Why triaging might be going away

One of the biggest bottlenecks in security is 'triaging'—the process of validating if a security alert is actually impacting your organization, sizing up the estimated impact, and figuring out how to resolve it. In this article, we'll make the case that we should all be striving to skip triaging and focus on fixing vulnerabilities instead.

November 2, 2017

Apache license 2.0, MIT license or BSD license : Who is the fairest of them all?

In this post we review and compare the Apache, BSD and MIT license to see what to use in your own project, and when.

November 1, 2017

Announcing Snyk-Powered Linting in Sonar

Earlier this year we ran a test on the top 5,000 URL's on the web and found that 76.6% of them were running a JavaScript library with at least one known security vulnerability. It's a frighteningly large number. That's why we're proud to announce that Snyk now powers the vulnerable JavaScript libraries linter in Microsoft's Sonar—an open-source linting tool for developers.

October 25, 2017

Python 2 vs 3: Security Differences

Python 3 and Python 2 have various functional differences. On their own, they’re not necessarily better or worse (though arguably Python 3 should be an improvement), but any change may introduce risk. This post highlights and explains a few differences between the versions that have security implications.

October 10, 2017

Heroku Add-On Beta

Where just a few months ago we launched Snyk for Serverless, we are now taking it to the next level by launching the Snyk Heroku Add-On. The add-on is currently in beta, which means it's free to try out! We're looking for people to take it for a test drive and provide us with some feedback.

October 4, 2017

GDPR Compliance and Open Source

After years of preparation and debate, the General Data Protection Regulation (GDPR) was finally approved by the EU with enforcement starting as early as May 2018, at which time those organisations in non-compliance will face heavy fines. In this post we explain how that impacts companies using open-source and how they can protect themselves.

September 26, 2017

Launching the State of Open Source Security Survey

Earlier this week, we kicked off The State of Open Source Security survey. Our goal is to help all of us understand where we stand when it comes to building and consuming open source in a way that keeps us and the data we hold safe. We’ve made the survey short and to the point—so […]

September 21, 2017

Snyk for your Enterprise

Today we’re happy to announce some great features we’ve added for teams developing and securing software within the Enterprise. Over the last few months, aiming to help more developers stay secure, we have expanded to support, Java, Scala, Python and Go apps and monitoring for vulnerabilities in deployed PaaS and Serverless apps such as Heroku, […]

September 19, 2017

Open source vulnerabilities tripped Equifax, how can you defend yourself?

Equifax, a credit monitoring giant, disclosed last week it was breached, exposing highly personal data of 143 million people, and stated the root cause was vulnerability in Apache Struts, a highly popular Java library. The company fumbled its response to the attack, and keeping our data secure is their responsibility. However, they’re definitely not the […]

September 11, 2017

Snyk and Atlassian, Sitting in a Tree

With Atlassian Summit just around the corner, it’s time for Snyk support for Bitbucket Server to come out of beta. Now you can tightly integrate Snyk with your Atlassian workflow from start to finish—from easily monitoring your projects, to integration with Bitbucket pipelines and even JIRA Software ticket creation. Bitbucket Server support The newly released […]

August 24, 2017

Announcing Snyk for Gradle, Scala and Python

Since we launched nearly two years ago, Snyk has been focused on making it easier to use open-source code without compromising security. Initially, we focused on Node.js, making sure we built up a robust, developer-friendly tool in the process. Since then we added support for Ruby and Maven and the ability to monitor deployed code […]

August 2, 2017