Solutions Hub
Snyk Service Broker for VMware Tanzu

Find and Fix Vulnerabilities in Your Applications

Compatible with TAS, TKGI

Compatible with TAS
Can be consumed by apps on TAS

Compatible with TKGI
Can be consumed by apps on TKGI

Compatible with Standalone TKGI
Runs on TKGI with no dependency on TAS

Use Open source and stay secure with continuous monitoring of VMware Tanzu applications for known vulnerabilities. Snyk communicates directly with Tanzu Application Service (TAS) to determine what code is being deployed and what open source dependencies are being used. It then scans them for security vulnerabilities and license issues. More than just notifying developers on these issues, Snyk will provide patches as part of the buildpack to automatically remediate them.

Secure Your Running Applications

Snyk will continuously find and alert you on the latest security vulnerabilities in your running applications using Snyk’s direct communication with Tanzu.

Verify Every Build

Initiate a scan for new open source vulnerabilities on each build as an integral part of the Tanzu buildpack. Put a policy in place to fail a deployment in case the build introduces new critical vulnerabilities.

Automate Vulnerability Patching

Allow automatic vulnerability remediation and quick response to new vulnerabilities by having Snyk as part of the Tanzu buildpack.

Snyk 개요

Snyk helps you use open source code and stay secure. The use of open source is booming, but security is a key concern. Snyk’s unique developer focused product enables users to continuously find & fix vulnerable dependencies without slowing down, with seamless integration into developers’ workflows. With Snyk for Tanzu you can:

  • Continuously monitor your application dependencies through Snyk’s direct integration with Tanzu, allowing an automatic daily scan of the running applications against newly disclosed vulnerabilities. If a critical vulnerability in one of your running applications is disclosed, you’ll be notified on it within hours (regardless of the build process)
  • Fix security risks with automated patches using Snyk’s native integration in the Tanzu buildpack, patch critical vulnerabilities to keep your running applications in production safe
  • Proactively prevent adding new vulnerable dependencies by having Snyk scan every deploy as part of the Tanzu buildpack, potentially stopping the pipeline if it adds new critical vulnerabilities
  • Rely on the most comprehensive vulnerability database using Snyk’s industry trusted vulnerability database, which is powering Google Lighthouse, Microsoft Sonar and others, and is maintained by a dedicated security team of cyber experts

More about Snyk

“Identify open-source components, as well as known vulnerabilities in those components, and leverage automated remediation, where available, to patch vulnerable components.”

Snyk named cool vendor by Gartner, Cool Vendors in Application and Data Security, 4 May 2018

운영 방식

The Snyk Service Broker for Tanzu Application Service (TAS) enables developers to easily scan and protect their applications from known vulnerabilities.

The Snyk Broker for TAS tile installs the Snyk service broker as an app, registers it as a service broker on TAS, and exposes its service plans to the marketplace. This allows users to directly create service instances and bind them to their applications either from Apps Manager or from the command line.

Once Snyk service is bound to an application, every time “cf push” is performed Snyk will scan the app for known vulnerabilities and would be able to reject the deployment of vulnerable application or container artifacts. In case Snyk monitor flag is enabled, Snyk will continuously monitor your app and alert you on new vulnerabilities. The scan results are available as part of the “cf push” output and in Snyk’s dashboard.

Read the documentation



Let’s talk.

Contact us about Snyk Service Broker for VMware Tanzu.

관심을 가져 주셔서 감사합니다.

빠른 시일 내에 연락을 드리겠습니다.

관심을 가져 주셔서 감사합니다.

빠른 시일 내에 연락을 드리겠습니다.