DevSecOps

Yes, DevSecOps is a buzz-word, but it’s an important one! Security has an important part to play in application lifecycles and workflows. Learn how you can best integrate security into your existing pipelines.

The State of Open Source Security Survey – 2020

Snyk is currently building our annual State of Open Source Security report and we want to hear from you! Complete this brief survey to help guide our research.

March 25, 2020

Examining Gartner’s 12 Things to Get Right for Successful DevSecOps

“Integrating security into DevOps to deliver DevSecOps demands changed mindsets, processes, and technologies. Security and risk management leaders must adhere to the collaborative, agile nature of DevOps for security testing to be seamless in development, making the “Sec” in DevSecOps transparent.” According to the Gartner report, DevSecOps quickly became one of the fastest-growing areas of […]

March 24, 2020

February in review: JVM Ecosystem Report, Python and Container Updates, and more

As we wrap up February, dive into the JVM Ecosystem report, tune into DevSecOps learnings, catch up on the latest Snyk product updates, and mark your calendar for KubeCon EU! Security news New! JVM ecosystem report 2020 Insights based on a global developer community survey show us that: 36% of developers switched from Oracle JDK […]

February 28, 2020

86% of security and tech roles agree that security is a shared responsibility

Deeply integrated security increases the sense of shared responsibility. Having a sense of shared responsibility across the organization contributes to an elevated security- first mindset among employees who will seek out to question and challenge solutions regarding the security impact of the products they build.

February 2, 2020

29% of highest security integration orgs endure friction when collaborating

A watermark of traditional security activities within organizations is the high tension between security teams, the operations or IT, and the core R&D engineering. When all of these teams are siloed with their activities and overall goals unaligned, they create tension and friction that manifests in mis-executive security activities. However, when security practices are integrated […]

January 28, 2020

31% don’t track application dependencies and 38% only track direct dependencies

As we look into the way engineers audit their code bases, we see a strong adoption of automated security tooling, according to the Snyk State of Open Source Security report 2019, with 65% of respondents confirming that observation. It is also important to point out that, even when automated security tools are employed, 79% of the respondents still use security code reviews.

January 28, 2020

48% see security a major constraint on the ability to deliver software quickly

With every data breach disclosed, organizations become more aware of the need to address security early on and throughout the SDLC to ensure customer privacy and assets, feature security, and delivery speed. To do it all well, DevSecOps must be driven by security, but powered by developers.

January 28, 2020

DevSecOps Insights 2020

We are thrilled to announce and share with you the Snyk 2020 DevSecOps Insights! In this study, we discuss the state of DevSecOps, key activities, focus areas, and takeaways. This study is based on data presented in the Snyk 2019 State of Open Source Security report and the Puppet 2019 State of DevOps report. The […]

January 28, 2020

Scaling security through DevSecOps & dev-first security

Digital transformation is not a buzzword - it’s a force. Practically all businesses, big and small, seek to make technology their core, and to accelerate their ability to adapt to the market. And yet, as entire enterprises seek to reshape themselves to meet these new challenges - security stays behind. If we’re going to base our approach on the new digital reality, we first need to understand it - what are the key changes that take place during Digital Transformation, and what is their impact on security? We’ll break it up into three main changes: Digital Business, Cloud and DevOps. 

January 21, 2020

Security digital transformation with James Kaplan

As 2019 draws to an end, we are going to be looking back on some great episodes of our podcast The Secure Developer. This post is the first in the series, so keep your eye out for future installments. The Secure Developer podcast is part of our vendor neutral, security education focused community MyDevSecOps. The […]

November 14, 2019

See Snyk and GitHub in action at GitHub Universe

At Snyk, we are committed to building security tools that help developers shift security left to embrace security and quality as early, easily, and efficiently as possible.  With the recent beta release of GitHub Actions, we decided to look at how we could help GitHub users adopt better security controls for DevOps and CI/CD workflows. […]

November 13, 2019