Today, cloud native security leaders Snyk and Orca Security are announcing a strategic partnership to deliver integrations to their customers to bolster their best-in-class cloud security capabilities. These integrations empower mutual customers with comprehensive visibility, allowing them to trace resources and risks seamlessly between code origins and runtime environments.
Tracing runtime risks to code origins
Orca Security, with its patented SideScanning technology, offers its customers unprecedented visibility into cloud risks, including infrastructure misconfigurations, workload and application vulnerabilities, API exposure, data exposure, and more. Additionally, Orca offers the ability to trace risks from cloud environments to their originating code stored in git repositories. This enables development and security teams to quickly understand the source of vulnerabilities or misconfigurations, promoting effective risk mitigation.
Orca aims to infuse security into organizations’ existing tools and workflows, a departure from conventional approaches, and one signified by Orca’s more than 50 technical integrations.
Orca Cloud Security Platform now seamlessly integrates with Snyk, helping to enhance collaboration between cloud security and application security teams across the entire development and cloud lifecycle. Customers using Orca’s native cloud-to-dev capabilities can now better correlate running containers and their associated risks in Orca directly to the relevant Snyk projects. This means a user can view a container deployed in a runtime environment and trace the risk back to Snyk.
Additionally, users can leverage Orca’s comprehensive container metadata in Snyk, enabling application security teams to prioritize their container image scanning to account for dynamic risk factors.
For cloud security teams, the new bidirectional integration enables users viewing a container in Orca to see its origin Dockerfile, whether it was scanned by Snyk, and any vulnerabilities detected as a result. Users can also click a direct link to open the container’s associated project in Snyk Open Source and continue their analysis of risk and code owners. This gives cloud security teams visibility into the findings and intelligence of application security teams, enabling them to find common ground over risks and priorities, and better coordinate requests made to development teams.
Orca findings also available in Snyk AppRisk
For application security teams, Orca customers using Snyk AppRisk can leverage Orca’s comprehensive container metadata and risk insights for Kubernetes clusters. In Snyk AppRisk, users can see data about all containers in a cluster that are associated with a container image, including their deployment status, exposure, and installed packages.
Updated continually, these enriched insights enable application security teams to better correlate container images to risks detected in runtime, allowing them to more effectively prioritize container image scanning.
How to configure the integration
Configuring Snyk to Orca is a simple process. To sync Snyk data with Orca, users generate a service account and API token in Snyk before creating and configuring an integration template in Orca. To access Orca data in Snyk, users generate a Snyk API Token in Orca, specify the token settings, and use it to complete the integration configuration in Snyk.
About the Orca Cloud Security Platform
Orca offers a unified and comprehensive cloud security platform that identifies, prioritizes, and remediates security risks and compliance issues across AWS, Azure, Google Cloud, Oracle Cloud, Alibaba Cloud, and Kubernetes. The Orca Cloud Security Platform leverages Orca’s patented SideScanning™ technology to provide complete coverage and comprehensive risk detection.
Learn more about the partnership and integration
Interested in discovering the benefits of the Orca Platform and our integration with Snyk? Schedule a personalized 1:1 demo, and we’ll demonstrate how Orca can help you trace cloud runtime risk data to their code origins.
You can also learn more about the partnership and integration by watching an on-demand webinar.