Go security: announcing enhanced security for Go applications

We’re happy to announce enhanced support for Go security in Snyk Open Source and Snyk Container, enabling development and security teams to find and fix vulnerabilities in their Go applications more efficiently! Go developers can now test and monitor their Go projects across the different stages of the SDLC—starting as far left as their first […]

December 16, 2020

Git checkout remote branch: how it works and when to use it

Git is a fantastic tool many developers use for version control on their projects. Although there are many other version control systems—like Subversion (SVN) and Concurrent Versioning System (CVS)—git is by far the most commonly used. A good reason for this is the focus on distributed development and the easy way to use branches. Let’s […]

December 15, 2020

Snyk’s approach to container security research and relative importance

Container vulnerabilities are tricky things to deal with, requiring an understanding of both Linux security and container image architecture. Setting aside vulnerabilities that might occur in your code, most of the vulnerabilities that you deal with in containers relate to Linux operating system packages and their dependencies. And yet, containers are typically handled by developers, […]

December 14, 2020

How to detect the ExternalIP Kubernetes vulnerability in your Kubernetes configurations with Snyk

On Tuesday, a Kubernetes vulnerability was announced affecting all Kubernetes versions where a hostile user may be able to intercept traffic if external IP addresses are being used on services. Snyk has added a new check to Snyk Infrastructure as Code (Snyk IaC) to check your Kubernetes deployment definitions and notify you if you are […]

December 10, 2020

Command line tools for containers—using Snyk with Buildah, Podman, and Skopeo

As the container ecosystem has matured, the one thing we’re not short on is options—both in terms of the software we use, and how we plug it all together.  One of these options would be the combination of Buildah, Podman, and Skopeo—three open source command line tools with their origins in the RedHat ecosystem. As […]

December 9, 2020

Improved security testing for git-based Gradle projects using lockfile

Over the past year, we have been working hard to improve our testing for Gradle projects imported from Git repositories by making it more reliable, accurate, and scalable.  We understood that parsing a Gradle manifest, instead of a Gradle lock file, would be a never-ending war that we would always lose. Trying to interpret the […]

December 7, 2020

10 Tips for getting that conference CFP accepted

Public speaking is a great privilege and I’m humbled every I am offered a speaking position. It’s a great way to connect with folks and inspire other humans with your mission and the values you live by. A while back, I created a tiny website to curate a list of public speaking tips. Here’s a […]

December 3, 2020

Kernel privilege escalation: how Kubernetes container isolation impacts privilege escalation attacks

During the day, I spend my time analyzing Terraform code, Kubernetes object configuration files, and identifying common security issues. When the sun sets, I put on my hoodie, fire up Linux VMs and debuggers to look under the hood of technologies that make up the cloud native ecosystem. In this post, we will explore how […]

December 3, 2020

10 git aliases for a faster and productive git workflow

Using git as a code versioning tool is a day-to-day activity for developers, and some of you may be practicing your git workflow through the command line. Preferably with a dark theme too, right? Although a GUI for git might come in handy for an integrated development environment (IDE) such as IntelliJ, or VS Code, […]

December 2, 2020

Cheatsheet: top 10 application security acronyms

Picture this situation: you as a developer are in a meeting where a security practitioner is discussing the results of a recent penetration test or static analysis of code you’ve written.  Throughout the discussion, they use various acronyms that they just assume you know the meaning of, yet in reality, they are not terms you’re […]

December 1, 2020

Turn the senior around: an alternative way to lead engineering teams

As engineering managers, we carry many responsibilities. Two critical responsibilities I have come across  throughout my career are: delivering high-quality features on time. supporting your team members’ professional growth and development. Senior engineers are a key enabler to both responsibilities. They are the main players the team lead can rely on to achieve these goals. […]

November 30, 2020