images are deployed and workload configurations change, Snyk continually monitors workloads to identify security issues.

Be sure to visit Amazon’s Quick Start catalog to see more of Snyk’s deployment templates!

Innovate securely with Snyk and AWS

Snyk was purpose-built to help organizations around the world accelerate their digital transformation, securely fueling innovation through cloud native workflows. This AWS Security Competency underscores the value of Snyk’s strategic partnership with AWS, and is just one of many validations we’ve been able to achieve to prove our close technical relationship with the world’s leading cloud provider.

As an Advanced Technology Partner within AWS' Partner Network (APN), Snyk has also been technically validated to earn an AWS DevOps Competency and two "Service Ready" designations for AWS Lambda and Amazon Linux 2.

Snyk is also a Private Offer-enabled seller in the AWS Marketplace, and allows customers to use their existing billing mechanisms with AWS to purchase our software while also burning down their committed spend with AWS, sometimes called their Enterprise Discount Program (EDP) budget.

To learn more about how to build applications securely across your AWS application stack, visit our AWS partner page or sign up for a free Snyk account!