Learn more about new features and Snyk product announcements.

View and report on all of your Snyk Infrastructure as Code configuration issues

View a complete picture of the open issues across your application, covering vulnerabilities from open source libraries and container images, licenses, and now configuration issues from your Kubernetes and Terraform files.

April 6, 2021

Scanning Red Hat Quay registry images for vulnerabilities with Snyk

We’re excited to share that you can now scan container images stored in Red Hat’s Quay container registry and their hosted service with Snyk Container. Snyk Container helps you find and fix vulnerabilities in your container images and integrates with Quay as a container registry to enable you to import your projects and monitor […]

April 1, 2021

Scanning Harbor registry images for vulnerabilities with Snyk

Snyk Container offers support for scanning container images stored in the popular open source container registry, Harbor. Learn how to use it to keep your containers safe.

April 1, 2021

Secure coding with Snyk Code: Ignore functionality with a twist

Snyk Code provides the ability to ignore suggestions. Learn about our take on this functionality using intermediate representation. We think you'll like it.

March 30, 2021

Automate container security with Dockerfile pull requests

Integration with your source code managers and issuing pull requests to fix issues has been part of Snyk’s success in helping our customers fix application dependencies for several years. Now, we want to help you address container security in a similar way. We’re happy to share that we are extending Snyk Container by helping you […]

March 16, 2021

Defining Developer-first Container Security

Have you shifted left, yet? That’s the big trend, isn’t it? It’s meant to signal a movement of security responsibilities, moving from central IT teams over to developers, but that’s trickier than it sounds. Simply taking tools that are intended for use by security experts and making them run earlier in the supply chain does […]

March 16, 2021

Snyk’s new vulnerability cards – fix issues fast with a new look and feel

One of our missions at Snyk is a simple one: help developers fix things easily. We further our mission by releasing features and improvements as quickly as possible, but it’s also just as important that developers have an experience which helps them gain as much value from Snyk as possible. This includes being able to […]

March 2, 2021

Snyk-Watcher: keep Snyk in sync

Welcome to Snyk API Wednesdays! This is our newest blog series that highlights the different ways the Snyk API is leveraged by our customers. Snyk’s extensibility and API enable developers to tune Snyk’s security automation to their specific workflows, ensuring both developer experience and consistent platform governance. We’re proud to start the series with a […]

February 17, 2021

Extensibility and the Snyk API: our vision, commitment, and progress

At Snyk, we strongly believe in empowering developers to take ownership of security.  Developers are the builders of today and ultimately hold the keys to successfully securing their code. Only a developer-first approach, one that combines developer-friendly tooling together with guidance by security, can help organizations traverse the path to better-secured applications.  We are continuously […]

February 17, 2021

Identify, prioritize, and fix vulnerabilities with Reachable Vulnerabilities for GitHub

Imagine you are a Java programmer and that you just decided you want to use Snyk Open Source scanning to help you find security problems in your third party libraries. Good call!  However, after connecting your repository to the Snyk Open Source scanner, you find out that you have ten or maybe even 50 vulnerabilities […]

January 28, 2021

Golang security: access restriction bypass vulnerability in JWT

Back in July, the Snyk security team was alerted about a potential security issue in the JWT package. This package provides a Go implementation of JSON web tokens and the issue that was discovered related to a function called VerifyAudience that was not working as expected. The function allowed passing a double quotes (“”) value […]

December 22, 2020