Subscribe to our newsletter for all the latest news and resources.

How do we secure Infrastructure as Code tools?

As its name indicates, Infrastructure as Code (IaC) is the practice of defining the infrastructure your applications run on as code and configuration files.  This allows us to not only automate the provisioning of the resources but also to subject it to the same lifecycle processes that historically have applied only to the application codebase.  […]

November 27, 2020

Snyk CLI cheatsheet

The Snyk CLI is an excellent and powerful tool to scan your applications, containers, and infrastructure as code for security vulnerabilities. In this cheatsheet, we will look at the most powerful features our CLI has to offer. You can use the CLI for scanning and monitoring on your local machine, but you can also integrate […]

November 26, 2020

Introducing Flex Work: the future of work at Snyk

At Snyk we’re used to developing fast and staying secure. That’s why in early March we quickly moved to a 100% remote work environment to keep our snykers safe.  Moving quickly required full participation across the company- from our leadership sharing constant updates, to our snykers creating fun ways to stay connected while apart. Our […]

November 25, 2020

Prioritization

Snyk's new Priority Score helps to drastically simplify one of the biggest challenges in using open source securely—working out which vulnerabilities to tackle first. Find some useful resources here.

All things Docker: recapping Docker news and views from SnykCon 2020

During SnykCon 2020, Snyk shared some exciting news around Docker: we are now the exclusive provider of security insights for Docker Official images and other future content certification programs. We also had some great talks with folks from Docker about security trends, demonstrated how to use Snyk with Docker, and more. In this post, we’ll […]

November 25, 2020

Command injection: how it works, what are the risks, and how to prevent it

How do command injection attacks work? To understand programming flaws related to OS command injection attacks, let’s explore a variety of command injection vulnerabilities that were discovered in Node.js based applications. systeminformation is an Operating System (OS) information library that spans more than 500,000 downloads a week with regular maintenance (commits) and a community around […]

November 24, 2020

DevSecOps tools for open source projects in JavaScript and Node.js

In this article, I’d like to propose best practices and discuss how maintainers, and developers, can adopt DevSecOps tools for open source projects to better improve their security posture. We are not short on security incidents and horror stories about malicious packages in the JavaScript open source ecosystem. As citizens of the open source ecosystem, […]

November 24, 2020

Kubernetes Operators: automating the release process

Snyk helps our customers to integrate security into their CI/CD pipelines, so we spend a lot of time thinking about automation. When it comes to releasing our own software, we’re always looking to adopt best practices for test and release.  In this blog, I’ll talk about the release process for our Kubernetes Operator, and show […]

November 20, 2020

International Men’s Day—it’s time to talk

Today (Thursday, 19th November), is International Men’s Day, a day when we celebrate the positive value men bring to the world and raise awareness of men’s well-being.  Being a human being can have its challenging moments even in the best of times. But in this year, one of uncertainty and isolation, caused by a worldwide […]

November 19, 2020

Announcing the Snyk and Docker Security Guide for Developers

Snyk and Docker have partnered to bring developer-centric security, powered by Snyk, to the world’s most popular container developer tools, Docker Desktop and Docker Hub.  Now that you might be seeing your first scan results for container vulnerabilities, you have likely discovered a few issues… maybe even more than a few! It can be daunting […]

November 18, 2020

Container image formats under the hood

Over the last few years, following Docker’s release, containers have become more and more the standard mechanism for software delivery. We see a growing number of container-based solutions and while innovation in the space is obviously welcomed, there is a requirement for establishing certain standards around format and runtime. Because of the rapid growth of […]

November 18, 2020

Python Poetry package manager and security integration with software composition analysis tool

I have always believed that package managers can be the ultimate weapon in the fight against vulnerable dependencies. If package managers can be leveraged to scan for vulnerable dependencies, developers would be able to identify and fix vulnerabilities in their dependencies more easily and quickly, rather than letting the vulnerability snake its way into the […]

November 13, 2020