Datadog, Inc. (NASDAQ: DDOG), the monitoring and security platform for cloud applications, today announced the Datadog Vulnerability Analysis GitHub Action, Datadog’s first action listed on the GitHub Marketplace. GitHub Actions provide powerful, flexible CI/CD with the ability to automate any software development workflow. The Datadog action continuously monitors dependency and version information of code being deployed. By integrating this data with Datadog’s Continuous Profiler and Snyk’s Vulnerability database, this provides a real-time view of what code is actually accessible and vulnerable in production.
Scanning applications for known vulnerabilities often yields a long list of issues that are difficult to prioritize and subsequently fix. With the data collected by the new action, vulnerability analysis will be performed by the Datadog Continuous Profiler based on Snyk vulnerability metadata. This allows engineering teams to immediately detect when and how often vulnerable methods are invoked in live environments and prioritize their security fixes based on real-world application behavior. The Datadog Vulnerability Analysis GitHub Action can be found and installed directly from the GitHub Marketplace without needing to manage scripts or infrastructure.
“Maintaining strong security posture is critical for modern applications, but with traditional vulnerability analysis it can be difficult to distinguish the signal from the noise,” said Ilan Rabinovitch, Vice President, Product and Community at Datadog. “Integrating the Continuous Profiler with the vulnerability database highlights meaningful security vulnerabilities, while utilizing the GitHub Action automates this process by bringing security directly into application development.”
“We’re moving towards a world where security, testing, and even responsibility for production operations are shifting left towards the developer,” said Jeremy Epling, Vice President, Product Management at GitHub. “Partnering with full-stack monitoring leaders like Datadog makes it easy for developers and DevOps teams to incorporate critical operations tooling as part of their everyday work environment, so teams can focus on delivering value, at greater velocity.”
“By combining Snyk-enriched vulnerability metadata with the Datadog Continuous Profiler, for the first time developers can precisely pinpoint when an application actually calls vulnerable code, to better prioritize remediation efforts,” said Geva Solomonovich, CTO Global Alliances, Snyk. “Our partnership with Datadog will allow developers to deploy their security resources with greater efficiency.”
The Datadog Vulnerability Analysis GitHub Action is now available on the GitHub Marketplace. For more information, please visit: https://www.datadoghq.com/blog/datadog-github-action-vulnerability-analysis/
Datadog is the monitoring and security platform for cloud applications. Our SaaS platform integrates and automates infrastructure monitoring, application performance monitoring and log management to provide unified, real-time observability of our customers’ entire technology stack. Datadog is used by organizations of all sizes and across a wide range of industries to enable digital transformation and cloud migration, drive collaboration among development, operations, security and business teams, accelerate time to market for applications, reduce time to problem resolution, secure applications and infrastructure, understand user behavior and track key business metrics.
This press release may include certain “forward-looking statements” within the meaning of Section 27A of the Securities Act of 1933, as amended, or the Securities Act, and Section 21E of the Securities Exchange Act of 1934, as amended. These forward-looking statements reflect our current views about our plans, intentions, expectations, strategies and prospects, which are based on the information currently available to us and on assumptions we have made. Actual results may differ materially from those described in the forward-looking statements and are subject to a variety of assumptions, uncertainties, risks and factors that are beyond our control, including those risks detailed under the caption “Risk Factors” and elsewhere in our Securities and Exchange Commission filings and reports, including the Quarterly Report on Form 10-Q filed with the Securities and Exchange Commission on November 12, 2020, as well as future filings and reports by us. Except as required by law, we undertake no duty or obligation to update any forward-looking statements contained in this release as a result of new information, future events, changes in expectations or otherwise.