security news

February in review: JVM Ecosystem Report, Python and Container Updates, and more

| By Hayley Denbraver

As we wrap up February, dive into the JVM Ecosystem report, tune into DevSecOps learnings, catch up on the latest Snyk product updates, and mark your calendar for KubeCon EU!

Security news

New! JVM ecosystem report 2020

Insights based on a global developer community survey show us that:

  • 36% of developers switched from Oracle JDK to an alternate OpenJDK distribution, over the last year
  • 64% of developers report that Java 8 remains the most often used release
  • And much more! Read the full report

JavaScript libraries are almost never updated once installed

The libraries you publish may exist on websites forever. The underlying web platform then must support aged conventions indefinitely to continue supporting the full breadth of the web. Read more.

Ghostcat breach affects all Tomcat versions

Tomcat is one of the most popular Java HTTP web server environments. Read all about the Ghostcat high severity vulnerability found in it and patch solutions to mitigate the associated risk.  Read more.

New from Snyk

Product updates

Python Fix PRs – We’ve automated fix pull requests providing you with additional support with the security of your Python dependencies. Read more.

Actionable Remediation Advice – Now you get summarized remediation advice and resolve vulnerabilities in your code with the help of a clear overview.  Read more.

Improved Reports Experience – we’ve upgraded our reports look & feel for easier use.  Read more.

Artifactory container registry support – Snyk Container now scans container images stored in JFrog Artifactory. Snyk Container goes beyond detecting vulnerabilities in your images – and provides fix recommendations to help you quickly optimize how you build your containers. Read more.

Simplified EKS + ECR detection and scanning – Snyk Container now detects workloads as they are created in EKS and connects to ECR to scan the container image for vulnerabilities and provide fix recommendations. We also alert you to potential workload configuration issues that make your application easier to attack. Learn more about our AWS integration..

Check out our YouTube channel

Prefer videos to help you get started? Check out our YouTube channel, and our newest addition for How to Integrate with GitHub

Stay up-to-date with our in-app widget

Visit us at https://updates.snyk.io/ and never miss the feature you’ve been waiting for again.

Community

Live MyDevSecOps webinar!

Tune into Gareth Rushgrove’s webinar  on “The perils of configuration security”.  March 5th | Register here.

CNCF webinar: Helm security—a look below deck

Watch this session hosted by Matt Farina, Helm Maintainer @Samsung SDS, Hayley Denbraver, Developer Advocate @Snyk, and Raghavan “Rags” Srinivas, Lead Container Developer Advocate @Snyk. Watch recording

Let’s meet at KubeCon EU | March 30 – April 2

Stop by booth #S34, sign up for our free Day Zero workshop with CircleCI, “Automating Open Source Security Scanning,” or sit on one of several insightful sessions:

DevSecCon 24

Join the first ever DevSecCon virtual conference delivering top DevSecOps content over 24 hours without leaving your home or office! It’s a free event, so mark your calendars for June 15th & 16th and register to attend. https://www.devseccon.com/devseccon24-2020/