In this cheat sheet we’ll cover how you can be more secure as a Bitbucket user or contributor. Some of it is specific to Bitbucket, but a lot of it is also useful for other Git and non-Git repositories as well. DOWNLOAD THE CHEAT SHEET! So let’s get started with our list of 10 Bitbucket […]
At Snyk, we’re focused on security and particularly making open source software more secure. As consumers of open source software ourselves, we're keen to give back to the community where we can, and increase the availability of information about open source libraries to everyone, Snyk user or not. Our publicly available Vulnerability DB is one such example, and has recently undergone some improvements—making it even more powerful as an aid to security.
We are excited to share that starting today, developers can import, test, fix and monitor their Bitbucket Cloud projects for open source vulnerabilitiesBeing developer-focused, Snyk is the only solution to provide *native* testing and fixing of open source dependencies for Bitbucket Cloud. Our vision is to help developers take ownership of securing their projects without slowing down by integrating with the ongoing development process.
On March 26, 2019, a malicious version of the popular bootstrap-sass package, that has been downloaded a total of 28 million times to date, was published to the official RubyGems repository. Version 184.108.40.206 includes a stealthy backdoor that gives attackers remote command execution on server-side Rails applications. We have already added the vulnerability to our […]
A recent experimental feature for introducing integrity policies landed in Node.js core 11.8.0. This capability, shipped in non LTS version yet, provides integrity checks for a Node.js runtime when modules are being loaded, in order to verify that the modules code haven’t been tampered with. Bradley Farias introduced this change in October 2018 and borrowed […]
As part of Snyk’s mission—to enable developers to use open source software while staying secure—we place a lot of emphasis on our integrations across the software delivery cycle. Scanning and fixing code in your repository is a powerfully dynamic way to secure your app early and often. However, it doesn’t stop there: with our integrations […]
What is package-lock.json? In this article we will discuss both npm’s package lock file package-lock.json as well as Yarn’s yarn.lock. Package lock files serve as a rich manifest of dependencies for projects that specify the exact version of dependencies to be installed, as well as the dependencies of those dependencies, and so on—to encompass the […]
Welcome to another edition of our Snyking In exploit series! Last time we looked at a directory traversal vulnerability exploit in the st library. In this episode, we’ll be looking at the regular expression denial of service vulnerability, demonstrating how it can be exploited, as well as the potential risk they pose to your data […]
we’re delighted to announce a new partnership with the Linux Foundation to support the launch of CommunityBridge; the Foundation’s new funding and innovation platform designed to empower open source developers - and the individuals and organizations who support them - to advance sustainability, security, and diversity in open source technology.
This week I had the pleasure of running the Security Transformation track at QCon London. I feel we regularly discuss digital transformation and how to modify dev and ops practices, but don’t talk about how security should change to match. Our track tackled this very topic, and I was thrilled to have great speakers on […]
Happy International Women’s Day! International Women’s Day (IWD) is celebrated around the globe to mark the social, economic, cultural, and political achievements of women. IWD has been observed for more than 100 years! It is also a day to advocate for gender parity—in business, politics, media, and home. In that spirit, Snyk wants to take […]