Today we’re delighted to share that we’re launching a free-tier version of our Container Vulnerability Management solution, in general availability. Our Container Vulnerability Management solution enables developers to test, fix and monitor open source
Snyk has now released an IntelliJ plugin that enables developers to find and fix vulnerabilities in their dependencies from right within their IDE! As part of Snyk’s commitment to empowering developers to own security, a lot has been investedin making comprehensive Git integrations (with Github, GitLab, BitBucket) so that finding and fixing vulnerabilities happens as […]
Our JVM ecosystem survey results, shows Maven’s dominance continues into 2018, and doesn’t look like it’s going anywhere with six in ten developers using the build tool in their main project. In this cheat sheet we provide 10 security best practices for how you can enhance your Maven-foo.
Imagine that you installed a random Python package from PyPI. There’s a good 13.5% chance that the package has no licensing information. Considering it’s not uncommon to have hundreds of dependencies and sub-dependencies in a typical Python application, there’s a very good chance of using unlicensed code. Depending on the context, the consequences of using unlicensed software could be anywhere from insignificant to disastrous. Ok, that’s a wild range, so this post will dig deeper into this issue.
This month’s cheat sheet is about how you can secure your Spring Boot application. Spring Boot has dramatically simplified the development of Spring applications. Its autoconfiguration and starter dependencies reduce the amount of code and configuration you need to begin an app. If you were used to Spring and lots of XML in back in the day, Spring Boot is a breath of fresh air.
In June 2018, the Snyk research team found many exploitable instances of the Zip Slip in various ecosystems that affected thousands of applications. This kind of wide reaching vulnerability requires a well thought out private disclosure process so that vulnerable libraries and projects are warned about their exposure before public disclosures are made. This post goes into the details of what we did throughout the process from discovery to disclosure, creating fix PRs and beyond.
It's true you can crash an email server with a single email! This guest blog post talks about a vulnerability found in the top five Node mail parsers that will bring each of them down just by clicking send. Joran Greef explains how he found the vulnerability while he was writing his own mail parser and how he disclosed via Snyk's security team.
The time has come for you to take responsibility of your application security. This may sound daunting to some of you, but don’t fret! There are many resources available to you, including The Secure Developer podcast, run by Snyk’s very own CEO, Guy Podjarny