CyberSecurityBoard
Sponsor Register Login

Snyk Acquires Helios

Developer-focused security company Snyk said it has acquired Helios, a startup focused on helping developers troubleshoot applications in runtime and production.
While security testing such as static analysis and software composition analysis are important for identifying vulnerabilities in the application before they reach production, runtime context provides information on how the application is actually behaving in production.
The Snyk-Helios combination will provide security teams with a comprehensive perspective of application risk spanning the entire software development lifecycle, from code to cloud, Manoj Nair, Snyk's chief product officer, wrote in a memo announcing the acquisition.
External configurations in the deployment environment could influence the application's behavior, and Snyk will be able to provide insights into how the application is interacting with the environment.
The combination of the two companies would provide Snyk customers with improved asset discovery, issue identification, and risk prioritization.
Snyk will integrate Helios' end-to-end application discovery service and OpenTelemetry-based run-time data collection tools into its AppRisk service.
AppRisk is designed to help application security teams work together with developers to govern their security program.
With this integration, customers will have security context from all phases of development, from when code is built, compiled, and deployed, Snyk said.
Snyk customers will have access to end-to-end application discovery to gain a holistic visibility of the organization's entire application environment; risk-based prioritization to determine where to focus remediation efforts; and full-stack runtime data collection to provide a comprehensive picture of all applications in runtime.
The runtime data collection techniques will allow Snyk to build a framework for collecting and incorporating runtime data into AppRisk, Nair said.
This marks Snyk's second acquisition in the area of developer-led application security posture management, following its $32.7 million acquisition of Enso Security for $32.7 million back in June.
The Enso Security acquisition added prioritization and remediation capabilities to Snyk's platform.
The entire Helios team is expected to join Snyk's research team.


This Cyber News was published on www.darkreading.com. Publication date: Wed, 17 Jan 2024 01:05:18 +0000


Cyber News related to Snyk Acquires Helios

Snyk Acquires Helios - Developer-focused security company Snyk said it has acquired Helios, a startup focused on helping developers troubleshoot applications in runtime and production. While security testing such as static analysis and software composition analysis are ...
1 year ago Darkreading.com
CVE-2022-22984 - The package snyk before 1.1064.0; the package snyk-mvn-plugin before 2.31.3; the package snyk-gradle-plugin before 3.24.5; the package @snyk/snyk-cocoapods-plugin before 2.5.3; the package snyk-sbt-plugin before 2.16.2; the package snyk-python-plugin ...
1 year ago
CVE-2022-24441 - The package snyk before 1.1064.0 are vulnerable to Code Injection when analyzing a project. An attacker who can convince a user to scan a malicious project can include commands in a build file such as build.gradle or gradle-wrapper.jar, which will be ...
1 year ago
ServiceNow Enhances Open Source Security With Snyk Integration - As open source software is increasingly used in application development, ServiceNow is taking steps to enhance the security of open source applications by integrating the Snyk platform into its IT Service Management system. This integration will ...
2 years ago Csoonline.com
CVE-2023-1767 - The Snyk Advisor website (https://snyk.io/advisor/) was vulnerable to a stored XSS prior to 28th March 2023. A feature of Snyk Advisor is to display the contents of a scanned package's Readme on its package health page. An attacker could create a ...
1 year ago
CVE-2022-40764 - Snyk CLI before 1.996.0 allows arbitrary command execution, affecting Snyk IDE plugins and the snyk npm package. Exploitation could follow from the common practice of viewing untrusted files in the Visual Studio Code editor, for example. The original ...
1 year ago
CVE-2021-23771 - This affects all versions of package notevil; all versions of package argencoders-notevil. It is vulnerable to Sandbox Escape leading to Prototype pollution. The package fails to restrict access to the main context, allowing an attacker to add or ...
2 years ago
CVE-2023-1065 - This vulnerability in the Snyk Kubernetes Monitor can result in irrelevant data being posted to a Snyk Organization, which could in turn obfuscate other, relevant, security issues. It does not expose the user of the integration to any direct security ...
1 year ago
CVE-2024-48964 - The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted Gradle project. The vulnerability can be triggered if Snyk test is run inside the untrusted project due to the improper handling of the current working ...
3 months ago Tenable.com
CVE-2024-48963 - The package Snyk CLI before 1.1294.0 is vulnerable to Code Injection when scanning an untrusted PHP project. The vulnerability can be triggered if Snyk test is run inside the untrusted project due to the improper handling of the current working ...
3 months ago Tenable.com
'Leaky Vessels' Cloud Bugs Allow Container Escapes Globally - One of the vulnerabilities, designated as CVE-2024-21626, impacts runC, the lightweight container runtime for Docker and other container environments. It is the most urgent of the four vulnerabilities, with a severity score of 8.6 out of a possible ...
1 year ago Darkreading.com
Reachability Analysis Pares Down Vulnerability Reports - Because only 10% to 20% of imported code is typically used by a specific application, determining whether the code is reachable by an attacker — and thus likely exploitable — can dramatically reduce the number of vulnerabilities that need to be ...
4 months ago Darkreading.com
CVE-2024-47813 - Wasmtime is an open source runtime for WebAssembly. Under certain concurrent event orderings, a `wasmtime::Engine`'s internal type registry was susceptible to double-unregistration bugs due to a race condition, leading to panics and potentially ...
3 months ago
CVE-2021-23497 - This affects the package @strikeentco/set before 1.0.2. It allows an attacker to cause a denial of service and may lead to remote code execution. **Note:** This vulnerability derives from an incomplete fix in ...
2 years ago
CVE-2021-23470 - This affects the package putil-merge before 3.8.0. The merge() function does not check the values passed into the argument. An attacker can supply a malicious value by adjusting the value to include the constructor property. Note: This vulnerability ...
1 year ago
CVE-2021-23507 - The package object-path-set before 1.0.2 are vulnerable to Prototype Pollution via the setPath method, as it allows an attacker to merge object prototypes into it. *Note:* This vulnerability derives from an incomplete fix in ...
2 years ago
CVE-2021-23760 - The package keyget from 0.0.0 are vulnerable to Prototype Pollution via the methods set, push, and at which could allow an attacker to cause a denial of service and may lead to remote code execution. **Note:** This vulnerability derives from an ...
3 years ago
CVE-2021-23558 - The package bmoor before 0.10.1 are vulnerable to Prototype Pollution due to missing sanitization in set function. **Note:** This vulnerability derives from an incomplete fix in [CVE-2020-7736](https://security.snyk.io/vuln/SNYK-JS-BMOOR-598664) ...
3 years ago
CVE-2021-23518 - The package cached-path-relative before 1.1.0 are vulnerable to Prototype Pollution via the cache variable that is set as {} instead of Object.create(null) in the cachedPathRelative function, which allows access to the parent prototype properties ...
2 years ago
CVE-2021-23574 - All versions of package js-data are vulnerable to Prototype Pollution via the deepFillIn and the set functions. This is an incomplete fix of [CVE-2020-28442](https://snyk.io/vuln/SNYK-JS-JSDATA-1023655). ...
3 years ago
CVE-2020-7652 - All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk's internal network via directory traversal. ...
4 years ago
CVE-2020-7650 - All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk's internal network of any files ending in the following extensions: yaml, yml ...
3 years ago
CVE-2020-7648 - All versions of snyk-broker before 4.72.2 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users who have access to Snyk's internal network by appending the URL with a fragment identifier and a whitelisted path e.g. ...
3 years ago
CVE-2020-7653 - All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk's internal network by creating symlinks to match whitelisted paths. ...
3 years ago
CVE-2020-7651 - All versions of snyk-broker before 4.79.0 are vulnerable to Arbitrary File Read. It allows partial file reads for users who have access to Snyk's internal network via patch history from GitHub Commits API. ...
3 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)