01/
The Combination of Bright and Snyk Finds Vulnerabilities Faster and Accelerates Remediation
Bright enables organizations to ship secure Applications and APIs at the speed of business by enabling quick and iterative scans to identify true and critical security vulnerabilities without compromising on quality or software delivery speeds.
Bright’s developer-centric DAST scanner empowers AppSec and development teams to shift AppSec testing left and scan for vulnerabilities early on in the SDLC.
02/
Automatically Correlate Vulnerabilities from SAST and DAST
With the combination of Snyk Code and the Bright dev-centric DAST solution, organizations can detect a broader range of security vulnerabilities, covering both code-level and “black box” testing.
Customers benefit from early vulnerability detection, reduction in false-positives with execution testing well before production, and integration into the CI/CD workflow.
03/
How it Works
Snyk Code scans source code
Bright runs tests against running code
Bright shows correlated issues and they are presented to developers for immediate remediation.
| Issue name | CWE | Snyk Unique ID | Bright Unique ID |
|---|---|---|---|
| Cross-site Scripting (XSS) | CWE-79 | ID#b7dae | ID#ID#cHmgT |
| Cross-site Scripting (XSS) | CWE-79 | ID#063a7 | ID#trNW9 |
| Server-Side Request Forgery (SSRF) | CWE-918 | ID#3909e | ID#2CiaW |
| Server-Side Request Forgery (SSRF) | CWE-918 | ID#876d0 | ID#2JEsN |
| Command Iniection | CWE-78 | ID#70163 | ID#gGnbb |
| SOL Iniection | CWE-89 | ID#a06e7 | ID#myayD |
| Cross-site Scripting (XSS) | CWE-79 | ID#5dac6 | ID#n5n5V |
| XML External Entity (XXE) Injection | CWE-611 | ID#ff85e | ID#qQMxU |
| Open Redirect | CWE-601 | ID#63665 | ID#1dD8h |
04/
Why Bright and Snyk are better together
Correlated Findings
Comprehensive Coverage
Early Detection
Continuous Testing
Real-World Simulation
Validation and Reduction of False Positives
Jill Wilkins,
Senior Director Global Alliances, Snyk
