Serverless is great, but what about the security of my AWS Lambda functions and their dependencies?

Function as a Service (FaaS) platforms patch your operating system dependencies for you, but do nothing to secure your application dependencies, such as those pulled from npm, PyPI, Maven and the likes. These libraries are just as prevalent and just as vulnerable as operating system dependencies, and you—the application owner—are responsible for upgrading or patching […]

July 3, 2019

New O’Reilly Book: Securing Open Source Libraries by Guy Podjarny

Snyk has partnered with O’Reilly to offer a new book

July 2, 2019

Yet another malicious package found in npm, targeting cryptocurrency wallets

Cryptocurrency wallet developer Komodo has been in the news recently as the most recent victim of an attempted cryptocurrency attack by malicious code injection via npm dependencies. The EasyDEX-GUI project which provides a graphical user interface (GUI) to SuperNET/Iguana cryptocurrency APIs and is used by Komodo’s Agama wallet has been found to contain a malicious […]

June 17, 2019

Best practices for secrets management in serverless applications

If you’re building a serverless application, chances are that your functions need to access secrets or other types of sensitive information that you’re storing, such as API keys, tokens, or passwords. However, managing these secrets properly may sometimes prove to be a difficult task. When users fail to adopt a key management service, these secrets, […]

June 13, 2019

What’s new in Snyk?

May 21st – June 9th, 2019 Here’s the first installment of our bi-weekly updates on what’s new in Snyk. What’s new? Container security We launched our integration with Docker Hub earlier this year; now we’ve embarked on adding more and more features and improvements to help manage your container security: When importing container projects, you […]

June 10, 2019

npm passes the 1 millionth package milestone! What can we learn?

June 4th is a historic date. Not only is it our very own Liran Tal’s birthday (Mazal Tov, Liran!) but it is also the date that the millionth package was indexed into the npm registry. npm is a package manager for JavaScript packages. The core component of npm is its public registry, hosting JavaScript packages […]

June 4, 2019

10 Serverless security best practices

10 serverless security best practices for securing your serverless and cloud functions, from managing secrets, to data security, function isolation, least privileges and many more!

May 31, 2019

Java Top 10 Security Vulnerabilities Disclosed [2019 – List]

Our friends at OverOps post a yearly blog listing the popularity of Java libraries, based on GitHub mentions. Accordingly, in this post, we’ll take a look at the vulnerabilities that have been found in the top ten Java libraries picked by OverOps, and focus on three of them in more depth. Firstly, following are the […]

May 27, 2019

Snyk Voted Next European Unicorn for B2B Enterprise

We are pretty excited to share that last week Snyk was recognized as a ‘Next European Unicorn’ at the 2019 Vivatech Awards. We won the category as a result of Snyk’s innovative approach to helping enterprises secure their complete software development life cycle, enabling developers to successfully secure their open source components and maintain speed of delivery; our rapid growth over the last several years; and in recognition of our commitment to supporting the open source community.

May 22, 2019

Dependency Health—assessing package risk with Snyk

Snyk’s goal is to help you use open source in a secure way. Vulnerabilities are one indicator that a dependency is unhealthy, but there are other risk factors at play as well. For that reason, we have a whole team working on making Snyk the go-to destination for information about your dependencies – from Security to License information, and now to Health.

May 16, 2019

Scoring security vulnerabilities 101: Introducing CVSS for CVEs

Similar to how software bugs are triaged for a severity level, so are security vulnerabilities, as they need to be assessed for impact and risk, which aids in vulnerability management. The Forum of Incident Response and Security Teams (FIRST) is an international organization of trusted security computer researchers and scientists that have received the task […]

May 16, 2019