Container image formats under the hood

Over the last few years, following Docker’s release, containers have become more and more the standard mechanism for software delivery. We see a growing number of container-based solutions and while innovation in the space is obviously welcomed, there is a requirement for establishing certain standards around format and runtime. Because of the rapid growth of […]

November 18, 2020

Launching the Snyk Community Outreach Internship Program

Here at Snyk, we are focusing on these groups and developing the Community Outreach Internship Program to open the doors of opportunity and help these impacted members of our community develop the skills necessary to begin the journey of a successful career.

November 16, 2020

RPM Package Manager: RPM package security scanning with Snyk

As part of scanning container images, Snyk can detect various pieces of information like the operating system distribution, software package manager, installed applications, and all of the application dependencies. RPM is one of the most common package managers in the Linux ecosystem and is fully supported in Snyk. While there was open source code available […]

November 13, 2020

Python Poetry package manager and security integration with software composition analysis tool

I have always believed that package managers can be the ultimate weapon in the fight against vulnerable dependencies. If package managers can be leveraged to scan for vulnerable dependencies, developers would be able to identify and fix vulnerabilities in their dependencies more easily and quickly, rather than letting the vulnerability snake its way into the […]

November 13, 2020

From zero to security hero: test your GitHub projects for known vulnerabilities

Are you using GitHub for your projects? Great! But how are you making sure your open source dependencies are free from vulnerabilities?  In this blog post, we’ll guide you through how to create a free Snyk account and import your first GitHub project into Snyk and test your open source dependencies for known vulnerabilities. You […]

November 12, 2020

Detect vulnerabilities in Dockerfiles, directly from Git

We’re pleased to announce the latest enhancement to Snyk Container—detecting Dockerfiles straight from Git repos to better empower shift-left security With this new capability, we now offer an easy and early scan of your Dockerfile, before you even build an image, to help shift security left and surface base image vulnerabilities, helping you choose the […]

November 12, 2020

Java logging: what should you log and what not?

Logs are a handy tool to spot mistakes and debug code. For engineers and, specifically, in a DevOps environment, the logs are a very valuable tool.  In addition to the functional aspect of logging, logs are also critical from a Java security perspective. When a security breach occurs, your log files are the first place […]

November 11, 2020

Docker Desktop with Snyk and new Docker Vulnerability Cheat Sheet available

Following hot on the heels of our release of container scanning in Docker Hub and our big SnykCon announcement of Snyk becoming the official security provider for Docker’s own Official Images, today we’re pleased to announce that the Docker and Snyk integration in Docker Desktop has graduated to the Docker Desktop Stable release, opening up […]

November 10, 2020

GitHub Actions to securely publish npm packages

GitHub Actions are growing in popularity ever since GitHub announced general availability for all developers and repositories on the GitHub platform. Fueled with some rate limits we’re seeing in the ecosystem—such as new billing and rate limits for open source from Travis CI—will further drive developers to migrate their software automations to GitHub Actions. In […]

November 10, 2020

Enterprise security best practices for managing vulnerabilities at scale

How do you ensure effective security compliance across several teams when they experience an overwhelming number of vulnerabilities that need to be addressed? This is what this enterprise security best practices cheatsheet is all about! Whether you are implementing an enterprise security architecture, or an enterprise cyber security solution you are going to face applications […]

November 9, 2020

How we promote inclusivity in our job descriptions

Job descriptions can be tricky. Trying to summarise an entire person’s role, their future team, the company’s culture, and all the responsibilities and opportunities that come along with this on a single page can be a difficult task.  And when starting to think of the ideal candidate before writing a spec, often a hiring manager […]

November 6, 2020