Cybersecurity startup Snyk Ltd. today released a new solution for application security teams that offers a comprehensive application security posture management workbench to govern and scale security programs.

Called Snyk AppRisk, the ASPM solution focuses on minimizing risk from applications by delivering collaboration between developers and security teams to address cybersecurity challenges. The new solution also provides C-suite stakeholders visibility into software supply chain risk posture and their overall AppSec program performance.

Snyk AppRisk seeks to address developer productivity, a top-three priority for security solutions, as detailed in a survey by Snyk earlier this year. Snyk AppRisk enables developers to maximize their time by being able to work effectively with their security counterparts to ensure they focus on the remediation efforts that will have the largest risk reduction impact on the business.

Using AppRisk, Snyk claims, developer and security teams can together define appropriate guardrails to prevent security issues throughout the full software development lifecycle, as well as measure the overall effectiveness of their developer security program. The solution delivers automated application asset discovery, tailored security controls and risk-based prioritization to ensure developer and security teams are collaborating on risk via an advanced evidence graph linking development workflows to the apps deployed in the cloud.

Snyk says the solution complements the breadth and depth of its Developer Security Platform to deliver a developer-first ASPM workbench, equipping global DevSecOps teams to automate application asset discovery, create tailored security controls and leverage risk-based prioritization.

“With the recent explosion of generative AI innovation, the speed of software development has reached new heights, while, at the same time, software supply chains are increasingly more complex as evidenced by the lingering effects of the Log4j vulnerability two years later,” said Chief Product Officer Manoj Nair. “The need for developer and security teams to share application visibility, risk context and intelligent policy guardrails is critical to delivering innovation with trust.”

The reference to Log4j, a critical vulnerability discovered in the Apache Log4j software library in 2021, is intentional, with Snyk noting that it “proved to be a watershed moment for the industry as developer, security and operations teams worldwide raced against the clock to find and fix their vulnerable assets.” The company claims that Snyk AppRisk would have significantly streamlined the stressful and time-consuming Log4j remediation process, sparing many global enterprises time and money.

Nair spoke with theCUBE, SiliconANGLE Media’s livestreaming studio, in July, discussing how Snyk supports developer security with a code-based, artificial intelligence-driven cloud platform.

Image: Snyk