Fix open source vulnerabilities directly from your Eclipse IDE
We are excited to share that developers can now test and monitor their projects for open source vulnerabilities, natively from within their Eclipse IDE (integrated development environment) instance. As a rule, software developers mainly work from their favorite IDE, and the IDE they prefer is usually one that integrates well with their existing workflow. At […]
Remote code execution, cross-site scripting, and denial of service vulnerabilities account for 2/3 of known vulnerabilities in .NET ecosystem
Welcome to our new security report: .NET open source security insights. This report is split into three posts: .NET open source security insights Unique to the .NET ecosystem, 75% of the top twenty vulnerabilities have a high severity rating Remote code execution, cross-site scripting, and denial of service vulnerabilities account for 2/3 of known vulnerabilities […]
Unique to the .NET ecosystem, 75% of the top twenty vulnerabilities have a high severity rating
Welcome to our new security report: .NET open source security insights. This report is split into three posts: .NET open source security insights Unique to the .NET ecosystem, 75% of the top twenty vulnerabilities have a high severity rating Remote code execution, cross-site scripting, and denial of service vulnerabilities account for 2/3 of known vulnerabilities […]
.NET open source security insights
Welcome to our new security report: .NET open source security insights. This report is split into three posts: .NET open source security insights Unique to the .NET ecosystem, 75% of the top twenty vulnerabilities have a high severity rating Remote code execution, cross-site scripting, and denial of service vulnerabilities account for 2/3 of known vulnerabilities […]
Snyk has acquired DevSecCon!
We are thrilled to announce that Snyk has acquired DevSecCon, the world’s premier conference dedicated to DevSecOps – getting developers and security working well together! Together, Snyk and the DevSecCon team, led by Francois Raynaud, will partner to maintain a vendor neutral home dedicated to growing and strengthening the DevSecOps community with additional support and resources, including 9 global conferences in the remainder of 2019 and 2020.
PCI standards open source security requirements–how to comply?
With the growing usage of open source security in the world of modern software development, there is an urgency to ensure open source is used in a secure way. However, open source security is not yet implemented across the board; a recent report conducted by Snyk found that 37% of open source developers don’t implement […]
Scaling developer-first security
Snyk brings this dev-first, product-led approach to the security industry, on a mission to solve software security efficiently and at scale. To help us realise that vision, I’m excited to announce that Peter McKay - a Snyk board director, a top tier tech executive and my good friend of 15 years - is joining us as Snyk’s CEO!
How to increase Serverless observability, monitoring and security
Functions are often short-lived and deployed in large numbers and are invoked more and more frequently as you scale. For these reasons, it is easy to lose track of the flow of events or to pinpoint the root cause for any given error. On top of that, as serverless adoption grows for an organization, it […]
How SME lender New10 uses AWS and Snyk to deliver quickly and securely
“Snyk simplifies our continuous delivery pipelines by directly integrating security. Now, our pipelines are shorter, and new applications and features go into production faster. Ultimately, this means we can deliver value to the business faster and more securely.” – Kirill Kolyaskin, Lead Cloud Engineer at New10 New10 is an online lender, leveraging the benefits of […]
Concerns of supply-chain attacks amplify as remote code execution was found in Ruby gem strong_password
On July 5th, 2019, the CVE-2019-13354 security advisory was published for a malicious version of the strong_password Ruby gem which allows for remote code execution in applications bundling the vulnerable dependency. We have already added the vulnerability to our database, and if your Ruby project is being monitored by Snyk, you will have already been […]
Snyk research team discovers severe prototype pollution security vulnerabilities affecting all versions of lodash
On July 2nd, 2019, Snyk published a high severity prototype pollution security vulnerability (CVE-2019-10744) affecting all versions of lodash, as the result of an on-going analysis lead by the Snyk security research team. UPDATE: lodash published version 4.17.12 on July 9th which includes Snyk fixes and remediates the vulnerability. We strongly recommend you update to […]