Application Security

The Most Common Vulnerabilities in Maven Central and npm

In this post we’ll look at the most common types of vulnerabilities for two of the main ecosystems we track ...

Skyscanner fixed projects and gained visibility into their open source vulnerability exposure.

Skyscanner today monitors nearly 500 separate projects with Snyk, and is able to understand the state of their security as ...

Local Type Inference Cheat Sheet for Java 10 and beyond!

One of the main features in Java 10 in Local Type Inference, which allows us to substitute a type with ...

JavaScript and Node.js Security – The Common Pitfalls

Guy Podjarny live hacks a Node.js application to exploit vulnerabilities in real world packages. In this edited down video from ...

Where do security patches come from?

The best solution for known vulnerabilities is to upgrade your software. But sometimes there's not a security update immediately available. ...

Staying Secure on Heroku with the Snyk Add-On

The Snyk Heroku Addon is now out of beta, providing deep integration with your Heroku workflow. In this post, we'll ...

Why triaging might be going away

One of the biggest bottlenecks in security is 'triaging'—the process of validating if a security alert is actually impacting your ...

GDPR Compliance and Open Source

After years of preparation and debate, the General Data Protection Regulation (GDPR) was finally approved by the EU with enforcement ...

77% of sites use at least one vulnerable JavaScript library

The other week a paper was released that reported that about 37% of sites included at least one JavaScript library ...