Faster & improved tests for JavaScript lockfile based projects

For the past few months, we have been working hard to improve our lockfile support both in the CLI and web. The new functionality already exists in the CLI and it’s currently being gradually released on the web and it will be soon enabled by default for all of the organisations.

December 10, 2018

A post-mortem of the malicious event-stream backdoor

Last week the imaginable happened. A malicious package, flatmap-stream, was published to npm and was later added as a dependency to the widely used event-stream package by user right9ctrl. Some time, and 8 million downloads later, applications all over the web were unwittingly running malicious code in production. We wrote some early thoughts on our […]

December 6, 2018

Malicious code found in npm package event-stream downloaded 8 million times in the past 2.5 months

A widely used npm package, event-stream, has been found to contain a malicious package named flatmap-stream. This was disclosed via a GitHub issue raised against the source repo. The event-stream package makes creating and working with streams easy, and is very popular, getting roughly 2 million downloads a week. The malicious child package has been […]

November 26, 2018

Serverless Security: What’s left to protect?

I just had the pleasure of giving a talk about Serverless Security at the inaugural Serverless Computing conference in London, run by Situation Publishing (owner of The Register). The audience was very attentive and I got some great questions after my session. All in all the conference was great and staff behind the event was […]

November 12, 2018

Introducing open source security runtime monitoring

Snyk released its application security runtime monitoring solution, allowing developers to monitor the behavior of their open source components in runtime

November 12, 2018

The State of Open Source Security Survey

We’re excited to launch the second edition of our State of Open Source Security Survey! The goal of this survey is to provide a global view of our industry’s security health. Once we get all of your wonderful responses we’re going to turn them into a beautiful report that you can read, printout, give to […]

November 6, 2018

JVM Ecosystem Report 2018

Welcome to the largest survey ever of Java developers. The data presented in the following report was taken from more than 10,200 questionnaires, covering JDK vendors, versions, IDEs, build tools, CI servers, Java EE versions, web frameworks, JVM languages, binary repositories, source code repositories, source code management and much more!

October 17, 2018

JVM Ecosystem report 2018 – About your Tools

Welcome to the largest survey ever of Java developers. The data presented in the following report was taken from more than 10,200 questionnaires, covering JDK vendors, versions, IDEs, build tools, CI servers, Java EE versions, web frameworks, JVM languages, binary repositories, source code repositories, source code management and much more!

October 17, 2018

JVM Ecosystem report 2018 – About your Platform and Application

Welcome to the largest survey ever of Java developers. The data presented in the following report was taken from more than 10,200 questionnaires, covering JDK vendors, versions, IDEs, build tools, CI servers, Java EE versions, web frameworks, JVM languages, binary repositories, source code repositories, source code management and much more!

October 17, 2018

JVM Ecosystem report 2018 – About your processes and you

Welcome to the largest survey ever of Java developers. The data presented in the following report was taken from more than 10,200 questionnaires, covering JDK vendors, versions, IDEs, build tools, CI servers, Java EE versions, web frameworks, JVM languages, binary repositories, source code repositories, source code management and much more!

October 17, 2018

Scaling Snyk fast with copy-paste orgs

We’ve been approached by many customers asking for help in creating hundreds of orgs, many times with identical configurations such as license policies that are shared throughout the company. Setting up integrations and license policies for each org can be time consuming, so we focused on how we could speed up that flow.

October 11, 2018