Fix open source vulnerabilities directly from your Eclipse IDE

We are excited to share that developers can now test and monitor their projects for open source vulnerabilities, natively from within their Eclipse IDE (integrated development environment) instance. As a rule, software developers mainly work from their favorite IDE, and the IDE they prefer is usually one that integrates well with their existing workflow. At […]

July 25, 2019

Remote code execution, cross-site scripting, and denial of service vulnerabilities account for 2/3 of known vulnerabilities in .NET ecosystem

Welcome to our new security report: .NET open source security insights. This report is split into three posts: .NET open source security insights Unique to the .NET ecosystem, 75% of the top twenty vulnerabilities have a high severity rating Remote code execution, cross-site scripting, and denial of service vulnerabilities account for 2/3 of known vulnerabilities […]

July 25, 2019

Unique to the .NET ecosystem, 75% of the top twenty vulnerabilities have a high severity rating

Welcome to our new security report: .NET open source security insights. This report is split into three posts: .NET open source security insights Unique to the .NET ecosystem, 75% of the top twenty vulnerabilities have a high severity rating Remote code execution, cross-site scripting, and denial of service vulnerabilities account for 2/3 of known vulnerabilities […]

July 25, 2019

.NET open source security insights

Welcome to our new security report: .NET open source security insights. This report is split into three posts: .NET open source security insights Unique to the .NET ecosystem, 75% of the top twenty vulnerabilities have a high severity rating Remote code execution, cross-site scripting, and denial of service vulnerabilities account for 2/3 of known vulnerabilities […]

July 25, 2019

Snyk has acquired DevSecCon!

We are thrilled to announce that Snyk has acquired DevSecCon, the world’s premier conference dedicated to DevSecOps – getting developers and security working well together! Together, Snyk and the DevSecCon team, led by Francois Raynaud, will partner to maintain a vendor neutral home dedicated to growing and strengthening the DevSecOps community with additional support and resources, including 9 global conferences in the remainder of 2019 and 2020.

July 24, 2019

PCI standards open source security requirements–how to comply?

With the growing usage of open source security in the world of modern software development, there is an urgency to ensure open source is used in a secure way. However, open source security is not yet implemented across the board; a recent report conducted by Snyk found that 37% of open source developers don’t implement […]

July 23, 2019

Scaling developer-first security 

Snyk brings this dev-first, product-led approach to the security industry, on a mission to solve software security efficiently and at scale. To help us realise that vision, I’m excited to announce that Peter McKay - a Snyk board director, a top tier tech executive and my good friend of 15 years - is joining us as Snyk’s CEO!

July 17, 2019

How to increase Serverless observability, monitoring and security

Functions are often short-lived and deployed in large numbers and are invoked more and more frequently as you scale. For these reasons, it is easy to lose track of the flow of events or to pinpoint the root cause for any given error. On top of that, as serverless adoption grows for an organization, it […]

July 15, 2019

How SME lender New10 uses AWS and Snyk to deliver quickly and securely

“Snyk simplifies our continuous delivery pipelines by directly integrating security. Now, our pipelines are shorter, and new applications and features go into production faster. Ultimately, this means we can deliver value to the business faster and more securely.” – Kirill Kolyaskin, Lead Cloud Engineer at New10 New10 is an online lender, leveraging the benefits of […]

July 8, 2019

Concerns of supply-chain attacks amplify as remote code execution was found in Ruby gem strong_password

On July 5th, 2019, the CVE-2019-13354 security advisory was published for a malicious version of the strong_password Ruby gem which allows for remote code execution in applications bundling the vulnerable dependency. We have already added the vulnerability to our database, and if your Ruby project is being monitored by Snyk, you will have already been […]

July 6, 2019

Snyk research team discovers severe prototype pollution security vulnerabilities affecting all versions of lodash

On July 2nd, 2019, Snyk published a high severity prototype pollution security vulnerability (CVE-2019-10744) affecting all versions of lodash, as the result of an on-going analysis lead by the Snyk security research team. UPDATE: lodash published version 4.17.12 on July 9th which includes Snyk fixes and remediates the vulnerability. We strongly recommend you update to […]

July 4, 2019