Cheat sheet: 10 Bitbucket security best practices
In this cheat sheet we’ll cover how you can be more secure as a Bitbucket user or contributor. Some of it is specific to Bitbucket, but a lot of it is also useful for other Git and non-Git repositories as well. DOWNLOAD THE CHEAT SHEET! So let’s get started with our list of 10 Bitbucket […]
Enriched content on Snyk’s publicly available vulnerability database
At Snyk, we’re focused on security and particularly making open source software more secure. As consumers of open source software ourselves, we're keen to give back to the community where we can, and increase the availability of information about open source libraries to everyone, Snyk user or not. Our publicly available Vulnerability DB is one such example, and has recently undergone some improvements—making it even more powerful as an aid to security.
Securing Bitbucket Cloud with Snyk
We are excited to share that starting today, developers can import, test, fix and monitor their Bitbucket Cloud projects for open source vulnerabilitiesBeing developer-focused, Snyk is the only solution to provide *native* testing and fixing of open source dependencies for Bitbucket Cloud. Our vision is to help developers take ownership of securing their projects without slowing down by integrating with the ongoing development process.
Malicious remote code execution backdoor discovered in the popular bootstrap-sass Ruby gem
On March 26, 2019, a malicious version of the popular bootstrap-sass package, that has been downloaded a total of 28 million times to date, was published to the official RubyGems repository. Version 3.2.0.3 includes a stealthy backdoor that gives attackers remote command execution on server-side Rails applications. We have already added the vulnerability to our […]
Introducing experimental integrity policies to Node.js
A recent experimental feature for introducing integrity policies landed in Node.js core 11.8.0. This capability, shipped in non LTS version yet, provides integrity checks for a Node.js runtime when modules are being loaded, in order to verify that the modules code haven’t been tampered with. Bradley Farias introduced this change in October 2018 and borrowed […]
Snyk joins the Continuous Delivery Foundation as a founding member.
As part of Snyk’s mission—to enable developers to use open source software while staying secure—we place a lot of emphasis on our integrations across the software delivery cycle. Scanning and fixing code in your repository is a powerfully dynamic way to secure your app early and often. However, it doesn’t stop there: with our integrations […]
What is package lock json and how a lockfile works for yarn and npm packages?
What is package-lock.json? In this article we will discuss both npm’s package lock file package-lock.json as well as Yarn’s yarn.lock. Package lock files serve as a rich manifest of dependencies for projects that specify the exact version of dependencies to be installed, as well as the dependencies of those dependencies, and so on—to encompass the […]
Snyking in – regular expression denial of service vulnerability exploit in the ms package
Welcome to another edition of our Snyking In exploit series! Last time we looked at a directory traversal vulnerability exploit in the st library. In this episode, we’ll be looking at the regular expression denial of service vulnerability, demonstrating how it can be exploited, as well as the potential risk they pose to your data […]
Snyk provides a critical security layer for CommunityBridge, a new Linux Foundation platform
we’re delighted to announce a new partnership with the Linux Foundation to support the launch of CommunityBridge; the Foundation’s new funding and innovation platform designed to empower open source developers - and the individuals and organizations who support them - to advance sustainability, security, and diversity in open source technology.
Security Transformation and The Three Faces of DevSecOps
This week I had the pleasure of running the Security Transformation track at QCon London. I feel we regularly discuss digital transformation and how to modify dev and ops practices, but don’t talk about how security should change to match. Our track tackled this very topic, and I was thrilled to have great speakers on […]
Celebrate International Women’s Day with Snyk
Happy International Women’s Day! International Women’s Day (IWD) is celebrated around the globe to mark the social, economic, cultural, and political achievements of women. IWD has been observed for more than 100 years! It is also a day to advocate for gender parity—in business, politics, media, and home. In that spirit, Snyk wants to take […]