Open Source

Everyone loves open source, and for good reason. We want to help you use open source and stay secure. Read more to learn how this is achievable!

Navigate 3 trends in financial services with DevSecOps

The financial services sector faces both technology opportunities and challenges. The modernization of financial business infrastructures isn’t a new conversation, although it remains a continued priority and challenge for our largest banking, investment, and insurance institutions. Cloud adoption trends in financial services  have dominated this conversation in recent years, across infrastructure, data, and the applications […]

July 13, 2020

The State of Open Source Security 2020

This report sheds light on the current security posture of open source software and reflects on security concerns, trends in vulnerabilities across packages and container images, and also examines the practices employed by maintainers and organizations in securing their software.

June 24, 2020

How to maintain npm dependencies in your project

It’s very common that we find projects working correctly in production but are no longer actively maintained—it’s in production, it works, and the client considers the project finished. Unfortunately, this is not entirely true. We tend to forget that when a project is finished and it’s in production, it does not mean that it doesn’t […]

June 11, 2020

Why do organizations trust Snyk to win the open source security battle?

Defining and explaining the role of a proprietary security team dedicated to researching and analyzing vulnerabilities in open source ecosystems—in order to ensure open source security—is not an easy task. It’s challenging to provide a concise answer when asked the relatively simple question, “what does the security team at Snyk do?”. There is no short […]

May 27, 2020

Snyk launches DevSecOps Hub

Many organizations are shifting to a DevSecOps culture for software delivery. The idea of a developer-centric software delivery model that broke down silos and removed barriers to deployment was born as DevOps in 2008. This efficient approach to software delivery has evolved and grown over the past decade. As organizations have figured out what DevOps […]

May 20, 2020

Managing license compliance across your organization with Snyk’s license policies

Earlier this month, we rolled out the first phase of our Shared Policies initiative which will allow you to create sets of rules that can be applied across your organizations and projects. You can now create your own policies and use these rules to help your development teams easily find and fix what is most […]

April 30, 2020

Why did is-promise happen and what can we learn from it

On the 25th of April 2020, version 2.2.0 of is-promise library on npm was released by JavaScript developer and maintainer Forbes Lindesay. Reportedly, this release caused failures in popular developer build tools used for scaffolding new projects, such as Facebook’s create-react-app, Google’s firebase-tools, angular-cli, and others. Forbes promptly addressed the problems associated with the 2.2.0 […]

April 28, 2020

5 Common open source security myths everyone needs to know

Open source is an extremely popular way for large enterprises, small businesses—even individuals and hobbyists—to acquire technology. Simply locate the open source dependencies that appear to address your personal or business computing dilemma, download, and install. Even large companies are taking advantage of open source programs to enhance their portfolio of enterprise applications. Still, everyone […]

April 24, 2020

Secure code review: 8 security code review best practices

Code reviews are hard to do well. Particularly when you’re not entirely sure about the errors you should be looking for! The DevSecOps approach pushes security testing left so that vulnerabilities can be found and fixed earlier, in the design, development, or CI/CD stages of the workflow. It’s always a good idea to check for […]

April 20, 2020

Vuln Cost: Effortless finding vulnerabilities in npm packages with VS Code

Visual Studio Code is probably the most widely-used code editor for JavaScript developers. As 80 or maybe even 90 percent of the code developed is heavily dependent on open source packages, developers need to know what these packages do. Do you, for instance, know for all the packages you import if they contain known security […]

April 2, 2020

March in review: State of Open Source Security survey, All.The.Talks virtual conference, and more

We are wrapping up this month and we present to you the most interesting highlights and security news from March 2020, Including All.The.Talks — a new virtual community conference — the launch of the State of Open Source Security survey, and several product updates from Snyk. Security news Our State of Open Source Security survey […]

March 31, 2020