Stranger Danger! Your App is Only as Secure as your Weakest Line of Code
Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Secure development in Visual Studio with Snyk Open Source
We’re pleased to announce our new extension for Visual Studio, making it easier for developers to stay both secure and compliant as they code within their favorite IDE. The extension supports Visual Studio 2015, 2017, and 2019. Snyk’s new free extension for Visual Studio enables developers to easily find and fix both known vulnerabilities and license issues in their open source dependencies, helping them address security early on and ship secure code faster.
Recapping DockerCon 2021 with Snyk: Red Ventures, Docker container security, and more
DockerCon 2021 brought containerization experts together to discuss all things Docker, from building containerized applications and running container images to improving container security. In this post, we’ll recap a live panel discussing how container security fits into the new cloud native era, how Red Ventures scaled container security scanning with Snyk, and ways to make vulnerability remediation easier.
Snyk Builds Security into AWS CodePipeline to Mitigate Open Source Risk for Developer and Security Teams
Latest integration inside the AWS CodePipeline console builds upon continued collaboration to deliver Snyk products within the AWS DevOps segment, AWS Marketplace, and AWS GovCloud.
Automate vulnerability scanning in AWS CodePipeline with Snyk
Empowering developers to build securely has always been Snyk’s mission. We enable you to find and fix security vulnerabilities in your code and open source dependencies, as well as enable development teams to easily integrate security testing as part of their automated delivery pipelines. Snyk also provides native integrations with leading CI/CD platforms such as Jenkins, TeamCity, and CircleCI. To this end, we are happy to announce Snyk’s latest integration with AWS CodePipeline.
A Team-Centric View of Security with Snyk and CloudBees
How does a team-centric collaboration focus change how a team maintains the security of the code? In this fireside chat, Patrick Debois, Snyk Labs Researcher, joins Anders Wallgren, Vice President of Technology Strategy at CloudBees. to explore this theme. They discuss what's new and changing with application security and what have we learned from DevOps that organizations can and should apply to DevSecOps.
I can use VS Code to hack into your development environment
We have been witnessing an ever-growing amount of supply chain security incidents in the wild. And now, those incidents are starting to extend to the place where developers spend most of their time: their integrated development environment, and specifically the Visual Studio Code IDE. Recently, Snyk has discovered and disclosed vulnerabilities that pose a real and imminent threat to developers who use these extensions. The potential compromise is so significantly severe that a remote code execution on a developer’s machine is possible by simply tricking the developer to click a link.
How to Measure Your Application Security Program in a Cloud Native World
The traditional way of measuring the effectiveness of our application security programs doesn't translate into the new age of cloud transformation and DevOps software delivery. So, which metrics should we be looking at – and how do you measure them accurately? In this recording, Snyk Field CTO, Simon Maple, sits down with Alyssa Miller, BISO at S&P Global and Nick Vinson, DevSecOps Lead at Pearson, to discuss their different approaches to measuring security in a cloud native world.
Python now fully supported in Snyk Code
Earlier this year, we announced the beta support for Python in Snyk Code. This beta period gave us the chance to let customers have access to our extensive collection of Python rules while we finished our knowledge base review and added curated content. We are happy to announce that this work has concluded, and Python is now a fully supported language. 🐍 🎉
Mitigating and remediating intent-based Android security vulnerabilities
In previous posts we explored the potential for intent-based Android security vulnerabilities and then used Snyk Code to find exploits in popular apps on the Google Play store. If you know Snyk, you also know there’s no way we can just point out vulnerabilities and not recommend fixes. Analyzing such an extensive dataset enabled us to review a lot of code.