February in review: JVM Ecosystem Report, Python and Container Updates, and more
Hayley Denbraver
February 28, 2020
0 mins readAs we wrap up February, dive into the JVM Ecosystem report, tune into DevSecOps learnings, catch up on the latest Snyk product updates, and mark your calendar for KubeCon EU!
Security news
New! JVM ecosystem report 2020
Insights based on a global developer community survey show us that:
36% of developers switched from Oracle JDK to an alternate OpenJDK distribution, over the last year
64% of developers report that Java 8 remains the most often used release
And much more! Read the full report
JavaScript libraries are almost never updated once installed
The libraries you publish may exist on websites forever. The underlying web platform then must support aged conventions indefinitely to continue supporting the full breadth of the web. Read more.
Ghostcat breach affects all Tomcat versions
Tomcat is one of the most popular Java HTTP web server environments. Read all about the Ghostcat high severity vulnerability found in it and patch solutions to mitigate the associated risk. Read more.
New from Snyk
Product updates
Python Fix PRs - We’ve automated fix pull requests providing you with additional support with the security of your Python dependencies. Read more.
Actionable Remediation Advice- Now you get summarized remediation advice and resolve vulnerabilities in your code with the help of a clear overview. Read more.
Improved Reports Experience - we’ve upgraded our reports look & feel for easier use. Read more.
Artifactory container registry support - Snyk Container now scans container images stored in JFrog Artifactory. Snyk Container goes beyond detecting vulnerabilities in your images - and provides fix recommendations to help you quickly optimize how you build your containers. Read more.
Simplified EKS + ECR detection and scanning - Snyk Container now detects workloads as they are created in EKS and connects to ECR to scan the container image for vulnerabilities and provide fix recommendations. We also alert you to potential workload configuration issues that make your application easier to attack. Learn more about our AWS integration..
Check out our YouTube channel
Prefer videos to help you get started? Check out our YouTube channel, and our newest addition for How to Integrate with GitHub.
Stay up-to-date with our in-app widget
Visit us at https://updates.snyk.io/ and never miss the feature you've been waiting for again.
Community
Live MyDevSecOps webinar!
Tune into Gareth Rushgrove's webinar on “The perils of configuration security”. March 5th | Register here.
CNCF webinar: Helm security—a look below deck
Watch this session hosted by Matt Farina, Helm Maintainer @Samsung SDS, Hayley Denbraver, Developer Advocate @Snyk, and Raghavan "Rags" Srinivas, Lead Container Developer Advocate @Snyk. Watch recording
Let's meet at KubeCon EU | March 30 - April 2
Stop by booth #S34, sign up for our free Day Zero workshop with CircleCI, “Automating Open Source Security Scanning," or sit on one of several insightful sessions:
How Secure Is Your Build/Server? - Patrick Debois
Uncharted Territories: Discovering Vulnerabilities in Public Helm Charts - Hayley Denbraver
Kubernetes and Cloud Native Security: A State of the Union - Snyk, Red Hat, IBM & Microsoft
DevSecCon 24
Join the first ever DevSecCon virtual conference delivering top DevSecOps content over 24 hours without leaving your home or office! It’s a free event, so mark your calendars for June 15th & 16th and register to attend. https://www.devseccon.com/devseccon24-2020/