The Secure Developer: talking DevSecOps in Azure with Microsoft’s Victoria Almazova

In February of this year, Snyk launched a new educational, vendor-neutral, and security-focused community, The Secure Developer. Snyk wants to help developers adopt a security mindset throughout their development process and The Secure Developer community is the place where you can do just that; a place to learn security best practices from experts in an […]

September 25, 2019

Why npm lockfiles can be a security blindspot for injecting malicious modules

I recently started playing around with the idea of threat modeling packages on the npm ecosystem. Can an event-stream incident happen again? How about other supply chain attacks? What will be the next vector of attack that we haven’t seen yet and might it be entirely preventable? And then, one day I had a eureka! […]

September 24, 2019

Modern security leader spotlight: with Marcin Hoppe from Auth0

The Auth0 team uses Snyk to "make sure we are running on a secure foundation, no matter what."

September 19, 2019

Everything you wanted to know about addressing security vulnerabilities in Linux-based containers

Think about the most important container image that you have running in production right now. How did you choose its base image? Do you know how many vulnerabilities that base image has? Wouldn’t you like to know? Here at Snyk we try to make the process of choosing the most secure base image smarter, smoother […]

September 18, 2019

10 Java security best practices

In this cheat sheet edition, we’re going to focus on ten Java security best practices for both open source maintainers and developers. This cheat sheet is a collaboration between Brian Vermeer, Developer Advocate for Snyk and Jim Manico, Java Champion and founder of Manicode Security. We recommend you print out the cheat sheet and also […]

September 16, 2019

Sequelize ORM npm library found vulnerable to SQL Injection attacks

Object-Relational Mappers, also commonly referred to as ORMs, are a set of SQL libraries that help developers manage their database code by abstracting it into language constructs. SQL ORM libraries have been found to be great for SQL Injection prevention, but unfortunately they themselves may have security bugs that open the door for application-level SQL […]

September 11, 2019

Snyk Raises $70M to Accelerate Dev-first Security

The Snyk Team is thrilled to announce we have raised $70 million investment, led by Accel and existing investors GV and Boldstart Ventures, to further boost our growth and leadership in the dev-first security market! 

September 9, 2019

Making climate positive changes

👋 Hey I’m Luke, an engineer at Snyk based in Amsterdam. I wanted to share my story about making climate positive changes. For a long time, I believed that the most impact I could make was on a personal level, by not being wasteful. I’ve tried really hard over the last few years to make […]

September 5, 2019

6 stages of refactoring a Jest test case

An underrated feature of Jest is customizing the way assertion errors that the console displays when tests fail are handled. Imagine the following test code, which needs to programmatically loop an object in order to ensure keys exist as expected (using the expect function): The test is written fine. Now, imagine what happens if a […]

September 4, 2019

Open source security with O’Reilly author Guy Podjarny

Watch the full interview Get your free copy of Securing Open Source Libraries Last week, Snyk Co-founder Guy Podjarny sat  for a live chat to discuss his O’Reilly book Securing Open Source Libraries. This post summarizes a few of the interesting takeaways from the webinar; you can also check out the recording here if you […]

August 30, 2019

Mastering Node.js version management and npm registry sources like a pro

In continuation to the 10 npm security best practices guide we published earlier this year, I’d like to further explore how to make it easier to switch between different Node.js versions and to switch between different npm registries while working in a development environment. Node version manager When developing Node.js applications, you may need to […]

August 28, 2019