Cloud Native Security

Docker for Node.js developers: 5 things you need to know not to fail your security

Docker is totalling up to over 50 billion downloads of container images. With millions of applications available on Docker Hub, container-based applications are popular and make an easy way to consume and publish applications. That being said, the naive way of building your own Docker Node.js web applications may come with many security risks. So, […]

January 25, 2021

Prioritize fixes more efficiently with Reachable Vulnerabilities for GitHub

We are pleased to start the new year with the beta availability of Reachable Vulnerabilities for GitHub, providing development and security teams with deep application-level context for vulnerabilities identified in GitHub-hosted applications and enabling them to prioritize fixes more efficiently. Announced in July last year, Reachable Vulnerabilities analyzes an application’s execution path to identify whether […]

January 21, 2021

Docker security scanning cheatsheet 2021

Docker has an enormous worldwide user base, recently surpassing 10 million users and 242 billion image pulls and has changed the way applications are built.  With the accelerated development velocity that containerization enables, additional security responsibilities are shifting to developers, who now need to maintain container images in addition to their code. That’s why a […]

January 19, 2021

10 best practices to containerize Node.js web applications with Docker

Are you looking for best practices on how to build Node.js Docker images for your web applications? Then you’ve come to the right place! This cheatsheet provides production-grade guidelines for building optimized and secure Node.js Docker images.

January 13, 2021

What is typosquatting and how typosquatting attacks are responsible for malicious modules in npm

You may have heard about malicious packages in a variety of contexts, such as a malicious Docker container or perhaps an open source malicious package in a public registry of one ecosystem or another. Snyk even published extensive research on malware in mobile applications, dubbed SourMint. We reviewed some of these security incidents in the […]

January 12, 2021

2020 Q1 in review—JVM ecosystem report, DevSecOps insights, and more

Welcome to the first of four posts in which we take a look back at all the highlights we have shared across the Snyk blog across 2020. Each of the four blog posts will pick three top highlights for each quarter of 2020, as well any honorable mentions we add along the way. Picking just […]

December 28, 2020

Snyk’s approach to container security research and relative importance

Container vulnerabilities are tricky things to deal with, requiring an understanding of both Linux security and container image architecture. Setting aside vulnerabilities that might occur in your code, most of the vulnerabilities that you deal with in containers relate to Linux operating system packages and their dependencies. And yet, containers are typically handled by developers, […]

December 14, 2020

How to detect the ExternalIP Kubernetes vulnerability in your Kubernetes configurations with Snyk

On Tuesday, a Kubernetes vulnerability was announced affecting all Kubernetes versions where a hostile user may be able to intercept traffic if external IP addresses are being used on services. Snyk has added a new check to Snyk Infrastructure as Code (Snyk IaC) to check your Kubernetes deployment definitions and notify you if you are […]

December 10, 2020

Command line tools for containers—using Snyk with Buildah, Podman, and Skopeo

As the container ecosystem has matured, the one thing we’re not short on is options—both in terms of the software we use, and how we plug it all together.  One of these options would be the combination of Buildah, Podman, and Skopeo—three open source command line tools with their origins in the RedHat ecosystem. As […]

December 9, 2020

Kernel privilege escalation: how Kubernetes container isolation impacts privilege escalation attacks

During the day, I spend my time analyzing Terraform code, Kubernetes object configuration files, and identifying common security issues. When the sun sets, I put on my hoodie, fire up Linux VMs and debuggers to look under the hood of technologies that make up the cloud native ecosystem. In this post, we will explore how […]

December 3, 2020

All things Docker: recapping Docker news and views from SnykCon 2020

During SnykCon 2020, Snyk shared some exciting news around Docker: we are now the exclusive provider of security insights for Docker Official images and other future content certification programs. We also had some great talks with folks from Docker about security trends, demonstrated how to use Snyk with Docker, and more. In this post, we’ll […]

November 25, 2020