Ecosystems

Interested in ecosystem-specific posts? We’ve got your back! Read through our posts and learn how security impacts your environment.

RPM Package Manager: RPM package security scanning with Snyk

As part of scanning container images, Snyk can detect various pieces of information like the operating system distribution, software package manager, installed applications, and all of the application dependencies. RPM is one of the most common package managers in the Linux ecosystem and is fully supported in Snyk. While there was open source code available […]

November 13, 2020

Python Poetry package manager and security integration with software composition analysis tool

I have always believed that package managers can be the ultimate weapon in the fight against vulnerable dependencies. If package managers can be leveraged to scan for vulnerable dependencies, developers would be able to identify and fix vulnerabilities in their dependencies more easily and quickly, rather than letting the vulnerability snake its way into the […]

November 13, 2020

Java logging: what should you log and what not?

Logs are a handy tool to spot mistakes and debug code. For engineers and, specifically, in a DevOps environment, the logs are a very valuable tool.  In addition to the functional aspect of logging, logs are also critical from a Java security perspective. When a security breach occurs, your log files are the first place […]

November 11, 2020

GitHub Actions to securely publish npm packages

GitHub Actions are growing in popularity ever since GitHub announced general availability for all developers and repositories on the GitHub platform. Fueled with some rate limits we’re seeing in the ecosystem—such as new billing and rate limits for open source from Travis CI—will further drive developers to migrate their software automations to GitHub Actions. In […]

November 10, 2020

Node.js security: lessons from the Node.js Security Working Group in triaging vulnerabilities

In a previous blog post, I talked about a security disclosure for Fastify Node.js framework to the Node.js Security working group on HackerOne. The disclosure was regarding a Server-side JavaScript code injection vulnerability, resulting in the final conclusion that determined the report to be of no security impact to the Fastify Node.js web application framework, […]

November 6, 2020

10 React security best practices

Looking for the best ways to secure your React app? Then you’ve come to the right place! I created this checklist of React security best practices to help you and your team find and fix security issues in your React applications. I’ll show you how to automatically test your React code for security-related errors and […]

October 28, 2020

Gradle dependencies: scanning with new Snyk Gradle plugin

Gradle is one of the major build systems in not only the Java ecosystem but also for Android development. With Gradle, you can manage your dependencies, build, and test your project. Scanning the dependencies for known security vulnerabilities in your project is important. The ideal time to start scanning your dependencies is the very moment […]

October 23, 2020

Fixing vulnerabilities in Maven projects

Maven is still the most used build system in the Java ecosystem. According to the JVM report 2020, Maven is the number one build tool in the ecosystem with two-thirds of the share.  Therefore, it is important to now how Maven works. For instance, if you find vulnerabilities in your Maven project using Snyk, how […]

September 14, 2020

Helping Python developers shift security left with a new PyCharm plugin

We’re happy to announce Snyk’s brand new PyCharm plugin, helping Python developers find and fix security and license issues in their open source dependencies as early as their first lines of code!  Tackling vulnerabilities within the IDE is an important part of shifting security left and enabling developers to take on more responsibility for security […]

September 8, 2020

Discover package vulnerabilities with the Snyk integration for JSDelivr

We are excited to announce that we power the security badge in JSDelivr.com! JSDelivr is one of the leading CDN for open source and npm packages. Snyk’s new integration with JSDelivr shows a security badge on the search page for a specific library. At Snyk, we strongly believe that it is important for developers to […]

June 8, 2020

Java turns 25—aging like fine wine or more like milk?

On May 23, 1995, Sun Microsystems released Java. This means that Java turns 25 years old and that is something we need to celebrate! The age of 25 is quite old for a programming language, though, right? Let’s take a look at the programming language, the ecosystem, the community, and the future of Java, see […]

May 22, 2020