Hamburger Icon

Introducing StackHawk’s
New Snyk Code Integration


Joni Klippert|April 27, 2022

Exciting news for teams looking to run best-in-class application and API security testing tools in CI/CD.

Today is a big day at StackHawk! We are thrilled to share that our integration with Snyk Code, the leading developer-friendly Static Application Security Testing (SAST) tool, is now live. 

In addition to the integration, StackHawk is also an inaugural member of Snyk’s new Snyk’s Technology Alliance Partner Program (TAPP).

This news all builds upon our partnership with Snyk that we announced in early April of 2022. 

Correlating DAST and SAST To Shorten the Find-Fix Cycle 

StackHawk and Snyk began informally working together in 2021, supporting customers looking for a comprehensive suite of developer-centric application security testing tools. With these customers, the value of combining Snyk’s power to identify vulnerabilities in underlying code with StackHawk’s ability to find vulnerabilities in running applications quickly became obvious.  

And so the StackHawk product team set out to create an integration with StackHawk’s Dynamic Application Security Testing (DAST) tool and Snyk’s Static Application Security Tools (SAST) tool. 

But, we knew that in order to have a real impact, we couldn’t just surface security issues from StackHawk’s DAST tool and Snyk’s SAST tool in a UI and stop there. Legacy vendors have offered this capability for years, and it’s clear that showing two sets of findings in one screen drives minimal value. Teams spend hours comparing findings across the two tools, and are forced to try to manually correlate these issues.

Instead, we needed to create something that harnessed the best parts of both of these tools and correlated the findings from a StackHawk test with the findings from a Snyk test - while keeping the developer at the forefront of product innovation. 

The Magic of DAST + SAST 

We love DAST because it finds the vulnerabilities in your proprietary code that are exploitable by bad actors. This means DAST findings should be teams’ top priority to fix. But, because DAST tests the running app, required fixes can take more effort to fully understand. 

We knew that if we layered SAST’s ability to triangulate vulnerabilities down to the line of code with the benefits of DAST, we could unlock tremendous value. Teams would know where to focus their attention and they would be able to dive right into the code to fix issues rapidly. 

Bringing Our Vision for DAST + SAST to Life

The new integration from StackHawk and Snyk does what no other DAST and SAST partnership has accomplished – application and API security issues are now correlated across the two tools. 

What this means in practice is that when StackHawk’s DAST tool finds an exploitable vulnerability and Snyk’s SAST tool identifies that same issue, the vulnerability request and response information from StackHawk is reconciled with the exact line of code causing the issue from Snyk. 

By doing so, teams get three huge benefits that make application security testing much more efficient: 

  • Prioritization: Findings are validated by two testing methodologies, so teams have less noise in the system and know which findings are most crucial to fix. 

  • Accelerated Fix: By pointing to a specific line of code, developers have all the information needed to fix on their own as part of their usual workflow

  • Streamlined Workflow: Developers can get all the information they need to understand and fix security issues in a single place without context switching or jumping across UIs

Our customer, Jay Maples, the Director of IT Operations at AngelEye Health said it best: 

“Using the new StackHawk and Snyk integration gives our developers the whole picture of what application security issues exist, which issues are most important to fix, and how they can quickly remediate them.“

Try It and Decide For Yourself

If you are interested in trying this integration for yourself, check out our docs which will walk you through deployment and configuration of this new integration or check out our quick demo video 👇

To get scanning, all you need is a StackHawk and Snyk account. Getting started with StackHawk is free

If you aren’t quite ready to deploy on your own but want to learn more, check out our webinar that features StackHawk’s Chief Security Officer, Scott Gerlach, and Snyk’s Tomas Gonzalez. The two of them will walk you through the integration.

Joni Klippert  |  April 27, 2022

Read More

Add AppSec to Your CircleCI Pipeline With the StackHawk Orb

Add AppSec to Your CircleCI Pipeline With the StackHawk Orb

Application Security is Broken. Here is How We Intend to Fix It.

Application Security is Broken. Here is How We Intend to Fix It.

Using StackHawk in GitLab Know Before You Go (Live)

Using StackHawk in GitLab Know Before You Go (Live)