Snyk vulnerability disclosure program: what’s going on behind the scenes?
At Snyk we firmly believe in keeping the open source community secure. This is why we launched our responsible vulnerability disclosure program, supporting all vulnerabilities found within managed open source packages and in languages including Javascript, Java, Python, .NET, Go, Ruby, and PHP. Why disclose vulnerabilities with Snyk? With our vulnerability disclosure practice at Snyk, […]
Yarn 2 plugins – an introduction
We start off with setting up an environment to build the plugin. Let’s begin with creating a new project that will be managed with Yarn 2
A recap of our Kubernetes configuration security announcement and webinar
Thank you to all who attended our release announcement webinar on Kubernetes configuration security on Wednesday, April 8. We’re excited to get this new feature in your hands and hear what you think and what you want us to build to help keep your Kubernetes applications secure. We had some great questions during the webinar […]
Snyk Integrates with AWS to Help Enterprises Build Secure Applications
Snyk’s roots have been, from its earliest days, in bottom-up developer adoption — evident in our base of 400,000 developers who use our free tier. However, as Snyk has grown, we’ve added product features that cater to larger enterprises as well and have hired a stellar team to serve our customers. As a result, a […]
Fixing insecure Kubernetes configuration at the source
We’re happy to announce today the public availability of a whole new feature in Snyk, to help you find and fix security issues in your Kubernetes configuration files. Configuration management shifting left Traditionally, developers have been responsible for just writing the code — someone else was responsible for quality. Yet another person was responsible for […]
Responsible disclosure: the impact of vulnerability disclosure on open source security
It’s a common mistake to think that once a vulnerability is found, the responsible thing would be to make it widely known as soon as possible. The truth is quite the opposite. Responsible vulnerability disclosure is a disclosure model commonly used in the cybersecurity world where 0-day vulnerabilities are first disclosed privately, thus allowing code […]
VS Code extension: building auto CI/CD with GitHub Actions
This article is about building a full CI/CD pipeline for a VS Code extension using GitHub Actions. My basic requirement was to build an automatic CI/CD that will allow me to do the following upon pushing a new commit to master branch: Test: run the tests on Mac, Windows and Linux. Release: create a new GitHub release […]
Yarn 2 — the future of package managers for JavaScript?
What is Yarn 2? Yarn 2 is the new release of the revolutionary and well-established npm package manager Yarn which features improvements, such as Plug’n’Play, Plugins architecture, Monorepos, and improved workspaces support, Zero installs. You can find the community repository on GitHub at: https://github.com/yarnpkg/berry. Why did we need a new Yarn version? Yarn 2 ticks […]
Vuln Cost: Effortless finding vulnerabilities in npm packages with VS Code
Visual Studio Code is probably the most widely-used code editor for JavaScript developers. As 80 or maybe even 90 percent of the code developed is heavily dependent on open source packages, developers need to know what these packages do. Do you, for instance, know for all the packages you import if they contain known security […]
Snyk participates in Atlassian Remote Summit and limited-time Bitbucket Cloud promotion
With a shared goal to help developers code, build, and ship their applications faster and more securely than ever, we are excited to sponsor the Atlassian Remote Summit, April 1-2. Announced just in time for Summit, Atlassian created a special limited-time Bitbucket Cloud promotion, which bundles Snyk and other developer tools. This special offer, available […]
Vulnerable Gradle plugin-publish plugin reveals sensitive information
Just a few days ago, on March 27, a security vulnerability was disclosed and published — CVE-2020-7599 — on Gradle’s plugin-publish plugin. It is a vulnerability that affects all versions of the package below 0.11.0. The vulnerability was found on March 4 by Danny Thomas, Developer Productivity at Netflix, and reported to Gradle straight away. […]