Integrating actionable security in your CI/CD workflow and build systems with Snyk tests

Connecting Snyk with the repositories you’ve stored in a source code management system such as GitHub or GitLab and then importing your projects to Snyk is a great way to leverage and benefit from security application testing throughout your core application development workflows. You immediately benefit from continuous security monitoring for any new vulnerabilities detected […]

December 12, 2019

Snyk Receives “Best CEO” Award

We’re excited to share that our CEO and fearless leader, Peter McKay, was recognised as a top 10 “Best CEO” by Comparably’s Best Places to Work awards 2019. Comparably’s Best Places to Work winners are selected based on anonymous employee ratings submitted on the Comparably site between November 2018-19.  For this amazing recognition, we have […]

December 11, 2019

Malicious packages found to be typo-squatting in Python Package Index

Two malicious packages were removed from the Python Package Index (PyPI) this week. These packages, jeIlyfish (a misspelling of the package jellyfish only noticeable when using certain fonts) and python3-dateutil (impersonating the popular dateutil package), were taking advantage of something called “typo-squatting”. Typo-squatting occurs when a malicious package is uploaded with a name similar to […]

December 5, 2019

Deploying a Gatsby site to GitHub Pages from Travis CI

I recently worked on a simple static website for an open source project I have and took Gatsby for a spin along with one of the theme starters. To serve the web pages, I decided to host my Gatsby generated static website on GitHub pages where I also host the source code, so that everything […]

December 3, 2019

Creating a Language for Security with Chef’s Adam Jacob

As 2019 draws to an end, we are going to be looking back on some great episodes of our podcast The Secure Developer. See the first post here and the second post here. The Secure Developer podcast is part of our vendor neutral, security education focused community MyDevSecOps. The community, previously also known as The […]

November 27, 2019

Snyk’s defining values

Throughout my career, I have often struggled with the authenticity of my company’s stated values. Sometimes, the values rang hollow. Sometimes, they were more aspirational than authentic. Sometimes, they were authentic but not beneficial.  For example, a previous company had a value called “go, go, go” which didn’t necessarily lead to good decisions or a […]

November 26, 2019

Snyk Unifies Open Source and Container Security for Coveo

It’s an exciting time for our team with the recent launch of Snyk Container and just coming back from KubeCon. The best validation though comes when users and customers find Snyk’s products valuable to their business.  Coveo, which uses artificial intelligence technology to personalize millions of digital experiences, started using Snyk for license management last […]

November 22, 2019

What’s so wild about exploits in the wild – and how can we prioritize accordingly?

How exploits in the wild translate into greater risk, how we can evaluate that risk, and discuss how to prioritize and quickly handle your vulnerabilities accordingly.

November 21, 2019

Open Source Vulnerabilities and Security with Microsoft’s Jeff McAffer

As 2019 draws to an end, we are going to be looking back on some great episodes of our podcast The Secure Developer. See the first post here. The Secure Developer podcast is part of our vendor neutral, security education focused community MyDevSecOps. The community, previously also known as The Secure Developer, meets virtually via […]

November 20, 2019

Write secure Kubernetes configuration with help from Snyk

Last week we launched Snyk Container and today we have an exciting followup to that news.  We are releasing a beta of a new Snyk feature to help you find and fix issues with your Kubernetes configuration as part of your development process. SIGN UP FOR THE BETA The configuration problem As we discussed in […]

November 18, 2019

Showing application vulnerabilities in Kubernetes-native tooling

Building on the new Kubernetes features in Snyk Container, we’ve been experimenting with integrating vulnerability data more closely into the Kubernetes ecosystem. Snyk has an extensive set of dashboards and reporting features, which are great if you’re focused just on security. But what about if you don’t want to switch context from what you’re doing […]

November 18, 2019