security news

March in review: State of Open Source Security survey, All.The.Talks virtual conference, and more

| By Eirini-Eleni Papadopoulou

We are wrapping up this month and we present to you the most interesting highlights and security news from March 2020, Including All.The.Talks — a new virtual community conference — the launch of the State of Open Source Security survey, and several product updates from Snyk.

Security news

Our State of Open Source Security survey is now live!

Help us analyze trends in how organizations are using and securing open source software and cloud native technologies. Once we collate all the results, we’ll create our 2020 report that we’ll make available to you and the community!

Take the survey here.

Update: check out the new State of Open Source Security Report 2020!

How to detect and fix Kubernetes access restriction vulnerability CVE-2019-11249

Kubernetes remains a powerful open source system for developers, but like any tool needs to be used carefully. This post discusses two recent vulnerabilities (CVE-2019-11247 and CVE-2019-11249) and how you can address them. Read more here.

What is a backdoor? Let’s build one with Node.js

We have seen dependencies become the perfect target for cybercriminals, with many new attacks enacted, like typosquatting attack or event-stream incident. This post showcases how we can end up with a malicious backdoor in the ecosystem and discusses ideas for mitigating the risk. Read the full article here.

News from Snyk

Product updates

  • This exciting new partnership between Snyk and Neighbourhoodie Software, makers of Greenkeeper and developer tooling innovators, has allowed us to improve our automatic dependency upgrades functionality. Read more here.
  • Combined status checks for pull request tests: Instead of seeing multiple Snyk security and license status checks per Snyk project (one Snyk project is equivalent to one manifest file), you’ll now see only two combined status checks per project. Get started
  • Snyk Container improvements and expanded platform support: learn more about our integration between Amazon ECR and EKS and support for Red Hat OpenShift 4 here and here.
  • Kubernetes configuration scanning: allows you to find and fix issues in your Kubernetes configuration files. The initial release integrates with source code managers to detect Kubernetes files and provide fix recommendations. Enable this feature here.

Videos

If you prefer videos to written documentation, we got you covered! Check out our introductory videos on how to use Snyk, learn your way around the Snyk app and its basic functions. Find all our videos here.

Stay up-to-date directly from our in-app widget.

Visit us at https://updates.snyk.io/ and never miss the feature you’ve been waiting for again.

Community learnings

Security Boulevard: Integrate Security Early and Often For Successful DevSecOps

Join this presentation by Snyk and Rapid7 to learn how security experts are evolving application security. April 9 | Register here.

On DevOps.com: Do You Trust Your DevSecOps Pipeline?

Join Patrick Debois, Snyk DevOps Evangelist and co-author of “The DevOps Handbook,” along with Anders Wallgren, CloudBees Field CTO, as they share tips to allow developers and operators to increase delivery velocity and harden their pipelines. April 16 | Register here.

MyDevSecOps Webinar: Cloud misconfiguration detection- Runtime vs Static analysis

Tune into Barak Schoster’s webinar on “Cloud misconfiguration detection – Runtime vs Static analysis”. April 2 | Register here.

All The Talks Conference

We are excited to announce we have launched a new virtual community conference called allthetalks.online which will be held on April 15th, 2020. Apply for a speaker position, attend, or sponsor here.

DevSecCon 24 Virtual Conference

Join the first-ever DevSecCon virtual conference delivering top DevSecOps content over 24 hours without leaving your home or office! It’s a free event, so mark your calendars for June 15th & 16th and register to attend.

Destination: Centralization Conference

Join us on April 16th at this digital conference from Kong exploring how container and microservices adoption is impacting software architectures

Register to hear Snyk’s Developer Advocate Liran Tal walk through how to test APIs, whether they are GraphQL, REST or Event-driven, to help simplify continuous delivery of microservices.