Snyk is Now Integrated with Chrome's Lighthouse
Snyk and Lighthouse
Lighthouse is an open-source automated tool from Google Chrome that tests websites against a suite of best-practices and metrics, providing a detailed report so developers can see exactly how they stack up, and how to improve. Lighthouse can be used as a browser extension, node module and now even powers the auditing functionality in the developer tools built directly into Google Chrome.
Lighthouse is a fantastic way for developers to spot problem areas that are all too easy to miss: things like accessibility and performance, which are critical, but also invisible. Security was already represented with tests for HTTPS support, but the Lighthouse team wanted to help developers be even more secure.
When you audit your site, Lighthouse looks for what libraries you’re using, and their versions. Then it checks against Snyk’s database to see if there are known security issues. If there are, your sites audit score will be docked, and you’ll be presented with information about the vulnerabilities, with a link to Snyk so that you can learn more and get the issues resolved.
You can try it out today in Google Chrome Canary—no extra install required, it’s baked in by default. It’ll be making it’s way to Google Chrome itself soon.
Increasing Awareness of Known Vulnerabilities
Lighthouse is a tool your front-end teams will likely be using already (or if they’re not, should be). And with the new Snyk integration, they’ll get critical information about potential security issues built into the rest of their auditing making it easier to take action.
While Lighthouse checks what was delivered (looking at the page itself), the best place to spot vulnerable libraries is before they ever make it to production. The earlier you find vulnerable libraries, the easier it is to address through fixing and upgrades.
Attacking an FTP Client: MGETting more than you bargained for
April 04, 2018Snyk identified and responsibly disclosed a directory traversal vulnerability found in FTP clients that connect to malicious servers. This post contains the full details of the vulnerability and what you can do to avoid it.
Tailoring your notifications
March 29, 2018The most common way for Snyk users to find out that they have an issue in their project is via our email alerts. It’s a core part of our service, but until recently, we didn’t have much in the way of configuration around what types of issues would trigger an email alert. As we scale our language support, enabling you monitor more projects in Snyk, we want you to feel better informed about the types of issues that matter to you, while making less noise about the issues that don’t.
Subscribe to The Secure Developer Podcast
A podcast about security for developers, covering tools and best practices.
Interested in web security?
Subscribe to our newsletter: