Engineering

Looking for highly technical articles? Our Engineering team is here to provide you with tool and technology-specific content, as well as in-depth technical guides of the Snyk products.

Python language support now beta in Snyk Code

Snyk Code, the AI-based static application security testing (SAST) tool, now offers Python as a supported development language (beta). Snyk Code already fully supports Java, JavaScript, and TypeScript.

April 12, 2021

How to fix Java security issues while coding in IntelliJ IDEA

Learn how to use the Snyk Vulnerability Scanner plugin for IntelliJ IDEA to make it easy to find and fix Java security issues earlier in the development process.

April 8, 2021

5 ways to prevent code injection in JavaScript and Node.js

Learn some best practices for keeping your Node.js and JavaScript projects safe from code injection attacks.

April 5, 2021

Application security automation for GitHub repositories with Snyk

Snyk provides a wide array of integrations and a pretty comprehensive API to enable you to deploy Snyk across the SDLC and monitor all the code your organization is developing.  Of course – this is not always simple.  At scale, ensuring Snyk is monitoring all your repositories becomes more challenging. As you grow, more code […]

March 31, 2021

10 best practices to containerize Node.js web applications with Docker

Are you looking for best practices on how to build Node.js Docker images for your web applications? Then you’ve come to the right place! This cheatsheet provides production-grade guidelines for building optimized and secure Node.js Docker images.

January 13, 2021

Securing your Kubernetes application development with Snyk and Tilt

Developing Kubernetes applications can be hard. We’re often dealing with microservice architectures with a lot of moving parts, along with developing the cluster configuration to hook them all together, and workflows for rapid iteration and testing can become convoluted and hard to manage for engineering teams.  This is where tools like Tilt come in.  Tilt […]

January 11, 2021

Serialization and deserialization in Java: explaining the Java deserialize vulnerability

Java serialization is a mechanism to transform an object into a byte stream. Java deserialization is exactly the other way around and allows us to recreate an object from a byte stream. Java serialization—and more specifically deserialization in Java—is also known as “the gift that keeps on giving”. This relates to the many security issues […]

December 18, 2020

Git checkout remote branch: how it works and when to use it

Git is a fantastic tool many developers use for version control on their projects. Although there are many other version control systems—like Subversion (SVN) and Concurrent Versioning System (CVS)—git is by far the most commonly used. A good reason for this is the focus on distributed development and the easy way to use branches. Let’s […]

December 15, 2020

Command line tools for containers—using Snyk with Buildah, Podman, and Skopeo

As the container ecosystem has matured, the one thing we’re not short on is options—both in terms of the software we use, and how we plug it all together.  One of these options would be the combination of Buildah, Podman, and Skopeo—three open source command line tools with their origins in the RedHat ecosystem. As […]

December 9, 2020

Improved security testing for git-based Gradle projects using lockfile

Over the past year, we have been working hard to improve our testing for Gradle projects imported from Git repositories by making it more reliable, accurate, and scalable.  We understood that parsing a Gradle manifest, instead of a Gradle lock file, would be a never-ending war that we would always lose. Trying to interpret the […]

December 7, 2020

Kernel privilege escalation: how Kubernetes container isolation impacts privilege escalation attacks

During the day, I spend my time analyzing Terraform code, Kubernetes object configuration files, and identifying common security issues. When the sun sets, I put on my hoodie, fire up Linux VMs and debuggers to look under the hood of technologies that make up the cloud native ecosystem. In this post, we will explore how […]

December 3, 2020