JavaScript and Node.js Security – The Common Pitfalls

Guy Podjarny live hacks a Node.js application to exploit vulnerabilities in real world packages. In this edited down video from the JSKongress conference. Guy explains where some of the most common JS security pitfalls exist.

April 11, 2018

Attacking an FTP Client: MGETting more than you bargained for

Snyk identified and responsibly disclosed a directory traversal vulnerability found in FTP clients that connect to malicious servers. This post contains the full details of the vulnerability and what you can do to avoid it.

April 4, 2018

Snyk is Now Integrated with Chrome’s Lighthouse

Today we have another exciting announcement: Snyk is now powering the brand-new vulnerable JavaScript audit in Google Chrome’s Lighthouse, the auditing tool built by the Google Chrome team that checks for how performance, accessible and secure your site is.

April 3, 2018

Tailoring your notifications

The most common way for Snyk users to find out that they have an issue in their project is via our email alerts. It’s a core part of our service, but until recently, we didn’t have much in the way of configuration around what types of issues would trigger an email alert. As we scale our language support, enabling you monitor more projects in Snyk, we want you to feel better informed about the types of issues that matter to you, while making less noise about the issues that don’t.

March 29, 2018

DigitalOcean Used Snyk to Resolve a Critical Ruby Gem Vulnerability in a Single Day

DigitalOcean found and fixed a critical vulnerability within one day of disclosure using Snyk's automated remediation system.

March 28, 2018

How Comic Relief’s developers used Snyk to automate security and boost productivity as part of their Digital Transformation.

Comic Relief integrated Snyk into their Concourse CI Serverless deployment pipeline which allows even the most junior of developers use open source securely by remediating any vulnerable libraries before they go to production.

March 22, 2018

Snyk $7M Series A – and a huge thanks!

I'm excited to announce our $7M Series A, and feel this is a great opportunity to say thanks!

March 8, 2018

Introducing Groups – a new way to manage your teams in Snyk

We’ve just launched a new feature for our Pro and Enterprise Plan customers that adds an additional layer of hierarchy to make it possible to split your organisation in Snyk into teams, who can manage different projects. This has been a popular request from our customers and we’ve been building and refining it for months. We’re very excited to now be able to offer it.

March 6, 2018

Suppressing issues in Snyk

Ignoring security issues shouldn't be the default action, but it is sometimes necessary. Snyk only validates vulnerabilities that exist in dependent components, so it has a relatively low false-positive rate (which should reduce the need to ignore), but there are still reasons why you may wish to suppress an issue.

February 15, 2018

What’s a known vulnerability?

A vulnerability is a vulnerability, whether known or not. The key difference between the two is the likelihood of an attacker to be aware of this vulnerability, and thus try to exploit it.

February 6, 2018

We’ll know DevSecOps has won once it’s dead

You can't go to a security event nowadays and not hear at least a few speakers say the phrase "DevSecOps". The term has turned into a rallying cry for an approach that automates security throughout the development process. But in order for DevSecOps to succeed, it will first have to die.

January 31, 2018