Cheat sheet: 10 Bitbucket security best practices

In this cheat sheet we’ll cover how you can be more secure as a Bitbucket user or contributor. Some of it is specific to Bitbucket, but a lot of it is also useful for other Git and non-Git repositories as well. DOWNLOAD THE CHEAT SHEET! So let’s get started with our list of 10 Bitbucket […]

April 8, 2019

Enriched content on Snyk’s publicly available vulnerability database

At Snyk, we’re focused on security and particularly making open source software more secure. As consumers of open source software ourselves, we're keen to give back to the community where we can, and increase the availability of information about open source libraries to everyone, Snyk user or not. Our publicly available Vulnerability DB is one such example, and has recently undergone some improvements—making it even more powerful as an aid to security.

April 8, 2019

Securing Bitbucket Cloud with Snyk

We are excited to share that starting today, developers can import, test, fix and monitor their Bitbucket Cloud projects for open source vulnerabilitiesBeing developer-focused, Snyk is the only solution to provide *native* testing and fixing of open source dependencies for Bitbucket Cloud. Our vision is to help developers take ownership of securing their projects without slowing down by integrating with the ongoing development process.

April 4, 2019

Malicious remote code execution backdoor discovered in the popular bootstrap-sass Ruby gem

On March 26, 2019, a malicious version of the popular bootstrap-sass package, that has been downloaded a total of 28 million times to date, was published to the official RubyGems repository. Version 3.2.0.3 includes a stealthy backdoor that gives attackers remote command execution on server-side Rails applications. We have already added the vulnerability to our […]

April 3, 2019

Introducing experimental integrity policies to Node.js

A recent experimental feature for introducing integrity policies landed in Node.js core 11.8.0. This capability, shipped in non LTS version yet, provides integrity checks for a Node.js runtime when modules are being loaded, in order to verify that the modules code haven’t been tampered with. Bradley Farias introduced this change in October 2018 and borrowed […]

March 21, 2019

Snyk joins the Continuous Delivery Foundation as a founding member.

As part of Snyk’s mission—to enable developers to use open source software while staying secure—we place a lot of emphasis on our integrations across the software delivery cycle. Scanning and fixing code in your repository is a powerfully dynamic way to secure your app early and often. However, it doesn’t stop there: with our integrations […]

March 20, 2019

What is package lock json and how a lockfile works for yarn and npm packages?

What is package-lock.json? In this article we will discuss both npm’s package lock file package-lock.json as well as Yarn’s yarn.lock. Package lock files serve as a rich manifest of dependencies for projects that specify the exact version of dependencies to be installed, as well as the dependencies of those dependencies, and so on—to encompass the […]

March 14, 2019

Snyking in – regular expression denial of service vulnerability exploit in the ms package

Welcome to another edition of our Snyking In exploit series! Last time we looked at a directory traversal vulnerability exploit in the st library. In this episode, we’ll be looking at the regular expression denial of service vulnerability, demonstrating how it can be exploited, as well as the potential risk they pose to your data […]

March 13, 2019

Snyk provides a critical security layer for CommunityBridge, a new Linux Foundation platform

we’re delighted to announce a new partnership with the Linux Foundation to support the launch of CommunityBridge; the Foundation’s new funding and innovation platform designed to empower open source developers - and the individuals and organizations who support them - to advance sustainability, security, and diversity in open source technology.

March 12, 2019

Security Transformation and The Three Faces of DevSecOps

This week I had the pleasure of running the Security Transformation track at QCon London. I feel we regularly discuss digital transformation and how to modify dev and ops practices, but don’t talk about how security should change to match. Our track tackled this very topic, and I was thrilled to have great speakers on […]

March 8, 2019

Celebrate International Women’s Day with Snyk

Happy International Women’s Day! International Women’s Day (IWD) is celebrated around the globe to mark the social, economic, cultural, and political achievements of women. IWD has been observed for more than 100 years! It is also a day to advocate for gender parity—in business, politics, media, and home. In that spirit, Snyk wants to take […]

March 7, 2019