Snyk Security Solution Now Integrated into Google Cloud's Gemini Code Assist

Developers worldwide continue to adopt AI to speed up software delivery. But this speed often impacts security, as developers assume AI-generated code is secure without thoroughly checking for errors or vulnerabilities. 

To address these challenges, Snyk announced today the integration of Synk’s security solution into Gemini Code Assist Tools. Collaborating with Google Cloud is a natural progression from Synk’s groundbreaking plans in April 2024. Snyk, a leading trusted, modern developer-first AI security platform, is now integrated into Gemini Code Assist, a leading software development assistant AI coding tool. This empowers developers to access Snyk’s powerful functionalities with natural language prompts, communicating directly with Snyk’s pioneering industry-leading hybrid AI model through Gemini Code Assist’s chat interface. 

By integrating Snyk into Gemini Code Assist, application security can shift even further left, enabling teams to securely adopt and leverage AI at scale. 

Innovation and comprehensive security with Snyk + Gemini Code Assist

Snyk’s collaboration with Google Cloud bridges the gap between innovation and security, solving many challenges modern AppSec teams face. Snyk’s integration into Gemini Code Assist empowers developers to use AI coding tools without sacrificing speed, productivity, or security while enabling security teams to maintain guardrails that keep businesses safe.     

Consolidated security from within the IDE 

Traditional security solutions require developers to switch between multiple views and contexts, hopping back and forth between an AI coding tool and a code security tool. This constant switching slows down development workflows and productivity, resulting in developers bypassing security protocols or overlooking errors. Modern AI security platforms like Snyk overcome this by running in the developer’s IDE, but now, Snyk has taken this convenience a step further.

With the integration of Snyk into Gemini Code Assist, developers have one view within their IDE, directly integrating security into the modern development process. Access to Snyk’s capabilities within Gemini Code Assist provides Snyk’s renowned speed and accuracy at scale while accommodating business-specific customization and prioritization of security issues across the SDLC. 

This streamlined experience means developers can interact with Gemini Code Assist as they normally would, alongside additional security capabilities. Developers can now ask security questions, analyze their code, and view and easily understand Snyk’s scan results across SAST, SCA, and IaC, all through Gemini Code Assist, in natural language form. Then, without switching context or leaving the IDE, developers can view and auto-remediate their code with the same frictionless, fast, and reliable experience Snyk is known for. 

Enhanced developer experience and visibility 

For AppSec teams, this partnership translates to enhanced developer experience (DevEx) and improved visibility. By embedding security directly into the developer workflow, Snyk and Gemini Code Assist enable long-term, consistent adoption. 

With access to the complete Snyk platform, including Snyk Essentials and Snyk AppRisk, AppSec teams gain full visibility across the SDLC, enabling them to monitor and manage security risks effectively. Meanwhile, developers benefit from a leading, analyst-approved SAST and pioneering AI security agent — DeepCode AI Fix — that automatically scans code to find and fix security issues and vulnerabilities as early as possible. With self-hosted AI models that are customized only for security, Snyk prioritizes data privacy and enhances security while maintaining developer velocity.  

Secure innovation and efficient development 

Ultimately, Snyk’s partnership with Google Clouds empowers businesses to confidently and securely adopt AI while driving innovation and efficient development. 

Combining an AI security assistant with an AI coding tool means developers are more likely to regularly implement application security into their workflows as it takes minimal effort. This reduces the friction between teams, ensuring business can continue to modernize processes and effectively shift left. Businesses leveraging Snyk and Gemini Code Assist can remain competitive and grow while mitigating risk and safeguarding revenues. 

"Today's AI-powered development demands that security be introduced as early as possible and built into the development process. This integration is the next iteration in Snyk's partnership with Google Cloud and underlines our commitment to empower teams to drive sustainable and responsible innovation," said Danny Allen, Chief Technical Officer at Snyk. 

Using Snyk within Gemini Code Assist 

To begin using Snyk with Gemini Code Assist, simply download both the Snyk extension and Gemini extension for VS Code. Developers can continue interacting with Gemini Code Assist as they normally would while having the reassurance that their code is being secured by an analyst-approved AI security assistant trusted by 1 in 3 Fortune 50 companies. Existing Snyk customers will have the added benefit of accessing their security policy configurations and other configurations from their Snyk platform, meaning that they can continue to leverage customized features like ignoring issues at scale.

As a developer, once you open Gemini Code Assist, you can simply prompt Gemini Code Assist for help to secure your code by typing @Snyk to view and run the slash commands you see in the following drop-down menu, e.g. /scan. Best of all, developers can strip out the noise with automatic access to the Snyk AI platform Code’s powerful prioritization features. Simply type @Snyk and prompt Gemini Code Assist to help you prioritize your vulnerabilities in a way that feels natural to you. 

Just remember, to leverage Snyk’s robust AI security for your code, you need to begin your security interaction in Gemini Code Assist with an @Snyk prompt. After you run your first @Snyk command, the Snyk data relating to this command remains in Gemini’s AI context window. This means that Gemini’s AI is able to remember and process the data provided by Snyk in response to your @Snyk query, so you can ask Gemini Code Assist follow-up questions around the same topic without entering @Snyk again after your initial prompt. If you wish to change focus, e.g. move from having scanned only new, uncommitted code changes to scanning your entire code base, then you will need to prompt @Snyk again to obtain fresh security findings.

*Important: If you wish to use DeepCode AI Fix’s auto-remediation in conjunction with Gemini Code Assist, you’ll need to toggle it on in your Snyk settings before using Gemini Code Assist to scan and fix your code:

View image description

Snyk gives you the choice of checking your code in different ways, including scanning the entire code base or scanning new and uncommitted changes made in your current session. 

Upon receiving the prompt to scan your code, Snyk’s engine will run its analysis on it behind the scenes, and Gemini Code Assist will display the Snyk result. Snyk’s result will show you a list of vulnerabilities in your chat window, already prioritized in order of severity, with priority scores for each vulnerability. 

View image description

Clicking on a vulnerability will take you straight to the unsafe code in your IDE. In Snyk’s developer-first workflow, you can view any fix examples and context-specific explanations or automatically fix your code. The familiar lightning-bolt icons will indicate where Snyk Code’s auto-fixer — DeepCode AI Fix — has security-verified automatic fixes available. DeepCode AI Fix empowers you to instantly apply pre-validated fixes — fixes that will not introduce new security issues into your code — with a single click, reducing the average 7-hour remediation time to just 12 seconds.

View image description

Bonus: With this integration, Gemini Code Assist users can benefit from Snyk Code’s powerful prioritization and customization features, including Snyk’s ability to display only new security issues. With this feature, developers can toggle between seeing all issues in the repository or only the issues that would be introduced by the user’s code. 

View image description

Revolutionize your AppSec with Snyk and Gemini Code Assist

The integration of Snyk and Gemini Code Assist launched today, and is enhancing how modern AppSec teams work. Teams no longer have to choose between faster development or robust security, empowering them to maintain a competitive edge, scale efficiently, and securely leverage AI.

For businesses already embracing AI coding assistants, this solution can save time and money by unifying security and development within the IDE to secure AI-generated code. By integrating with  Gemini Code Assist, Synk accelerates innovation while promoting continued growth and success. 

"Embedding security capabilities directly within the developer workflow can contribute to improved efficiency and a greater understanding of potential vulnerabilities,” said Ryan J. Salva, Senior Director of Developer Tools and Operations, Google Cloud. “Snyk's integration into Gemini Code Assist aims to make security insights more seamlessly accessible to developers within their familiar tools."

Getting started takes just a few easy steps.

Download Gemini Code Assist and Snyk today, and begin your modern software development journey with secure AI-generated code.