Snyk Service Broker for PCF

Find and Fix Vulnerabilities in Your PCF Applications

Compatible with PAS, PKS

Compatible with PAS
Can be consumed by apps on PAS

Compatible with PKS
Can be consumed by apps on PKS

Compatible with Standalone PKS
Runs on PKS with no dependency on PAS

Use Open source and stay secure with continuous monitoring of PCF applications for known vulnerabilities. Snyk communicates directly with PCF to determine what code is being deployed and what open source dependencies are being used. It then scans them for security vulnerabilities and license issues. More than just notifying developers on these issues, Snyk will provide patches as part of the buildpack to automatically remediate them.

Secure Your Running Applications

Snyk will continuously find and alert you on the latest security vulnerabilities in your running applications using Snyk’s direct communication with PCF.

Verify Every Build

Initiate a scan for new open source vulnerabilities on each build as an integral part of the PCF buildpack. Put a policy in place to fail a deployment in case the build introduces new critical vulnerabilities.

Automate Vulnerability Patching

Allow automatic vulnerability remediation and quick response to new vulnerabilities by having Snyk as part of the PCF buildpack.

Snyk Overview

Snyk helps you use open source code and stay secure. The use of open source is booming, but security is a key concern. Snyk’s unique developer focused product enables users to continuously find & fix vulnerable dependencies without slowing down, with seamless integration into developers’ workflows. With Snyk for Pivotal Cloud Foundry you can:

  • Continuously monitor your application dependencies through Snyk’s direct integration with PCF, allowing an automatic daily scan of the running applications against newly disclosed vulnerabilities. If a critical vulnerability in one of your running applications is disclosed, you’ll be notified on it within hours (regardless of the build process)
  • Fix security risks with automated patches using Snyk’s native integration in the PCF buildpack, patch critical vulnerabilities to keep your running applications in production safe
  • Proactively prevent adding new vulnerable dependencies by having Snyk scan every deploy as part of the PCF buildpack, potentially stopping the pipeline if it adds new critical vulnerabilities
  • Rely on the most comprehensive vulnerability database using Snyk’s industry trusted vulnerability database, which is powering Google Lighthouse, Microsoft Sonar and others, and is maintained by a dedicated security team of cyber experts

More about Snyk




Integration Features

Option to broker a connection to a service running external to Pivotal Cloud Foundry.

Option to create and destroy the service instance on demand as required.

Option for fully automated management of the service on Pivotal Cloud Foundry. Monitoring, failure recovery, and software updates with zero-to-minimal downtime.

Automate periodic backups and allow for restoring from a backup if needed.

Operators can customize service plan definitions to support internal chargeback packages and enforce resource constraints.

Plan migrations. Developers can resize deployments by changing their service plans as needed and resource requirements change.

The service is documented with instructions for setup and operation.

Encryption at rest. Stored data is encrypted.

Encryption in motion. Data transmitted between app and service are encrypted.

Get visibility into details of service operation through standard monitoring and logging tools for products and Pivotal Cloud Foundry.

Quotas. Operators can place limits on service instance counts.

Developers have control over when to upgrade to new versions, subject to policies set by operators, so that app modifications and downtime can be managed.

Available as an extension to the standard buildpacks.

Supports offline use without dependencies on externally running services or licensing validation.

The buildpack is documented with instructions for setup and operation.

“Identify open-source components, as well as known vulnerabilities in those components, and leverage automated remediation, where available, to patch vulnerable components.”

Snyk named cool vendor by Gartner, Cool Vendors in Application and Data Security, 4 May 2018

How it Works

The Snyk Service Broker for PCF enables developers to easily scan and protect their applications from known vulnerabilities.

The Snyk Broker for PCF tile installs the Snyk service broker as an app, registers it as a service broker on Pivotal Cloud Foundry, and exposes its service plans to the marketplace. This allows users to directly create service instances and bind them to their applications either from Pivotal Apps Manager or from the command line.

Once Snyk service is bound to an application, every time “cf push” is performed Snyk will scan the app for known vulnerabilities and would be able to reject the deployment of vulnerable application or container artifacts. In case Snyk monitor flag is enabled, Snyk will continuously monitor your app and alert you on new vulnerabilities. The scan results are available as part of the “cf push” output and in Snyk’s dashboard.

Read the documentation



Contact Us
Thank you for your interest!

We will get back to you shortly.