Snyk vulnerability disclosure program: what’s going on behind the scenes?

At Snyk we firmly believe in keeping the open source community secure. This is why we launched our responsible vulnerability disclosure program, supporting all vulnerabilities found within managed open source packages and in languages including Javascript, Java, Python, .NET, Go, Ruby, and PHP. Why disclose vulnerabilities with Snyk? With our vulnerability disclosure practice at Snyk, […]

April 14, 2020

Yarn 2 plugins – an introduction

We start off with setting up an environment to build the plugin. Let’s begin with creating a new project that will be managed with Yarn 2

April 13, 2020

A recap of our Kubernetes configuration security announcement and webinar

Thank you to all who attended our release announcement webinar on Kubernetes configuration security on Wednesday, April 8. We’re excited to get this new feature in your hands and hear what you think and what you want us to build to help keep your Kubernetes applications secure. We had some great questions during the webinar […]

April 10, 2020

Snyk Integrates with AWS to Help Enterprises Build Secure Applications

Snyk’s roots have been, from its earliest days, in bottom-up developer adoption — evident in our base of 400,000 developers who use our free tier. However, as Snyk has grown, we’ve added product features that cater to larger enterprises as well and have hired a stellar team to serve our customers. As a result, a […]

April 9, 2020

Fixing insecure Kubernetes configuration at the source

We’re happy to announce today the public availability of a whole new feature in Snyk, to help you find and fix security issues in your Kubernetes configuration files. Configuration management shifting left Traditionally, developers have been responsible for just writing the code — someone else was responsible for quality. Yet another person was responsible for […]

April 8, 2020

Responsible disclosure: the impact of vulnerability disclosure on open source security

It’s a common mistake to think that once a vulnerability is found, the responsible thing would be to make it widely known as soon as possible. The truth is quite the opposite.  Responsible vulnerability disclosure is a disclosure model commonly used in the cybersecurity world where 0-day vulnerabilities are first disclosed privately, thus allowing code […]

April 7, 2020

VS Code extension: building auto CI/CD with GitHub Actions

This article is about building a full CI/CD pipeline for a VS Code extension using GitHub Actions. My basic requirement was to build an automatic CI/CD that will allow me to do the following upon pushing a new commit to master branch: Test: run the tests on Mac, Windows and Linux. Release: create a new GitHub release […]

April 6, 2020

Yarn 2 — the future of package managers for JavaScript?

What is Yarn 2? Yarn 2 is the new release of the revolutionary and well-established npm package manager Yarn which features improvements, such as Plug’n’Play, Plugins architecture, Monorepos, and improved workspaces support, Zero installs. You can find the community repository on GitHub at: Why did we need a new Yarn version? Yarn 2 ticks […]

April 3, 2020

Vuln Cost: Effortless finding vulnerabilities in npm packages with VS Code

Visual Studio Code is probably the most widely-used code editor for JavaScript developers. As 80 or maybe even 90 percent of the code developed is heavily dependent on open source packages, developers need to know what these packages do. Do you, for instance, know for all the packages you import if they contain known security […]

April 2, 2020

Snyk participates in Atlassian Remote Summit and limited-time Bitbucket Cloud promotion

With a shared goal to help developers code, build, and ship their applications faster and more securely than ever, we are excited to sponsor the Atlassian Remote Summit, April 1-2.  Announced just in time for Summit, Atlassian created a special limited-time Bitbucket Cloud promotion, which bundles Snyk and other developer tools. This special offer, available […]

April 1, 2020

Vulnerable Gradle plugin-publish plugin reveals sensitive information

Just a few days ago, on March 27, a security vulnerability was disclosed and published — CVE-2020-7599 — on Gradle’s plugin-publish plugin. It is a vulnerability that affects all versions of the package below 0.11.0. The vulnerability was found on March 4 by Danny Thomas, Developer Productivity at Netflix, and reported to Gradle straight away. […]

March 31, 2020