How do we secure Infrastructure as Code tools?

As its name indicates, Infrastructure as Code (IaC) is the practice of defining the infrastructure your applications run on as code and configuration files.  This allows us to not only automate the provisioning of the resources but also to subject it to the same lifecycle processes that historically have applied only to the application codebase.  […]

November 27, 2020

Snyk CLI cheatsheet

The Snyk CLI is an excellent and powerful tool to scan your applications, containers, and infrastructure as code for security vulnerabilities. In this cheatsheet, we will look at the most powerful features our CLI has to offer. You can use the CLI for scanning and monitoring on your local machine, but you can also integrate […]

November 26, 2020

Introducing Flex Work: the future of work at Snyk

At Snyk we’re used to developing fast and staying secure. That’s why in early March we quickly moved to a 100% remote work environment to keep our snykers safe.  Moving quickly required full participation across the company- from our leadership sharing constant updates, to our snykers creating fun ways to stay connected while apart. Our […]

November 25, 2020

All things Docker: recapping Docker news and views from SnykCon 2020

During SnykCon 2020, Snyk shared some exciting news around Docker: we are now the exclusive provider of security insights for Docker Official images and other future content certification programs. We also had some great talks with folks from Docker about security trends, demonstrated how to use Snyk with Docker, and more. In this post, we’ll […]

November 25, 2020

Command injection: how it works, what are the risks, and how to prevent it

How do command injection attacks work? To understand programming flaws related to OS command injection attacks, let’s explore a variety of command injection vulnerabilities that were discovered in Node.js based applications. systeminformation is an Operating System (OS) information library that spans more than 500,000 downloads a week with regular maintenance (commits) and a community around […]

November 24, 2020

DevSecOps tools for open source projects in JavaScript and Node.js

In this article, I’d like to propose best practices and discuss how maintainers, and developers, can adopt DevSecOps tools for open source projects to better improve their security posture. We are not short on security incidents and horror stories about malicious packages in the JavaScript open source ecosystem. As citizens of the open source ecosystem, […]

November 24, 2020

Buffer overflow in Chromium affecting multiple packages

Welcome to the Snyk Monthly Vulnerability Profile. In this series, Snyk looks back on the vulnerabilities discovered by or reported to our Security Research Team. We choose one noteworthy vulnerability from the past month and tell the story behind the discovery, research, and disclosure of the vulnerability. We highlight the researchers, developers, and users who […]

November 23, 2020

Kubernetes Operators: automating the release process

Snyk helps our customers to integrate security into their CI/CD pipelines, so we spend a lot of time thinking about automation. When it comes to releasing our own software, we’re always looking to adopt best practices for test and release.  In this blog, I’ll talk about the release process for our Kubernetes Operator, and show […]

November 20, 2020

Docker for Java developers: 5 things you need to know not to fail your security

Docker is the most widely used way to containerize your application. With Docker Hub, it is easy to create and pull pre-created images. This is very convenient as you can use these images from Docker Hub to quickly build an image for your Java application. However, the naive way of creating custom Docker images for […]

November 20, 2020

International Men’s Day—it’s time to talk

Today (Thursday, 19th November), is International Men’s Day, a day when we celebrate the positive value men bring to the world and raise awareness of men’s well-being.  Being a human being can have its challenging moments even in the best of times. But in this year, one of uncertainty and isolation, caused by a worldwide […]

November 19, 2020

Announcing the Snyk and Docker Security Guide for Developers

Snyk and Docker have partnered to bring developer-centric security, powered by Snyk, to the world’s most popular container developer tools, Docker Desktop and Docker Hub.  Now that you might be seeing your first scan results for container vulnerabilities, you have likely discovered a few issues… maybe even more than a few! It can be daunting […]

November 18, 2020