Dependency Health

Explaining the csurf vulnerability: CSRF attacks on all versions

An analysis of how and why all versions of csurf npm package are vulnerable to CSRF token bypass.

September 21, 2022

Avoiding SMTP Injection: A Whitebox primer

his blog will discuss how common SMTP Injection vulnerabilities can exist in libraries and applications, and provide tips for finding and remediating them quickly.

September 14, 2022

The npm faker package and the unexpected demise of open source libraries

Liran Tal discusses real-world incidents that demonstrate how even the mightiest of open source projects can be defeated. He also addresses the continuous struggles of open source software sustainability, maintainer burnout, and how these things affect the greater developer community.

September 1, 2022

Solve Hack the Box and other CTF challenges with Snyk

Hack The Box (HTB) is a platform that gamifies cybersecurity training. In this article, we'll discuss how Snyk can help you solve Hack the Box and other CTF challenges.

September 1, 2022

Securing container applications using the Snyk CLI

We are excited to share that now, when using the snyk container test/monitor commands, we will scan for application vulnerabilities by default.

August 30, 2022

These aren’t the npm packages you’re looking for

Earlier in the year, over 500 malicious packages were released into the npm ecosystem to create dependency confusion. Let’s look at some ways to help protect applications from dependency injection.

May 4, 2022

A (soft) introduction to Python dependency management

In this post, we'll take a look at different ways to approach Python dependency management, and briefly explore dependency security.

September 14, 2021

Understanding the software supply chain security requirements in the cybersecurity Executive Order

Learn more about the software supply chain security requirements in President Biden's Executive Order on Improving the Nation’s Cybersecurity and how Snyk can satisfy them.

June 10, 2021
Integrate security into the CI/CD with the Snyk Maven plugin

Snyk Maven plugin: Integrated security vulnerability scanning for developers

the Snyk Maven plugin so you can now scan your application for security vulnerabilities in third-party libraries as part of your build cycle—putting security expertise in the hands of developers.

April 20, 2021
Code Dx integrates with Snyk for comprehensive vulnerability management

Code Dx 5.3 integrates with Snyk for comprehensive vulnerability management

Code Dx 5.3 now includes a connector with Snyk, giving customers visibility to open source dependencies, license issues, and container vulnerability management.

April 19, 2021
go security

Go security cheatsheet: 8 security best practices for Go developers

In this installment of our cheatsheet series, we’re going to cover eight Go security best practices for Go developers. The Go language incorporates many built-in features that promote safer development practices—compared to older and lower-level languages like C—such as memory garbage collection and strongly-typed pointers.  These features help developers avoid bugs that can lead to

February 9, 2021