Here at Snyk, we are focusing on these groups and developing the Community Outreach Internship Program to open the doors of opportunity and help these impacted members of our community develop the skills necessary to begin the journey of a successful career.
As its name indicates, Infrastructure as Code (IaC) is the practice of defining the infrastructure your applications run on as code and configuration files. This allows us to not only automate the provisioning of the resources but also to subject it to the same lifecycle processes that historically have applied only to the application codebase. […]
The Snyk CLI is an excellent and powerful tool to scan your applications, containers, and infrastructure as code for security vulnerabilities. In this cheatsheet, we will look at the most powerful features our CLI has to offer. You can use the CLI for scanning and monitoring on your local machine, but you can also integrate […]
At Snyk we’re used to developing fast and staying secure. That’s why in early March we quickly moved to a 100% remote work environment to keep our snykers safe. Moving quickly required full participation across the company- from our leadership sharing constant updates, to our snykers creating fun ways to stay connected while apart. Our […]
Snyk's new Priority Score helps to drastically simplify one of the biggest challenges in using open source securely—working out which vulnerabilities to tackle first. Find some useful resources here.
During SnykCon 2020, Snyk shared some exciting news around Docker: we are now the exclusive provider of security insights for Docker Official images and other future content certification programs. We also had some great talks with folks from Docker about security trends, demonstrated how to use Snyk with Docker, and more. In this post, we’ll […]
How do command injection attacks work? To understand programming flaws related to OS command injection attacks, let’s explore a variety of command injection vulnerabilities that were discovered in Node.js based applications. systeminformation is an Operating System (OS) information library that spans more than 500,000 downloads a week with regular maintenance (commits) and a community around […]
Snyk helps our customers to integrate security into their CI/CD pipelines, so we spend a lot of time thinking about automation. When it comes to releasing our own software, we’re always looking to adopt best practices for test and release. In this blog, I’ll talk about the release process for our Kubernetes Operator, and show […]
Today (Thursday, 19th November), is International Men’s Day, a day when we celebrate the positive value men bring to the world and raise awareness of men’s well-being. Being a human being can have its challenging moments even in the best of times. But in this year, one of uncertainty and isolation, caused by a worldwide […]
Snyk and Docker have partnered to bring developer-centric security, powered by Snyk, to the world’s most popular container developer tools, Docker Desktop and Docker Hub. Now that you might be seeing your first scan results for container vulnerabilities, you have likely discovered a few issues… maybe even more than a few! It can be daunting […]
Over the last few years, following Docker’s release, containers have become more and more the standard mechanism for software delivery. We see a growing number of container-based solutions and while innovation in the space is obviously welcomed, there is a requirement for establishing certain standards around format and runtime. Because of the rapid growth of […]
I have always believed that package managers can be the ultimate weapon in the fight against vulnerable dependencies. If package managers can be leveraged to scan for vulnerable dependencies, developers would be able to identify and fix vulnerabilities in their dependencies more easily and quickly, rather than letting the vulnerability snake its way into the […]