Application Security

Why did is-promise happen and what can we learn from it

On the 25th of April 2020, version 2.2.0 of is-promise library on npm was released by JavaScript developer and maintainer ...

How to successfully roll out developer-first license compliance

License compliance has traditionally been perceived by developers as a blocker but it does not need to continue to be ...

Announcing Snyk’s developer-first license compliance management

We’re thrilled to announce Snyk’s developer-first license compliance management solution, designed to help you maintain a rapid development pace while ...

Secure code review: 8 security code review best practices

Code reviews are hard to do well. Particularly when you’re not entirely sure about the errors you should be looking ...

March in review: State of Open Source Security survey, All.The.Talks virtual conference, and more

We are wrapping up this month and we present to you the most interesting highlights and security news from March ...

Shifting responsibly left with the enhanced Snyk security gating on pull requests

We’re pleased to announce we’ve enhanced Snyk’s security and license testing for pull requests to better support shift-left security and ...

Secure development when working from home — tips and tricks

Secure development while remote  As we brace ourselves to an extended period of working from home, we need to re-evaluate ...

Exploring the minimist prototype pollution security vulnerability

On March 11th, 2020, Snyk published a medium severity prototype pollution security vulnerability (CVE-2020-7598) affecting the minimist npm package. This ...

Django security tips

Lucky you, you user of the web framework for perfectionists with deadlines (AKA Django). The Django team has put a ...