JavaScript frameworks security report 2019

Welcome to Snyk's State of JavaScript frameworks security report 2019. In this report, we investigate the state of security for both the Angular and React ecosystems, looking at best practices, secure coding, and security vulnerabilities in React, Angular, and other frontend projects such as Bootstrap, Vue.js, and jQuery. Inside you will find the report in it's digital format as a PDF to download and review offline.

October 30, 2019

84% of all websites are impacted by jQuery XSS vulnerabilities

Welcome to Snyk’s State of JavaScript frameworks security report 2019. In this blog post we’ll review security vulnerabilities found in other frontend ecosystem projects. After reviewing Angular and React as major JavaScript frameworks, we’ll take a brief review of selected JavaScript and CSS frameworks: Vue.js, jQuery and Bootstrap. jQuery security jQuery took web development by […]

October 30, 2019

2019 side-by-side comparison of Angular and React security vulnerabilities

Welcome to Snyk’s State of JavaScript frameworks security report 2019. In this section, we review the impact that security vulnerabilities can have by looking at the severity, CVSS scores and more over the years for both Angular and React. Furthermore, we look into the time it takes for the vulnerabilities in each framework to be […]

October 30, 2019

Angular vs React: security bakeoff 2019

Welcome to Snyk’s State of JavaScript frameworks security report 2019. Let’s begin this report by exploring the different security vulnerabilities found in the core Angular and React projects. We then review the severity breakdown for each of the vulnerabilities and we inspect the differences between the two. Lastly, for both projects, we review the time […]

October 30, 2019

Shifting security left means culture, not just tools

This is the second part of a four part series about building your Kubernetes AppSec strategy. The first part is here. As organizations embrace DevOps practices and transform how they build and maintain applications, many aspects of application development are changing. Traditional systems administration has changed in many organizations, with the embrace of site reliability […]

October 29, 2019

A recap from our latest PCI webinar, and compliance tips from Deliveroo

Remember our previous blog post on the new PCI standards and how to comply? We recently hosted a webinar to break down what’s important to take away from the latest update, far beyond the fundamentals. During the session, Jim Manico (founder at Manicode) and Adam Thompson, Information Security Officer at Deliveroo shared their insights to […]

October 17, 2019

Container security throughout the SDLC

Containers are increasingly becoming the standard unit of software. The container image, technically defined in the OCI image specification, is a key component of modern tooling, from Docker to Kubernetes to platforms like AWS Fargate and Google Cloud Run. What does this mean for application security? Where we use container images One of the interesting […]

October 16, 2019

Snyk joins CloudBees new Technical Alliance Partner Program as Premier launch member

We’re thrilled to join CloudBees’ new Technical Alliance Partner Program to take our collaboration with the CI/CD and application release orchestration (ARO) company to the next level. Check out the news from CloudBees’ recent TAPP announcement here!  Snyk’s mission is to empower developers to use open source software and stay secure. While scanning and fixing […]

October 10, 2019

A Snyk peek into Node.js and npm’s state of open source security report 2019

In the State of Open Source Security Report 2019, we set out to measure the pulse of the open source security landscape throughout the different language ecosystems and have analyzed responses from over five hundred open source maintainers and users who provided us with insights into their processes and knowledge of open source security risks […]

October 9, 2019

Trend Micro and Snyk partner to deliver complete remediation to secure containers

We’re excited to announce a new strategic partnership with Trend Micro to help businesses quickly deliver secure applications. Trend Micro is well known as a global market leader in hybrid cloud security. Additionally Trend Micro offers network, IoT, and endpoint protection security.  We’re honored to pair our unique approach which enables developers to own security […]

October 8, 2019

Shifting compliance left: Helping legal teams and developers cooperate around licensing issues

We are excited to share that we now support customized license instructions, helping the teams in your organization collaborate better together on licensing compliance: legal teams can better equip developers to shift compliance left by customizing license policies with clear instructions, and developers can then more easily integrate license analysis as part of their routine workflow. 

October 2, 2019