Open Source

Everyone loves open source, and for good reason. We want to help you use open source and stay secure. Read more to learn how this is achievable!

AWS vulnerability scanning using the Snyk integration

If you’re using the AWS suite of Kubernetes related tools, you’ll be pleased to know that you can scan with Snyk directly into your workflows there too with integrations into Amazon Elastic Container Registry ( ECR ) and Amazon Elastic Kubernetes Service ( EKS ). Here’s how to get started! During this post I’m going […]

February 10, 2021

Guide to Software Composition Analysis (SCA)

2020 was a watershed year for open source. Digital transformation, already gaining momentum before COVID19 hit, suddenly accelerated. More and more companies became software companies, and with this shift—usage of open source peaked. Why? Simply put, open source enables development teams to deliver value more rapidly and more frequently, thus enabling their companies to better […]

January 27, 2021

2020 Q4 in review—iOS remote code execution, developer-first SAST, and more

In this fourth installment of the Snyk Blog year in review, we’ll be covering some of our key announcements and news that hit the blog in October, November, and December rounding off a year of content. Previously, we’ve highlighted three posts in each quarter ranging from Angular best practices to two rounds of funding and […]

December 31, 2020

Snyk CLI cheatsheet

The Snyk CLI is an excellent and powerful tool to scan your applications, containers, and infrastructure as code for security vulnerabilities. In this cheatsheet, we will look at the most powerful features our CLI has to offer. You can use the CLI for scanning and monitoring on your local machine, but you can also integrate […]

November 26, 2020

From zero to security hero: test your GitHub projects for known vulnerabilities

Are you using GitHub for your projects? Great! But how are you making sure your open source dependencies are free from vulnerabilities?  In this blog post, we’ll guide you through how to create a free Snyk account and import your first GitHub project into Snyk and test your open source dependencies for known vulnerabilities. You […]

November 12, 2020

GitHub Actions to securely publish npm packages

GitHub Actions are growing in popularity ever since GitHub announced general availability for all developers and repositories on the GitHub platform. Fueled with some rate limits we’re seeing in the ecosystem—such as new billing and rate limits for open source from Travis CI—will further drive developers to migrate their software automations to GitHub Actions. In […]

November 10, 2020

SnykCon Day One wrap-up: Snyk Code, carbon neutrality & session highlights

Day One of SnykCon 2020 is in the books. In this post, we’re bringing you a recap of all the news fit to print, plus a peek into some of the eye-opening sessions we heard today. Have a read and join us for Day Two tomorrow. Snyk Code, developer-first SAST, extends Snyk Platform Today, we […]

October 21, 2020

Why your team should attend SnykCon 2020

SnykCon is less than 2 weeks away! In 2020, meeting and engaging with others is more important than ever before. Our goal with SnykCon was to create a conference to bring the DevSecOps community together for 2 days of sharing, learning, and fun. Need a few great reasons to send your team? Read on! 1. […]

October 7, 2020

New Gartner Market Guide highlights the importance of Software Composition Analysis (SCA)

The 2020 Gartner Market Guide for Software Composition Analysis (SCA) has been published, highlighting the growing importance of open source software security, and outlining recommendations for effective risk management and mitigation.  According to the guide, more than 90% of organizations rely on open source software. There are multiple benefits explaining this reliance, but first and […]

September 1, 2020

Java dependency management: how many lines of code does my application hold?

A few weeks ago I had the opportunity to give a presentation for the Dutch Java Conference JSpring. The talk was about Java dependency management.  During this talk, I created a simple Spring Boot application and determined the number of lines my java dependencies brought in versus the number of lines I wrote myself. This […]

August 12, 2020

Instant security information with the Snyk security badge

We are excited to announce the Snyk security badge for open source libraries that offers instant security information. This newly introduced item for library maintainers gives users better visibility into the security details. With this badge, you can instantly see whether a library has any vulnerabilities and the level of severity. At Snyk we know […]

August 4, 2020