ServiceNow Vulnerability Response users will now have access to Snyk’s product that scans open source code during the development process. Credit: Thinkstock ServiceNow Vulnerability Response users will now have access to Snyk Open Source, a software composition analysis (SCA) platform designed to help developers find, prioritize, and fix security vulnerabilities and license issues in open source dependencies. Snyk Open Source is backed by the Israeli-US company’s own security intelligence that relies on a combination of public sources, data from the developer community, proprietary expert research, machine learning, and human-in-the-loop AI. ServiceNow Vulnerability Response is part of ServiceNow Security Operations and connects the workflow and automation capabilities of the Now Platform with vulnerability scan data from other vendors which now includes Snyk’s intelligence.What the ServiceNow-Snyk integration means to usersThe integration is designed to enable effective DevSecOps collaboration, which bolsters security posture of enterprises, Snyk Chief Product Officer Manoj Nair said in a statement. This integration is available to ServiceNow Vulnerability Response customers. It can be accessed by common customers of ServiceNow’s AppVR and Snyk’s Open Source SCA plan who have API entitlements. Snyk Open Source is designed to prevent developers from having to backtrack their development to detect and secure vulnerabilities. Through advanced software composition analysis tools, it helps with open source security management.“These tools allow developers to continuously monitor their ongoing projects and identify and fix security vulnerabilities in real time, all while automatically evaluating compliance against regulatory policies,” Nair said. “The automated workflows and actionable advice empower developers to prioritize security from early on, ultimately strengthening the enterprise’s security posture.” The integration enables security teams to better collaborate with software developers and centrally manage and respond to open source vulnerabilities across applications, Lou Fiorello, VP and GM of security products at ServiceNow, said in a statement.ServiceNow invests $25 million in SnykServiceNow is also investing $25 million in Snyk as part of a series G funding, taking Snyk’s overall investments to $196.5 million.Snyk didn’t directly reply to a possible connection regarding the investment and the product integration saying that ServiceNow’s investment in Snyk represents the industry’s shift away from outdated cybersecurity practices as the emphasis on developer-centric security grows rapidly. “The integration of Snyk into ServiceNow Vulnerability Response is another step toward this growth, making DevSecOps more accessible to enterprises by making it available on one of the most popular IT platforms,” said Nair.Just around the time of the series G funding, Snyk laid off 14% of its workforce, which saw 198 employees in both Israel and the US leaving the company. As reported by Globes, this took place only months after the company had laid off 30 employees.In February 2022, Snyk announced the acquisition of cloud security and compliance company Fugue. At the time, Snyk said in a statement that Fugue’s Unified Policy Engine is unique in its ability to connect cloud posture back to configuration code using one set of policies, in order to manage compliance and security throughout the entirety of the software development lifecycle (SDLC). Related content feature The biggest data breach fines, penalties, and settlements so far Hacks and data thefts, enabled by weak security, cover-ups or avoidable mistakes have cost these companies a total of nearly $4.4 billion and counting. By Shweta Sharma and Michael Hill Apr 26, 2024 16 mins Data Breach Security news New CISO appointments 2024 Keep up with news of CSO, CISO, and other senior security executive appointments. By CSO Staff Apr 26, 2024 14 mins CSO and CISO IT Jobs IT Governance news Top cybersecurity product news of the week New product and service announcements from Forcepoint, Ionix, Amplifier Secutiry and Torq. By CSO staff Apr 26, 2024 81 mins Generative AI Security feature Looking outside: How to protect against non-Windows network vulnerabilities Security administrators who work in Windows-based environments should heed the lessons inherent in recent vulnerability reports. By Susan Bradley Apr 25, 2024 7 mins Windows Security Network Security Security Practices PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe