Top ten Docker images contain over 8000 vulnerable paths
Introduction In this post, we’ll look deeper into Docker images and the container ecosystems that were covered in our State of Open Source Security report, including our finding that the top ten Docker images contain over 8,000 vulnerable paths. We are excited to help our community better understand Docker security. Since the previous State of […]
10 Docker Security Best Practices
Docker container security The topic of Docker container security raises concerns ranging from Dockerfile security—relating to the Docker base images and potential security misconfigurations,—to the Docker container security at runtime regarding network ports, user privileges, Docker mounted filesystem access, and others. In this article, we will focus on the Docker container security aspects related to […]
Secure your build workflow on Bitbucket Pipes with Snyk
Snyk now integrates with Bitbucket Pipes, which allows Bitbucket users to secure their continuous integration/continuous delivery (CI/CD) workflow by finding, fixing and monitoring open-source vulnerabilities (vulns) in their application or docker image dependencies.
Python security best practices cheat sheet
In this installment of our cheat sheet series, we’re going to cover the best practices for securely using Python. You can download the cheat sheet here. Many thanks to Kenneth Reitz and Ernest Durbin. 1. Python security starts with Python 3 What version of Python are you using? Many inherent Python security concerns can be […]
81% believe developers should own security, but they aren’t well-equipped
A worrying 27% of respondents stated they do not have any proactive or automatic way to find out about newly discovered vulnerabilities in their applications. 37% of users of users don’t implement any sort of security testing during CI.
Top ten most popular docker images each contain at least 30 vulnerabilities
we found that 44% of docker image scans had known vulnerabilities, and for which there were newer and more secure base image available. Most vulnerabilities originate in the base image you selected. For that reason, remediation should focus on base image fixes.
ReDoS vulnerabilities in npm spikes by 143% and XSS continues to grow
Regex for for a single-threaded runtime could be devastating. We’ve also detected that the npm ecosystem has seen the most XSS vulnerabilities, Maven Central and PyPI follow next.
78% of vulnerabilities are found in indirect dependencies, making remediation complex
Only one in three developers can address a high or critical-severity vulnerability in a day or less. The more we use open source software, the more risk we accumulate as we’re including someone else’s code that could potentially contain vulnerabilities now or in the future.
88% increase in application library vulnerabilities over two years
A good number of security vulnerabilities are discovered and fixed in non-official channels. We measured Snyk DB to uncover 67% more vulnerabilities than public databases. In 2018, new disclosures for npm grew by 47%, and Maven Central grew by 27%
Open source maintainers want to be secure, but 70% lack skills
Maintainers stated their security knowledge is improving but not high enough, averaging 6.6/10, and 1 in 4 open source maintainers do not audit their code bases.
Snyking in – Directory traversal vulnerability exploit in the st package
Welcome to the first edition of a new exploit series we’re calling “Snyking In”! We’ll be looking at various security vulnerabilities, demonstrating how they can be exploited, as well as the potential risk they pose to your data and systems. Our examples will always involve real-world libraries that contain the vulnerability type in at least […]