Learnings from our 2021 kickoff

“Our 2021 kickoff is going to have to be virtual”.  Thinking back to last summer, even as I said the words, my heart sank.  Our annual company kick off has always been a huge source of pride for us. Each January, we jumpstart the year with a company-wide kickoff extravaganza called the All Hands.  We […]

February 1, 2021

Snyk and Rapid7 strengthen partnership to provide a holistic risk assessment solution for container applications

Modern organizations are working hard to differentiate their products and services by creating innovative solutions that their customers can leverage at home and on-the-go, forcing them to consider new, more agile approaches to application development that empower their development teams to accelerate time-to-market, and launch new solutions as quickly as possible. This “need for speed” […]

January 29, 2021

Identify, prioritize, and fix vulnerabilities with Reachable Vulnerabilities for GitHub

Imagine you are a Java programmer and that you just decided you want to use Snyk Open Source scanning to help you find security problems in your third party libraries. Good call!  However, after connecting your repository to the Snyk Open Source scanner, you find out that you have ten or maybe even 50 vulnerabilities […]

January 28, 2021

Guide to Software Composition Analysis (SCA)

2020 was a watershed year for open source. Digital transformation, already gaining momentum before COVID19 hit, suddenly accelerated. More and more companies became software companies, and with this shift—usage of open source peaked. Why? Simply put, open source enables development teams to deliver value more rapidly and more frequently, thus enabling their companies to better […]

January 27, 2021

Kubernetes securityContext: Linux capabilities in Kubernetes

Way back in the annals of time, Unix operating systems had a relatively simple model for permissions. Either you were a normal user, or you were root, the super-user who has permissions to do everything.  While normal users could be given elevated permissions on files or directories, almost all kernel level functions were restricted to […]

January 26, 2021

Goodbye, 2020! Lookout, 2021

Like most people, I am not at all sad to see 2020 go. It introduced unique pressures that challenged all of us in different ways. As snykers, I believe we have emerged stronger. Throughout the year, our global team—alongside our partners and customers—reached so many impressive milestones, made that much sweeter due to the headwinds […]

January 26, 2021

Docker for Node.js developers: 5 things you need to know not to fail your security

Docker is totalling up to over 50 billion downloads of container images. With millions of applications available on Docker Hub, container-based applications are popular and make an easy way to consume and publish applications. That being said, the naive way of building your own Docker Node.js web applications may come with many security risks. So, […]

January 25, 2021

Prioritize fixes more efficiently with Reachable Vulnerabilities for GitHub

We are pleased to start the new year with the beta availability of Reachable Vulnerabilities for GitHub, providing development and security teams with deep application-level context for vulnerabilities identified in GitHub-hosted applications and enabling them to prioritize fixes more efficiently. Announced in July last year, Reachable Vulnerabilities analyzes an application’s execution path to identify whether […]

January 21, 2021

Docker security scanning cheatsheet 2021

Docker has an enormous worldwide user base, recently surpassing 10 million users and 242 billion image pulls and has changed the way applications are built.  With the accelerated development velocity that containerization enables, additional security responsibilities are shifting to developers, who now need to maintain container images in addition to their code. That’s why a […]

January 19, 2021

Cache poisoning in popular open source packages

Following research done by James Kettle from PortSwigger on web cache poisoning, Snyk’s Security Team decided to deepen our knowledge in this field and to explore these vulnerabilities in the open source domain. We focused our research on the most popular web frameworks both in npm and PyPi, such as Flask (Werkzeug), Bottle, Tornado, and […]

January 18, 2021

10 best practices to containerize Node.js web applications with Docker

Are you looking for best practices on how to build Node.js Docker images for your web applications? Then you’ve come to the right place! This cheatsheet provides production-grade guidelines for building optimized and secure Node.js Docker images.

January 13, 2021