Uncharted territory – discovering vulnerabilities in public Helm Charts

Similar to our report on Docker image security, we wanted to take a look at the state of vulnerabilities in the public Helm Charts repository. DOWNLOAD HELM CHART SECURITY REPORT Helm is a popular package manager for Kubernetes. As well as being used by developers to package their own applications, the official Charts repository contains […]

November 18, 2019

Security digital transformation with James Kaplan

As 2019 draws to an end, we are going to be looking back on some great episodes of our podcast The Secure Developer. This post is the first in the series, so keep your eye out for future installments. The Secure Developer podcast is part of our vendor neutral, security education focused community MyDevSecOps. The […]

November 14, 2019

Shipping Kubernetes-native applications with confidence

A few months ago, our team began developing a new product. This new product has a few properties that differentiate it from other software projects we have developed so far: It’s native to Kubernetes, meaning it’s tightly coupled to the Kubernetes API and requires that specific API in order to run (or even to be […]

November 14, 2019

See Snyk and GitHub in action at GitHub Universe

At Snyk, we are committed to building security tools that help developers shift security left to embrace security and quality as early, easily, and efficiently as possible.  With the recent beta release of GitHub Actions, we decided to look at how we could help GitHub users adopt better security controls for DevOps and CI/CD workflows. […]

November 13, 2019

Secure your Kubernetes applications with Snyk Container

We wrote previously about implementing container security throughout the SDLC, and discussed the trade offs of testing locally, in your CI/CD pipeline, against your registry, and in your Kubernetes cluster. With the new Kubernetes integration in Snyk Container, we’re aiming to make that last part both easier to do, and bring that information closer to […]

November 12, 2019

Putting container security in the hands of developers

Snyk is excited to announce that today we are launching Snyk Container, a new product that helps developers easily find and fix vulnerabilities in their container applications.

November 12, 2019

Using third party content securely

This is the final part of a four part series about building your Kubernetes AppSec strategy. The previous parts are available here: Container security throughout the SDLC Shifting security left means culture, not just tools From image security to workload security   One topic we haven’t touched on in our discussion of application security for […]

November 8, 2019

Keep your dependencies up-to-date—enable auto upgrades with Snyk

We are excited to announce the release of a new way to take action on the deep insights Snyk offers regarding security and project health—auto upgrades. Where Snyk’s automated fix pull requests (PRs) apply targeted vulnerability fixes to make the smallest possible change, auto upgrades works to keep dependencies up to date, to help ensure […]

November 6, 2019

From image security to workload security

This is the third part of a four part series about building your Kubernetes AppSec strategy. Part I Part II In one of our previous posts we discussed how packaging of applications is shifting to developers as organizations embrace containers. But it’s not just packaging that’s moving from systems administration to development, it’s configuration management […]

October 31, 2019

Angular vs React: the security risk of indirect dependencies

Welcome to Snyk’s State of JavaScript frameworks security report 2019. In this section, we review the security risk of the indirect independencies for both Angular and React, and then we also review the direct dependencies, first for Angular and then for React. The modules reviewed in this part do not represent a complete list of […]

October 30, 2019

Comparing React and Angular secure coding practices

Welcome to Snyk’s State of JavaScript frameworks security report 2019, this section of the report is about Angular and React projects overall security posture. In this section, we explore both the Angular and the React project security postures. This includes secure coding conventions, built-in in secure capabilities, responsible disclosure policies, and dedicated security documentation for […]

October 30, 2019