Provide granular permissions and groups for users in Azure Repos

Following the rule of least privilege, ensure that contributors exist in the correct groups and therefore have the necessary permissions to work. Try to restrict administrative actions where possible.

May 6, 2019

Do you know how healthy your .NET dependencies are?

Try Snyk today! Earlier this year, Snyk added support to integrate with your Git repository .NET projects, and just this week, we released the newest addition: support for Microsoft Azure. In this blog, we take a look at the libraries that, because they contain today’s most common vulnerabilities, also most frequently appear in Snyk project […]

May 3, 2019

Azure Repos enriched with DevSecOps capabilities

We are excited to share that starting today, developers can test, fix and monitor their Azure Repos projects for open source vulnerabilities. Native detection of vulnerabilities within Azure Repos Snyk helps you detect existing vulnerabilities in your projects by scanning your Azure Repos, covering all the languages already supported by existing Snyk Git integrations and […]

May 1, 2019

Protect container images directly from your registries

We’re happy to share that we are continuing to extend our Container Vulnerability Management offering, now providing integration with your container image registries as well. Test, monitor and fix vulnerable images With Snyk’s new container registry integrations, you can scan your container images for vulnerabilities directly from within your registries. You can also monitor the […]

April 30, 2019

190,000 users affected by Docker Hub’s security breach. Now what?

Docker Hub may have reset your account details if it detected that it was part of the breach. What could potentially happen? What should I do to protect my code?

April 29, 2019

How much do we really know about how packages behave on the npm registry?

How many packages on npm can be considered abandoned? How many packages are connected to each other? Let's explore npm - today’s biggest open source package registry!

April 22, 2019

Shifting Docker security left

As more organizations create, spread and use Docker containers, the risk of security vulnerabilities grows. Docker images are largely built on top of other images, meaning a vulnerability in one image is also present in all the images that utilize it. The wide adoption of Docker comes at a price — a single vulnerability can be widely spread and have major impact.

April 17, 2019

The top two most popular Docker base images each have over 500 vulnerabilities

Welcome to the Docker security report “Shifting Docker security left”. This report is split into several posts: Shifting Docker security left The top two most popular Docker base images each have over 500 vulnerabilities 80% of developers are not addressing Docker security Take actions to improve security in your Docker images Or download our lovely […]

April 17, 2019

80% of developers are not addressing Docker security

Welcome to the Docker security report: Shifting Docker security left. This report is split into several posts: Shifting Docker security left The top two most popular Docker base images each have over 500 vulnerabilities 80% of developers are not addressing Docker security Take actions to improve security in your Docker images Or download our lovely […]

April 17, 2019

Take actions to improve security in your Docker images

Welcome to the Docker security report: Shifting Docker security left.This report is split into several posts: Shifting Docker security left The top two most popular Docker base images each have over 500 vulnerabilities 80% of developers are not addressing Docker security Take actions to improve security in your Docker images Or download our lovely handcrafted […]

April 17, 2019

After three years of silence, a new jQuery prototype pollution vulnerability emerges once again

On March 26th, 2019, almost three years after the last jQuery security vulnerability was disclosed, we recently learned about a new security vulnerability affecting the same popular jQuery frontend library. This security vulnerability referred to and manifests as prototype pollution, enables attackers to overwrite a JavaScript application object prototype. When that happens, properties that are […]

April 15, 2019