Product
Learn more about new features and Snyk product announcements.
View and report on all of your Snyk Infrastructure as Code configuration issues
View a complete picture of the open issues across your application, covering vulnerabilities from open source libraries and container images, licenses, and now configuration issues from your Kubernetes and Terraform files.
Scanning Red Hat Quay registry images for vulnerabilities with Snyk
We’re excited to share that you can now scan container images stored in Red Hat’s Quay container registry and their hosted Quay.io service with Snyk Container. Snyk Container helps you find and fix vulnerabilities in your container images and integrates with Quay as a container registry to enable you to import your projects and monitor […]
Scanning Harbor registry images for vulnerabilities with Snyk
Snyk Container offers support for scanning container images stored in the popular open source container registry, Harbor. Learn how to use it to keep your containers safe.
Secure coding with Snyk Code: Ignore functionality with a twist
Snyk Code provides the ability to ignore suggestions. Learn about our take on this functionality using intermediate representation. We think you'll like it.
Automate container security with Dockerfile pull requests
Integration with your source code managers and issuing pull requests to fix issues has been part of Snyk’s success in helping our customers fix application dependencies for several years. Now, we want to help you address container security in a similar way. We’re happy to share that we are extending Snyk Container by helping you […]
Defining Developer-first Container Security
Have you shifted left, yet? That’s the big trend, isn’t it? It’s meant to signal a movement of security responsibilities, moving from central IT teams over to developers, but that’s trickier than it sounds. Simply taking tools that are intended for use by security experts and making them run earlier in the supply chain does […]
Snyk’s new vulnerability cards – fix issues fast with a new look and feel
One of our missions at Snyk is a simple one: help developers fix things easily. We further our mission by releasing features and improvements as quickly as possible, but it’s also just as important that developers have an experience which helps them gain as much value from Snyk as possible. This includes being able to […]
Snyk-Watcher: keep Snyk in sync
Welcome to Snyk API Wednesdays! This is our newest blog series that highlights the different ways the Snyk API is leveraged by our customers. Snyk’s extensibility and API enable developers to tune Snyk’s security automation to their specific workflows, ensuring both developer experience and consistent platform governance. We’re proud to start the series with a […]
Extensibility and the Snyk API: our vision, commitment, and progress
At Snyk, we strongly believe in empowering developers to take ownership of security. Developers are the builders of today and ultimately hold the keys to successfully securing their code. Only a developer-first approach, one that combines developer-friendly tooling together with guidance by security, can help organizations traverse the path to better-secured applications. We are continuously […]
Identify, prioritize, and fix vulnerabilities with Reachable Vulnerabilities for GitHub
Imagine you are a Java programmer and that you just decided you want to use Snyk Open Source scanning to help you find security problems in your third party libraries. Good call! However, after connecting your repository to the Snyk Open Source scanner, you find out that you have ten or maybe even 50 vulnerabilities […]
Golang security: access restriction bypass vulnerability in JWT
Back in July, the Snyk security team was alerted about a potential security issue in the JWT package. This package provides a Go implementation of JSON web tokens and the issue that was discovered related to a function called VerifyAudience that was not working as expected. The function allowed passing a double quotes (“”) value […]