Instant security information with the Snyk security badge
4 de agosto de 2020
0 minutos de leituraWe are excited to announce the Snyk security badge for open source libraries that offers instant security information. This newly introduced item for library maintainers gives users better visibility into the security details. With this badge, you can instantly see whether a library has any vulnerabilities and the level of severity.
At Snyk we know that developers have many things they need to worry about—performance, maintainability, scalability, accessibility, and security are just a few examples. Choosing the right library to depend on is one of the more difficult choices. Snyk provides scanning and security information to help developers keep their projects secure and with this new security badge that displays a library’s security score, the task of choosing the right library becomes an easy one.
How do I get a security badge
The Snyk security badge can be generated for JavaScript, Java, and Python packages. You can generate a badge for JavaScript packages publicly available on npm, Java artifacts available on maven central, or Python packages available on PyPI.
Check our badge creator and incorporate the HTML on your website. The badge includes a link to a detailed security information page explaining what the vulnerabilities are.
Update: Aug 14 — If you don't specify a version below, the badge automatically resolves to the latest published version.
Update: Sep 14 — We also support PHP composer packages now.
Badge scores explained
Badges are generated with a score from A to F where A is the highest score and F the lowest. The color-coded letters indicate how secure a library is.
The score is a very simple but intuitive indication of how the library is doing security-wise.
Calculating the score is quite simple. Snyk distinguishes three severity levels—low, medium, and high. Every low vulnerability gets 1 point, every medium vulnerability 2 points, and every high vulnerability is awarded 4 points.
Accumulating all scores gives the following badge score:
0 point = A1 point = B2 - 3 points = C4 - 5 points = D6 - 9 points = E10 or more = F
This means that you only get a green A score badge if your library is free from vulnerabilities. The severity of a vulnerability also plays a huge part in calculating the score. Scores are updated on a daily basis so the badge represents the current status of the library.
Open source security is cool
Are you a maintainer for a JavaScript, Java, or Python package? Make it easy for developers to choose your package over others by providing instant security information.
And don’t forget that scanning your projects with Snyk is free!
Primeiros passos com Capture the Flag
Saiba como resolver desafios de Capture the Flag assistindo ao nosso workshop virtual de conceitos básicos sob demanda.