Get full access to this Security Portal
  • Review all security details
  • Unlock documents
  • Reclaim access anytime
Had access before? Reclaim access

Overview

As a provider of secure development tools, Snyk’s priority is to maintain a safe and secure environment for its service provision.

To ensure the highest level of security, Snyk is continually investing in our overall information security program, resources and expertise.

As a service provider, we understand the importance in providing clear information about our security practises, tools, resources and responsibilities within Snyk so that our customers can feel confident in choosing us as a trusted service provider.

Compliance

CCPA Logo
CCPA
GDPR Logo
GDPR
ISO 27001 Logo
ISO 27001
ISO 27001 SoA Logo
ISO 27001 SoA
ISO 27017 Logo
ISO 27017
PCI DSS Logo
PCI DSS
SOC 2 Logo
SOC 2
Get full access to this Security Portal
  • Review all security details
  • Unlock documents
  • Reclaim access anytime
Had access before? Reclaim access

Documents

30 Documents
Network Diagram
Other Reports
PCI DSS
Pentest Report
Security Whitepaper
SOC 2 Report
Vulnerability Assessment Report
ISO 27001
ISO 27001 SoA
ISO 27017
CAIQ
SIG Lite
Cyber Insurance
Information Security Policy

Risk Profile

Data Access LevelInternal
Impact LevelModerate
Recovery Time Objective< 24 Hours
See more

Product Security

Role-Based Access Control
Audit Logging
Data Security
See more

Reports

Network Diagram
Other Reports
PCI DSS
See more

Data Security

Access Monitoring
Backups Enabled
Data Erasure
See more

App Security

Bug Bounty
Code Analysis
Software Development Lifecycle
See more

Access Control

Data Access
Logging
Password Security

Infrastructure

Anti-DDoS
Amazon Web Services
BC/DR
See more

Endpoint Security

Disk Encryption
DNS Filtering
Endpoint Detection & Response
See more

Network Security

Firewall
IDS/IPS
Security Information and Event Management
See more

Corporate Security

Email Protection
Employee Training
Incident Response
See more

Policies

Information Security Policy

Security Grades

Qualys SSL Labs
snyk.io
A+
app.synk.io
A+

Trust Center Updates

Snyk Update on SpringShell Vulnerability

Published at 03/31/2022, 8:19 PM

Further to the recent CVE-2022-22965 - “SpringShell” RCE vulnerability in spring-beans before 5.2.20/5.3.18, Snyk can confirm we have carried out intensive investigations and can confirm that we have seen no evidence that Snyk customers or internal employees have been targeted or impacted by this vulnerability.
Snyk will continue to monitor the situation closely and will provide updates where we have them available to us.
Snyk values the security of its services extremely highly and to this end we maintain appropriate industry accepted third party accreditation of our security controls and program.
Sincerely,
Erica Geil
Chief Information Officer.

Snyk Update on Okta

Published at 03/22/2022, 3:23 PM

To whom it may concern,

Snyk has been made aware of the potential Okta security breach discovered and is actively assessing the situation as events unfold.

At the time of writing we have seen no evidence that Snyk customers or internal employees have been targeted or impacted by these events. However, we are monitoring the situation closely and will provide updates where we have them available to us.

Snyk values the security of its services extremely highly and to this end we maintain appropriate industry accepted third party accreditation of our security controls and program.

Sincerely,

Erica Geil.

Chief Information Officer.

An update from Snyk on the Russia/Ukraine Conflict

Published at 03/17/2022, 2:40 PM

Further to the current Russia and Ukraine conflict and its disturbance to the people and business within that region, Snyk has carried out an investigation into the potential impact on provided services.

At this time, Snyk has determined that there appears to be no material impacts to our services including our supporting suppliers. Snyk will continue to monitor the situation to ensure that the appropriate risk management, cybersecurity monitoring and preparedness, and supply chain impact are assessed.

Should such a potential or actual service impact occur, notification will be provided to any identified impacted customers through the standard notification channel https://status.snyk.io

Please also see our latest blog confirming Snyk's cease of trading with Russia and Belarus. https://snyk.io/blog/snyk-ceases-business-russia-belarus/

Log4j Vulnerability

Published at 01/04/2022, 11:16 AM

Snyk can confirm that within 24 hours of publishing CVE-2021-44228 in our vulnerability database all services that compose Snyk’s Cloud Platform running Apache’s vulnerable Log4j library have been patched to the latest version. We have not detected any successful attempts at exploitation of this attack vector during that time window. Snyk’s security response to events pertaining to the Log4j remote code execution vulnerability (RCE) is also strengthened by our defence in depth that leverages network-based firewalls, web application firewalls, anomaly detection with our platform environment, and is supplemented by our ongoing ISO/IEC 27001:2013 certification process and ISAE3402 SOC2 Type II annual report, available to customers on request. Today customers can also leverage the Snyk Platform to understand what steps they can take to ensure their services are also secure from CVE-2021-44228 and much more.

If you think you may have discovered a vulnerability, please send us a note.