Function as a Service (FaaS) platforms patch your operating system dependencies for you, but do nothing to secure your application dependencies, such as those pulled from npm, PyPI, Maven and the likes. These libraries are just as prevalent and just as vulnerable as operating system dependencies, and you—the application owner—are responsible for upgrading or patching […]
Snyk has partnered with O’Reilly to offer a new book
Cryptocurrency wallet developer Komodo has been in the news recently as the most recent victim of an attempted cryptocurrency attack by malicious code injection via npm dependencies. The EasyDEX-GUI project which provides a graphical user interface (GUI) to SuperNET/Iguana cryptocurrency APIs and is used by Komodo’s Agama wallet has been found to contain a malicious […]
If you’re building a serverless application, chances are that your functions need to access secrets or other types of sensitive information that you’re storing, such as API keys, tokens, or passwords. However, managing these secrets properly may sometimes prove to be a difficult task. When users fail to adopt a key management service, these secrets, […]
May 21st – June 9th, 2019 Here’s the first installment of our bi-weekly updates on what’s new in Snyk. What’s new? Container security We launched our integration with Docker Hub earlier this year; now we’ve embarked on adding more and more features and improvements to help manage your container security: When importing container projects, you […]
Our friends at OverOps post a yearly blog listing the popularity of Java libraries, based on GitHub mentions. Accordingly, in this post, we’ll take a look at the vulnerabilities that have been found in the top ten Java libraries picked by OverOps, and focus on three of them in more depth. Firstly, following are the […]
We are pretty excited to share that last week Snyk was recognized as a ‘Next European Unicorn’ at the 2019 Vivatech Awards. We won the category as a result of Snyk’s innovative approach to helping enterprises secure their complete software development life cycle, enabling developers to successfully secure their open source components and maintain speed of delivery; our rapid growth over the last several years; and in recognition of our commitment to supporting the open source community.
Snyk’s goal is to help you use open source in a secure way. Vulnerabilities are one indicator that a dependency is unhealthy, but there are other risk factors at play as well. For that reason, we have a whole team working on making Snyk the go-to destination for information about your dependencies – from Security to License information, and now to Health.
Similar to how software bugs are triaged for a severity level, so are security vulnerabilities, as they need to be assessed for impact and risk, which aids in vulnerability management. The Forum of Incident Response and Security Teams (FIRST) is an international organization of trusted security computer researchers and scientists that have received the task […]