ServiceNow to detect open source security vulnerabilities with Snyk integration

ServiceNow Vulnerability Response users will now have access to Snyk Open Source, a software composition analysis (SCA) platform designed to help developers find, prioritize, and fix security vulnerabilities and license issues in open source dependencies. Snyk Open Source is backed by the Israeli-US company’s own security intelligence that relies on a combination of public sources, data from the developer community, proprietary expert research, machine learning, and human-in-the-loop AI. 

ServiceNow Vulnerability Response is part of ServiceNow Security Operations and connects the workflow and automation capabilities of the Now Platform with vulnerability scan data from other vendors which now includes Snyk’s intelligence.

What the ServiceNow-Snyk integration means to users

The integration is designed to enable effective DevSecOps collaboration, which bolsters security posture of enterprises, Snyk Chief Product Officer Manoj Nair said in a statement.

This integration is available to ServiceNow Vulnerability Response customers. It can be accessed by common customers of ServiceNow’s AppVR and Snyk’s Open Source SCA plan who have API entitlements.

Snyk Open Source is designed to prevent developers from having to backtrack their development to detect and secure vulnerabilities. Through advanced software composition analysis tools, it helps with open source security management.

“These tools allow developers to continuously monitor their ongoing projects and identify and fix security vulnerabilities in real time, all while automatically evaluating compliance against regulatory policies,” Nair said. “The automated workflows and actionable advice empower developers to prioritize security from early on, ultimately strengthening the enterprise’s security posture.”

The integration enables security teams to better collaborate with software developers and centrally manage and respond to open source vulnerabilities across applications, Lou Fiorello, VP and GM of security products at ServiceNow, said in a statement.

ServiceNow invests $25 million in Snyk

ServiceNow is also investing $25 million in Snyk as part of a series G funding, taking Snyk’s overall investments to $196.5 million.

Snyk didn’t directly reply to a possible connection regarding the investment and the product integration saying that ServiceNow’s investment in Snyk represents the industry’s shift away from outdated cybersecurity practices as the emphasis on developer-centric security grows rapidly.

“The integration of Snyk into ServiceNow Vulnerability Response is another step toward this growth, making DevSecOps more accessible to enterprises by making it available on one of the most popular IT platforms,” said Nair.

Just around the time of the series G funding, Snyk laid off 14% of its workforce, which saw 198 employees in both Israel and the US leaving the company. As reported by Globes, this took place only months after the company had laid off 30 employees.

In February 2022, Snyk announced the acquisition of cloud security and compliance company Fugue. At the time, Snyk said in a statement that Fugue’s Unified Policy Engine is unique in its ability to connect cloud posture back to configuration code using one set of policies, in order to manage compliance and security throughout the entirety of the software development lifecycle (SDLC).