Ecosystems

Interested in ecosystem-specific posts? We’ve got your back! Read through our posts and learn how security impacts your environment.

Kubernetes open sourced their security audit. What can we learn?

Earlier this week, on 6th August, the Cloud Native Computing Foundation (CNCF) published a blog post detailing their recent Kubernetes Security Audit. Last year, the CNCF started their security audit program with three projects: CoreDNS, Envoy, and Prometheus. Since this pilot program was successful, the CNCF is rolling it out to other projects in their […]

August 8, 2019

Remote code execution, cross-site scripting, and denial of service vulnerabilities account for 2/3 of known vulnerabilities in .NET ecosystem

Welcome to our new security report: .NET open source security insights. This report is split into three posts: .NET open source security insights Unique to the .NET ecosystem, 75% of the top twenty vulnerabilities have a high severity rating Remote code execution, cross-site scripting, and denial of service vulnerabilities account for 2/3 of known vulnerabilities […]

July 25, 2019

Unique to the .NET ecosystem, 75% of the top twenty vulnerabilities have a high severity rating

Welcome to our new security report: .NET open source security insights. This report is split into three posts: .NET open source security insights Unique to the .NET ecosystem, 75% of the top twenty vulnerabilities have a high severity rating Remote code execution, cross-site scripting, and denial of service vulnerabilities account for 2/3 of known vulnerabilities […]

July 25, 2019

.NET open source security insights

Welcome to our new security report: .NET open source security insights. This report is split into three posts: .NET open source security insights Unique to the .NET ecosystem, 75% of the top twenty vulnerabilities have a high severity rating Remote code execution, cross-site scripting, and denial of service vulnerabilities account for 2/3 of known vulnerabilities […]

July 25, 2019

Yet another malicious package found in npm, targeting cryptocurrency wallets

Cryptocurrency wallet developer Komodo has been in the news recently as the most recent victim of an attempted cryptocurrency attack by malicious code injection via npm dependencies. The EasyDEX-GUI project which provides a graphical user interface (GUI) to SuperNET/Iguana cryptocurrency APIs and is used by Komodo’s Agama wallet has been found to contain a malicious […]

June 17, 2019

npm passes the 1 millionth package milestone! What can we learn?

June 4th is a historic date. Not only is it our very own Liran Tal’s birthday (Mazal Tov, Liran!) but it is also the date that the millionth package was indexed into the npm registry. npm is a package manager for JavaScript packages. The core component of npm is its public registry, hosting JavaScript packages […]

June 4, 2019

Java Top 10 Security Vulnerabilities Disclosed [2019 – List]

Our friends at OverOps post a yearly blog listing the popularity of Java libraries, based on GitHub mentions. Accordingly, in this post, we’ll take a look at the vulnerabilities that have been found in the top ten Java libraries picked by OverOps, and focus on three of them in more depth. Firstly, following are the […]

May 27, 2019

Snyk Voted Next European Unicorn for B2B Enterprise

We are pretty excited to share that last week Snyk was recognized as a ‘Next European Unicorn’ at the 2019 Vivatech Awards. We won the category as a result of Snyk’s innovative approach to helping enterprises secure their complete software development life cycle, enabling developers to successfully secure their open source components and maintain speed of delivery; our rapid growth over the last several years; and in recognition of our commitment to supporting the open source community.

May 22, 2019

JVM Ecosystem Survey 2019

We’re excited to launch the new JVM Ecosystem Survey 2019. The goal of this survey is to understand the lay of the land across the entire JVM ecosystem and Java in particular. Once we get all of your wonderful responses we’re going to turn them into a beautiful report that you can read, printout, turn […]

May 14, 2019

8 Azure Repos Security Best Practices

In this cheat sheet we’ll cover how you can be more secure as an Azure Repos user or contributor. Some of it is specific to Azure Repos, but a lot of it is also useful for other Git and non-Git repositories as well. DOWNLOAD THE CHEAT SHEET! So let’s get started with our list of […]

May 6, 2019

Never store credentials as code/config in Azure Repos

Having team-wide rules that prevent credentials from being stored as code is a great way to police bad actions in the existing developer workflow. There are internal tools like Azure Key Vault

May 6, 2019