Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In this episode of our Kubernetes Quick Hits video series, Eric Smalling–Sr. Developer Advocate at Synk– talks about privileged mode containers and why, for the vast majority of us, it’s simply a bad idea as well as some ideas for finding and preventing its use. Privileged mode is part of item number five from our recently published cheatsheet, 10 Kubernetes Security Context settings you should understand, check it out and start securing your Kubernetes application deployments today!

Writing quality code is something all of us developers strive for, but it's not an easy task. Secure coding conventions have long been an aspiring goal for many developers, as they scour the web for best practices, and guidelines from OWASP and other resources. Some developers may have even tried using static code analysis to find security issues, like the use of linters (ESLint), only to find out that they are brittle and report on many false positives.

Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.

How does a team-centric collaboration focus change how a team maintains the security of the code? In this fireside chat, Patrick Debois, Snyk Labs Researcher, joins Anders Wallgren, Vice President of Technology Strategy at CloudBees. to explore this theme. They discuss what's new and changing with application security and what have we learned from DevOps that organizations can and should apply to DevSecOps.

We have been witnessing an ever-growing amount of supply chain security incidents in the wild. And now, those incidents are starting to extend to the place where developers spend most of their time: their integrated development environment, and specifically the Visual Studio Code IDE. Recently, Snyk has discovered and disclosed vulnerabilities that pose a real and imminent threat to developers who use these extensions. The potential compromise is so significantly severe that a remote code execution on a developer’s machine is possible by simply tricking the developer to click a link.

The traditional way of measuring the effectiveness of our application security programs doesn't translate into the new age of cloud transformation and DevOps software delivery. So, which metrics should we be looking at – and how do you measure them accurately? In this recording, Snyk Field CTO, Simon Maple, sits down with Alyssa Miller, BISO at S&P Global and Nick Vinson, DevSecOps Lead at Pearson, to discuss their different approaches to measuring security in a cloud native world.

Join us for a live stream with Benji Kalman, Director of Security RnD at Snyk, to talk about his experience in security research and managing the Security team over at Snyk. We'll talk about his role, what are day-to-day activities like, what are the challenges, and then connect it to the deep security expertise that help augment secure coding via Static Application Security Testing (SAST) tools.

This Trend Micro and Snyk talk gives an overview of what is open source is, including the growth, power and potential risk involved in using it to build and deploy cloud native applications. With visibility into open source vulnerabilities and license issues the first time sec ops professionals have visibility into potential vulnerabilities in open source components through . Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.

In the last few years, we’ve seen more and more responsibilities shift left – to development teams. With the widespread adoption of Kubernetes, we’re now seeing configurations become a developer issue first and foremost. This responsibility means that developers need to be aware of the security risks involved in their configurations.

The adoption of infrastructure-as-code and configuration-as-code is soaring with the rising popularity of technologies like Kubernetes and Terraform. This means that designing and deploying infrastructure is a developer task, even if your “developer” is an infrastructure architect, and, just like application code, configurations can use test-driven methodologies to automate security prior to deployment.