Announcing Snyk-Powered Linting in Sonar
That’s why we’re excited that some of the best auditing tools for developers have chosen to highlight this problem and, powered by Snyk’s vulnerability database, report on vulnerable libraries to all developers who use them! Embedding into these tools is key to raising developer awareness and making it seamless for developers to notice and understand the risk these vulnerabilities present.
Snyk and Sonar
Sonar started out as an internal project from inside the Microsoft Edge team, but they quickly realized they wanted it to be an open-source, community-driven project backed by the JS Foundation. Sonar lints your site against a number of different best practices and custom rules and gives you a report with the results so you know exactly what you need to improve.
Sonar started off as a command-line tool using the
sonar npm module, but they’ve just launched their brand new online site scanner as well, to make it even easier to get quick information about the overall health of your site or application.
Security and Developers, Together
MIT, Apache 2 or BSD license: Who is the fairest of them all?
November 01, 2017In this post we review and compare the Apache, BSD and MIT license to see what to use in your own project, and when.
Python 2 vs 3: Security Differences
October 10, 2017Python 3 and Python 2 have various functional differences. On their own, they’re not necessarily better or worse (though arguably Python 3 should be an improvement), but any change may introduce risk. This post highlights and explains a few differences between the versions that have security implications.
Subscribe to The Secure Developer Podcast
A podcast about security for developers, covering tools and best practices.
Interested in web security?
Subscribe to our newsletter: