Vulnerability assessment for teams can often be overwhelming. The dependency graph could be thousands of packages depending on the application. Triaging vulnerability data and prioritizing actions has historically been a very manual process, until now. With Datadog and Snyk, learn how to trace security and performance issues by leveraging continuous profiling capabilities for actionable insight that help developers remediate problems.
Join us on Thursday, January 21 for a unique opportunity to learn more about continuous profiling, vulnerability management, and the benefit to customers from using both of these products. In this webinar, you will:
Bust some myths around continuous profiling and learn how Datadog differentiates itself
See decorated traces in action for sample Java applications and understand how Snyk + Datadog reduce time to triage supply chain vulnerabilities
Learn roadmap information for upcoming public announcements from both partners
5. Identify And Prioritize Real-Time Code-Level Security
Fixes
– Datadog GitHub Actions integration tracks dependency and
version information
– Snyk augments this production data with security information
about vulnerable methods
– Available in
Datadog & Snyk free tier
7. What is Profiling?
A form of software analysis that takes place dynamically
– Measures software resource usage
– Focus on performance and code level execution
8. Profiling vs Tracing
Profiling:
● In the runtime itself.
● Performance focus
○ CPU
○ Memory
○ Method Executions
Tracing:
● Instrumented in the code
● Request oriented
○ Databases
○ External APIs
9. Polling Question #1: What language do
you develop in the most?
1. Python
2. Java
3. JavaScript
4. Rust
5. Go
15. Some great attributes of the sidecar pattern
● Datadog manages that container for you
● No credentials for Datadog in the running app container
● Binds to the standard Datadog agent port in the “task”
● Uses standards in the language to instrument
Flight
Recorder
Datadog
Sidecar
DD Agent
Jar
Datadog
17. Snyk Integration
How’s it work?
● Integrated with your CI/CD
● Github Action Available
Builds a dependency graph
● Using Snyk
● Posts that to Datadog with
a service & version via
unified tagging.
http://bit.ly/3qtdJQD
18. Snyk Integration
How’s it work?
● Integrated with your CI/CD
● Github Action Available
Builds a dependency graph
● Using Snyk
● Posts that to Datadog with
a service & version via
unified tagging.
http://bit.ly/3qtdJQD
Commit Action
Dependency
Graph Snyk Cli
Vulnerability
JSON
Ship to
Datadog
23. A developer-first experience for security insights
1
2
3
1 Prioritize
code-reachable code
2 Filter to find them
quickly
3 Prioritize based on
more than a CVSS
24. A developer-first experience for security insights
1 Prioritize
code-reachable code
2 Shows the vulnerable
function
1
2
26. One vulnerability away from being the next Equifax
People had
highly personal
data exposed
Remote code execution
vulnerability was exploited
From disclosure it took for
exploits of the vulnerability to
be seen in the wild
After disclosure that Equifax
was hacked, having failed to
fix the vulnerability
+150M Apache Struts A few hours 2 months
34. Developer-first Security integrated into your
infrastructure monitoring
– DevOps creates the infrastructure and make it easily consumable
– Developers own the code, developers operate the infrastructure
– Shifting-left security and augmenting data with actionable
insights
– Too many trees to see the forest? prioritize security, smartly!
35. Follow-up Resources
– Engineering blogs deep-dives:
– Datadog:
– Continuous Profiler
– How we wrote a python profiler
by Julian Danjou
– Snyk:
– Reachable vulnerabilities: how to effectively prioritze open source security
by Krysztof Huszcza
– Optimizing prioritization with deep application-level context
by Daniel Berman, Michael Komraz
– Open source
– Datadog profiler is open source
– The Snyk CLI open sourced on a GitHub repository
– Sample datadog-snyk integration Java app
– Snyk integration Github Action
36. Follow-up Resources
– Datadog and Snyk GitHub Action
– Getting started with Datadog and Snyk blog post
– Datadog community office hours for any help you need!
https://docs.datadoghq.com/developers/office_hours/