Skip to main content

5 ways to get Node.js vulnerability alerts

著者:

2016年6月2日

0 分で読めます

Here at Snyk, we maintain a database of known vulnerabilities in Node.js and front-end npm packages, called Vulnerability DB (also on GitHub). For each vulnerability, it includes a description of the vulnerability, additional references, and most importantly, how to remediate it. The remediations offered are typically either to upgrade to a new version of the package, or - for cases when you cannot or will not upgrade - to apply a patch created by the Snyk security team.

The best way to make sure your project (including all of its dependencies) is constantly monitored for new security risks is have Snyk monitor your specific dependencies for relevant new vulnerabilities. You can do so once using snyk wizard or track your dependencies continuously by adding snyk monitor to your deployment process. This way you’ll get a Snyk alert only for issues in the dependencies your specific project uses.

However, if you also want to get notified about all the new vulns we add to our DB, here are a few IFTTT recipes you’ll find useful.

Slack messages

Email messages

Twitter direct messages

Trello cards

Text messages

These notification methods are all based on the Vulnerability DB RSS feed — feel free to make your own recipes!

CISOがDevSecOps戦略をどのように変革しているか

現在の状況は、500人の開発者に対してセキュリティ専門家は1人という割合です。セキュリティのプロは、開発者がセキュリティ上の判断を下すためのサポートとして、より意識高く、知識を持ち、協力的に業務を遂行する必要があります。