Launching a Free-Tier Version of our Container Vulnerability Management Solution

Today we’re delighted to share that we’re launching a free-tier version of our Container Vulnerability Management solution, in general availability. Our Container Vulnerability Management solution enables developers to test, fix and monitor open source

October 10, 2018

IntelliJ plugin to fix vulnerable dependencies

Snyk has now released an IntelliJ plugin that enables developers to find and fix vulnerabilities in their dependencies from right within their IDE! As part of Snyk’s commitment to empowering developers to own security, a lot has been investedin making comprehensive Git integrations (with Github, GitLab, BitBucket) so that finding and fixing vulnerabilities happens as […]

October 2, 2018

10 Maven Security Best Practices

Our JVM ecosystem survey results, shows Maven’s dominance continues into 2018, and doesn’t look like it’s going anywhere with six in ten developers using the build tool in their main project. In this cheat sheet we provide 10 security best practices for how you can enhance your Maven-foo.

September 26, 2018

Snyk $22M Series B: Thanks to our community!

Snyk announces a $22M series B fundraise led by Accel! It’s a huge vote of confidence in Snyk’s unique developer-first approach, and in the belief that developers are ready to own and fix open source security

September 25, 2018

Over 10% of Python Packages on PyPI are Distributed Without Any License

Imagine that you installed a random Python package from PyPI. There’s a good 13.5% chance that the package has no licensing information. Considering it’s not uncommon to have hundreds of dependencies and sub-dependencies in a typical Python application, there’s a very good chance of using unlicensed code. Depending on the context, the consequences of using unlicensed software could be anywhere from insignificant to disastrous. Ok, that’s a wild range, so this post will dig deeper into this issue.

September 18, 2018

Actionable and aggregated Slack notifications

We've made some improvements to our Slack notifications to make them more useful and actionable.

August 23, 2018

Importing projects via the API

We’ve just released a shiny new API endpoint that will let you import your repositories, projects, functions and apps so that they are monitored for vulnerabilities.

August 21, 2018

10 Spring Boot security best practices

This month’s cheat sheet is about how you can secure your Spring Boot application. Spring Boot has dramatically simplified the development of Spring applications. Its autoconfiguration and starter dependencies reduce the amount of code and configuration you need to begin an app. If you were used to Spring and lots of XML in back in the day, Spring Boot is a breath of fresh air.

August 16, 2018

Behind the Disclosure: The Zip Slip Vulnerability

In June 2018, the Snyk research team found many exploitable instances of the Zip Slip in various ecosystems that affected thousands of applications. This kind of wide reaching vulnerability requires a well thought out private disclosure process so that vulnerable libraries and projects are warned about their exposure before public disclosures are made. This post goes into the details of what we did throughout the process from discovery to disclosure, creating fix PRs and beyond.

August 15, 2018

How to crash an email server with a single email

It's true you can crash an email server with a single email! This guest blog post talks about a vulnerability found in the top five Node mail parsers that will bring each of them down just by clicking send. Joran Greef explains how he found the vulnerability while he was writing his own mail parser and how he disclosed via Snyk's security team.

August 1, 2018

How to Educate, Train and Empower Developers in Security

The time has come for you to take responsibility of your application security. This may sound daunting to some of you, but don’t fret! There are many resources available to you, including The Secure Developer podcast, run by Snyk’s very own CEO, Guy Podjarny

July 25, 2018