One of the biggest bottlenecks in security is 'triaging'—the process of validating if a security alert is actually impacting your organization, sizing up the estimated impact, and figuring out how to resolve it. In this article, we'll make the case that we should all be striving to skip triaging and focus on fixing vulnerabilities instead.
In this post we review and compare the Apache, BSD and MIT license to see what to use in your own project, and when.
Python 3 and Python 2 have various functional differences. On their own, they’re not necessarily better or worse (though arguably Python 3 should be an improvement), but any change may introduce risk. This post highlights and explains a few differences between the versions that have security implications.
Where just a few months ago we launched Snyk for Serverless, we are now taking it to the next level by launching the Snyk Heroku Add-On. The add-on is currently in beta, which means it's free to try out! We're looking for people to take it for a test drive and provide us with some feedback.
After years of preparation and debate, the General Data Protection Regulation (GDPR) was finally approved by the EU with enforcement starting as early as May 2018, at which time those organisations in non-compliance will face heavy fines. In this post we explain how that impacts companies using open-source and how they can protect themselves.
Earlier this week, we kicked off The State of Open Source Security survey. Our goal is to help all of us understand where we stand when it comes to building and consuming open source in a way that keeps us and the data we hold safe. We’ve made the survey short and to the point—so […]
Today we’re happy to announce some great features we’ve added for teams developing and securing software within the Enterprise. Over the last few months, aiming to help more developers stay secure, we have expanded to support, Java, Scala, Python and Go apps and monitoring for vulnerabilities in deployed PaaS and Serverless apps such as Heroku, […]
Equifax, a credit monitoring giant, disclosed last week it was breached, exposing highly personal data of 143 million people, and stated the root cause was vulnerability in Apache Struts, a highly popular Java library. The company fumbled its response to the attack, and keeping our data secure is their responsibility. However, they’re definitely not the […]
With Atlassian Summit just around the corner, it’s time for Snyk support for Bitbucket Server to come out of beta. Now you can tightly integrate Snyk with your Atlassian workflow from start to finish—from easily monitoring your projects, to integration with Bitbucket pipelines and even JIRA Software ticket creation. Bitbucket Server support The newly released […]
Since we launched nearly two years ago, Snyk has been focused on making it easier to use open-source code without compromising security. Initially, we focused on Node.js, making sure we built up a robust, developer-friendly tool in the process. Since then we added support for Ruby and Maven and the ability to monitor deployed code […]