Application Security

Want to impress your boss with your security knowledge? Stay up to date by learning why application security is important and how you can improve.

How to maintain npm dependencies in your project

It’s very common that we find projects working correctly in production but are no longer actively maintained—it’s in production, it works, and the client considers the project finished. Unfortunately, this is not entirely true. We tend to forget that when a project is finished and it’s in production, it does not mean that it doesn’t […]

June 11, 2020

Discover package vulnerabilities with the Snyk integration for JSDelivr

We are excited to announce that we power the security badge in! JSDelivr is one of the leading CDN for open source and npm packages. Snyk’s new integration with JSDelivr shows a security badge on the search page for a specific library. At Snyk, we strongly believe that it is important for developers to […]

June 8, 2020

Why do organizations trust Snyk to win the open source security battle?

Defining and explaining the role of a proprietary security team dedicated to researching and analyzing vulnerabilities in open source ecosystems—in order to ensure open source security—is not an easy task. It’s challenging to provide a concise answer when asked the relatively simple question, “what does the security team at Snyk do?”. There is no short […]

May 27, 2020

Snyk launches DevSecOps Hub

Many organizations are shifting to a DevSecOps culture for software delivery. The idea of a developer-centric software delivery model that broke down silos and removed barriers to deployment was born as DevOps in 2008. This efficient approach to software delivery has evolved and grown over the past decade. As organizations have figured out what DevOps […]

May 20, 2020

Test website security with Snyk’s newest WebPageTest integration

We are excited to announce the security integration with WebPageTest! These newly introduced data points for all tested pages enrich the existing website performance tests with further visibility into security details, such as HTTP security headers and vulnerable JavaScript libraries found on a website. We at Snyk know that web developers have many cross-cutting concerns […]

May 14, 2020

Website security score explained

Snyk launched an integration with WebPageTest that reports security insights for a website security check, along with other speed tests and performance metrics that WebPageTest provides. If you run a WebPageTest scan, you get a security score.What is this score measuring and how are we calculating it? In order to get a security score and […]

May 12, 2020

Why did is-promise happen and what can we learn from it

On the 25th of April 2020, version 2.2.0 of is-promise library on npm was released by JavaScript developer and maintainer Forbes Lindesay. Reportedly, this release caused failures in popular developer build tools used for scaffolding new projects, such as Facebook’s create-react-app, Google’s firebase-tools, angular-cli, and others. Forbes promptly addressed the problems associated with the 2.2.0 […]

April 28, 2020

How to successfully roll out developer-first license compliance

License compliance has traditionally been perceived by developers as a blocker but it does not need to continue to be regarded as such. License compliance is crucial for being able to minimize the risk to the business but the only way to do so at scale and without impeding development is with a developer-first mindset. […]

April 23, 2020

Announcing Snyk’s developer-first license compliance management

We’re thrilled to announce Snyk’s developer-first license compliance management solution, designed to help you maintain a rapid development pace while also remaining compliant with the open source licenses you’re using in your code!

April 23, 2020

Secure code review: 8 security code review best practices

Code reviews are hard to do well. Particularly when you’re not entirely sure about the errors you should be looking for! The DevSecOps approach pushes security testing left so that vulnerabilities can be found and fixed earlier, in the design, development, or CI/CD stages of the workflow. It’s always a good idea to check for […]

April 20, 2020

March in review: State of Open Source Security survey, All.The.Talks virtual conference, and more

We are wrapping up this month and we present to you the most interesting highlights and security news from March 2020, Including All.The.Talks — a new virtual community conference — the launch of the State of Open Source Security survey, and several product updates from Snyk. Security news Our State of Open Source Security survey […]

March 31, 2020