Tom Preston-Werner

Snyk for Serverless and PaaS — Monitor AWS Lambda and Heroku apps for known vulnerabilities

Featured
3

Add a comment

Replies
Best
Guy Podjarny
We're extremely excited with this new product. Serverless and PaaS help us develop faster than ever before, as the platform handles managing and securing the underlying infrastructure. What they don't do, however, is secure the apps themselves, and the open source packages bundled into them. These packages make up the majority of the code deployed, and – like all code – often carry vulnerabilities. Today, these packages are in our blind spot, as we lack tools to track what we deployed and what risk they present. These app dependencies grow stale and known vulnerabilities in them are not fixed, opening an easy way in for attackers. Snyk for Serverless makes it trivial to fix this situation. We integrate directly into the cloud platform, starting with AWS Lambda and Salesforce's Heroku, with many more to come. In each platform, we can automatically identify which apps and functions exist, identify which dependencies they use, and alert on vulnerabilities they may hold. You can use Snyk for Source Code to easily fix the issues you found. Lastly, once connected we monitor these apps continuously, and will alert you on new vulnerabilities the are found in the packages you use. This way, you can get back to focusing on development, knowing we have your back. This is a brand new category of products, monitoring apps without servers for security issues, and we're excited to lead it as it grows!
Guy Podjarny
@imaaronupright thanks! ZeHub is plenty awesome too ;)