Looking at the Snyk integration with Red Hat CodeReady Dependency Analytics

This new article, published on Red Hat Developer, looks at how the newest release of CodeReady Dependency Analytics helps you detect, identify, and fix security vulnerabilities in your code through the Snyk integration. Red Hat CodeReady Dependency Analytics is a hosted service on OpenShift that provides vulnerability and compliance analysis for your applications, directly from your IDE.

The Snyk Intel proprietary vulnerability database enriches CodeReady’s security data, adding security, license compatibility, and AI-based guidance to help developers choose appropriate dependencies for applications. The CodeReady Dependency Analytics is available as an IDE plugin for Visual Studio Code (VS Code), Eclipse Che, Red Hat CodeReady Workspaces, and IntelliJ-based IDEs.

In the article, Darshan Vandra, Associate Software Engineer, Red Hat, and Parag Dave, Senior Product Manager, Red Hat, walk us through Snyk’s vulnerability detection and fast identification and advanced capabilities for analysis and triage.

Powered by Snyk Intel data, the CodeReady Dependency Analytics extension enables users of supported IDEs (VScode, IntelliJ, and more) to view Snyk vulnerabilities as they code, including Snyk premium vulnerabilities and detailed security advisories.

Snyk Intel is the most advanced and accurate open source vulnerability database in the industry. Continuously curated by an experienced Security Research Team and enriched with machine learning, the Snyk Intel Vulnerability Database maintains its high standards which enable your teams to be optimally efficient at containing open source security issues while maintaining their focus on development.

In addition to Red Hat, Docker, Google Chrome Lighthouse, the Linux Foundation, NodeSource’s N|Solid, Rapid7, Tenable, and Trend Micro embed Snyk Intel into their products to identify critical vulnerabilities in open source dependencies and container images.

Additional resources to help you get started with Snyk in OpenShift!

• New Snyk & Red Hat workshop materials with exercises to walk you through how to integrate Snyk into your Red Hat workflows.

• If you don’t already have a Snyk account, it’s free to sign up and use Snyk to scan both container images and open source dependencies.

• Find more information on how Snyk and Red Hat partner to empower developers to secure OpenShift applications here.

• Want to see a demo or ask questions? We’d love to hear from you.