Zip Slip Vulnerability Cheat Sheet

Zip Slip is a form of a Directory Traversal that can be exploited by extracting files from an archive. This cheat sheet informs you of vulnerable libraries and code snippets that are exploitable to a Zip Slip attack. Additionally it provides you with the information you need to upgrade to fixed library versions and offers tips on how to find and fix your own vulnerable code.

June 28, 2018

Container vulnerability management for developers

Today Snyk released a container vulnerability management solution which empowers developers to fully own the security of their Dockerized application! Containers are becoming the standard form in which applications are packaged and executed, so the need to protect not only the application itself but the entire container against open source vulnerabilities is growing. Snyk, being […]

June 28, 2018

The Most Common Vulnerabilities in Maven Central and npm

In this post we’ll look at the most common types of vulnerabilities for two of the main ecosystems we track in our vulnerability database, namely Maven Central and npm. The Snyk Vulnerability database consists of vulnerabilities from over 1,000,000 open source packages we track that use Composer, Go, Maven Central, npm, NuGet, pip and Rubygems.

June 27, 2018

Snyk <3 Jira

Over the past few months, we’ve been working closely with customers who use Snyk alongside various issue trackers as a way of managing their vulnerability remediation process. The most popular ask has been an integration with Jira so that a Snyk vulnerability or license issue’s progress can be tracked, from disclosure, to assignment to the relevant person, and finally to remediation. We wanted to help speed up that workflow, and make raising a Jira issue as quick and easy as possible.

June 20, 2018

Introducing Service Accounts – API tokens for your org

One of our most frequent feature requests recently has been for the ability to generate an API token that isn't tied to a particular user. We're really excited to be able to now offer our Pro and Enterprise customers the ability to create Service Accounts – a special type of user that has an API token associated with it.

June 12, 2018

Public Disclosure of a Critical Arbitrary File Overwrite Vulnerability: Zip Slip

The Snyk Security team is today announcing the public disclosure of a critical arbitrary file overwrite vulnerability called Zip Slip. It is a widespread vulnerability which typically results in remote command execution. The vulnerability affects thousands of projects.

June 5, 2018

10 GitHub Security Best Practices

Your source code should be one of your prize possesions. You must protect it with security processes and practices to ensure you don't put your code or users at risk. This cheat sheet covers 10 best practices you should consider implementing in your GitHub repository or organisation to enforce security on your projects.

May 30, 2018

Snyk Named a 2018 Gartner Cool Vendor in Application and Data Security

We’re extremely humbled and honored to have Gartner name Snyk as a May 2018 Cool Vendor in Application and Data Security!

May 15, 2018

JVM Ecosystem Survey 2018

We’re excited to launch the a brand new survey called the JVM Ecosystem Survey 2018 in partnership with the Java Magazine. Also, if we reach 2,500 responses, we'll give $2000 to Devoxx4Kids!

May 8, 2018

Skyscanner fixed projects and gained visibility into their open source vulnerability exposure.

Skyscanner today monitors nearly 500 separate projects with Snyk, and is able to understand the state of their security as well as address both their vulnerability and licensing issues. This case study shows why Skyscanner chose to use Snyk and the benefits they see every day.

May 3, 2018

Local Type Inference Cheat Sheet for Java 10 and beyond!

One of the main features in Java 10 in Local Type Inference, which allows us to substitute a type with the var reserved word in our source code. However, in order for this to become a feature that is useful to a developer rather than a feature developers will rue for many years to come, we need to learn how to use it and when to use it properly. This cheat sheet and blog is a reduced version of an blog post that Stuart Marks wrote on the OpenJDK site.

April 26, 2018