Launching the Snyk Community Outreach Internship Program
Here at Snyk, we are focusing on these groups and developing the Community Outreach Internship Program to open the doors of opportunity and help these impacted members of our community develop the skills necessary to begin the journey of a successful career.
Editor's Picks
Subscribe to our newsletter for all the latest news and resources.
How do we secure Infrastructure as Code tools?
As its name indicates, Infrastructure as Code (IaC) is the practice of defining the infrastructure your applications run on as code and configuration files. This allows us to not only automate the provisioning of the resources but also to subject it to the same lifecycle processes that historically have applied only to the application codebase. […]
Snyk CLI cheatsheet
The Snyk CLI is an excellent and powerful tool to scan your applications, containers, and infrastructure as code for security vulnerabilities. In this cheatsheet, we will look at the most powerful features our CLI has to offer. You can use the CLI for scanning and monitoring on your local machine, but you can also integrate […]
Introducing Flex Work: the future of work at Snyk
At Snyk we’re used to developing fast and staying secure. That’s why in early March we quickly moved to a 100% remote work environment to keep our snykers safe. Moving quickly required full participation across the company- from our leadership sharing constant updates, to our snykers creating fun ways to stay connected while apart. Our […]
Prioritization
Snyk's new Priority Score helps to drastically simplify one of the biggest challenges in using open source securely—working out which vulnerabilities to tackle first. Find some useful resources here.
All things Docker: recapping Docker news and views from SnykCon 2020
During SnykCon 2020, Snyk shared some exciting news around Docker: we are now the exclusive provider of security insights for Docker Official images and other future content certification programs. We also had some great talks with folks from Docker about security trends, demonstrated how to use Snyk with Docker, and more. In this post, we’ll […]
Command injection: how it works, what are the risks, and how to prevent it
How do command injection attacks work? To understand programming flaws related to OS command injection attacks, let’s explore a variety of command injection vulnerabilities that were discovered in Node.js based applications. systeminformation is an Operating System (OS) information library that spans more than 500,000 downloads a week with regular maintenance (commits) and a community around […]
DevSecOps tools for open source projects in JavaScript and Node.js
In this article, I’d like to propose best practices and discuss how maintainers, and developers, can adopt DevSecOps tools for open source projects to better improve their security posture. We are not short on security incidents and horror stories about malicious packages in the JavaScript open source ecosystem. As citizens of the open source ecosystem, […]
Kubernetes Operators: automating the release process
Snyk helps our customers to integrate security into their CI/CD pipelines, so we spend a lot of time thinking about automation. When it comes to releasing our own software, we’re always looking to adopt best practices for test and release. In this blog, I’ll talk about the release process for our Kubernetes Operator, and show […]
International Men’s Day—it’s time to talk
Today (Thursday, 19th November), is International Men’s Day, a day when we celebrate the positive value men bring to the world and raise awareness of men’s well-being. Being a human being can have its challenging moments even in the best of times. But in this year, one of uncertainty and isolation, caused by a worldwide […]
Announcing the Snyk and Docker Security Guide for Developers
Snyk and Docker have partnered to bring developer-centric security, powered by Snyk, to the world’s most popular container developer tools, Docker Desktop and Docker Hub. Now that you might be seeing your first scan results for container vulnerabilities, you have likely discovered a few issues… maybe even more than a few! It can be daunting […]
Container image formats under the hood
Over the last few years, following Docker’s release, containers have become more and more the standard mechanism for software delivery. We see a growing number of container-based solutions and while innovation in the space is obviously welcomed, there is a requirement for establishing certain standards around format and runtime. Because of the rapid growth of […]
Python Poetry package manager and security integration with software composition analysis tool
I have always believed that package managers can be the ultimate weapon in the fight against vulnerable dependencies. If package managers can be leveraged to scan for vulnerable dependencies, developers would be able to identify and fix vulnerabilities in their dependencies more easily and quickly, rather than letting the vulnerability snake its way into the […]