Heroku Add-On Beta

Geva Solomonovich's avatar Geva Solomonovich

A few months ago we launched Snyk for Serverless, testing FaaS and PaaS apps for vulnerable libraries. We are now taking PaaS testing to the next level by launching the Beta of the Snyk Heroku Add-On.

Snyk already supports continuously monitoring Heroku apps by pointing Snyk to your Heroku deployment following the instructions in the link. But with the new Heroku Add-On we go even deeper, integrating with your Heroku workflows, scanning your Heroku apps on every deploy, and sending you real time notifications when your deploys have known vulnerabilities.

Uncover vulnerable libraries in your Heroku addons

Since the add-on is currently in beta, it’s free to try out! We’re looking for people to take it for a test drive and provide us with some feedback. To try it out, simply install the snyk add-on using the Test plan. You can find the Snyk add-on details on the Heroku Elements marketplace.

Once you’ve attached the Snyk Heroku Add-On to one (or more) of your Heroku apps, you can see your detailed vulnerability reports by clicking on the Snyk logo from your Heroku App settings page.

Detailed advisory report for discovered vulnerabilities

We’d love for you to try this out and to hear your feedback. Email support@snyk.io with any feedback or thoughts, or if you would like to get notified when the Snyk Add-On comes out of beta. We look forward to hearing from you!

Python 2 vs 3: Security Differences

October 10, 2017

Python 3 and Python 2 have various functional differences. On their own, they’re not necessarily better or worse (though arguably Python 3 should be an improvement), but any change may introduce risk. This post highlights and explains a few differences between the versions that have security implications.

GDPR Compliance and Open Source

September 26, 2017

After years of preparation and debate, the General Data Protection Regulation (GDPR) was finally approved by the EU with enforcement starting as early as May 2018, at which time those organisations in non-compliance will face heavy fines. In this post we explain how that impacts companies using open-source and how they can protect themselves.

Subscribe to The Secure Developer Podcast

A podcast about security for developers, covering tools and best practices.

Find out more

Interested in web security?

Subscribe to our newsletter:

Get realtime updates and fixes for JavaScript, Ruby and Java vulnerabilities that affect your applications