March in review: State of Open Source Security survey, All.The.Talks virtual conference, and more
Eirini-Eleni Papadopoulou
31 de março de 2020
0 minutos de leituraWe are wrapping up this month and we present to you the most interesting highlights and security news from March 2020, including the launch of the State of Open Source Security survey, and several product updates from Snyk.
Security news
Our State of Open Source Security survey is now live!
Help us analyze trends in how organizations are using and securing open source software and cloud native technologies. Once we collate all the results, we'll create our 2020 report that we'll make available to you and the community!
Take the survey here.
Update: check out the new State of Open Source Security Report 2020!
How to detect and fix Kubernetes access restriction vulnerability CVE-2019-11249
Kubernetes remains a powerful open source system for developers, but like any tool needs to be used carefully. This post discusses two recent vulnerabilities (CVE-2019-11247 and CVE-2019-11249) and how you can address them. Read more here.
What is a backdoor? Let’s build one with Node.js
We have seen dependencies become the perfect target for cybercriminals, with many new attacks enacted, like typosquatting attack or event-stream incident. This post showcases how we can end up with a malicious backdoor in the ecosystem and discusses ideas for mitigating the risk. Read the full article here.
News from Snyk
Product updates
This exciting new partnership between Snyk and Neighbourhoodie Software, makers of Greenkeeper and developer tooling innovators, has allowed us to improve our automatic dependency upgrades functionality. Read more here.
Combined status checks for pull request tests: Instead of seeing multiple Snyk security and license status checks per Snyk project (one Snyk project is equivalent to one manifest file), you'll now see only two combined status checks per project. Get started
Snyk Container improvements and expanded platform support: learn more about our integration between Amazon ECR and EKS and support for Red Hat OpenShift 4 here and here.
Kubernetes configuration scanning: allows you to find and fix issues in your Kubernetes configuration files. The initial release integrates with source code managers to detect Kubernetes files and provide fix recommendations. Enable this feature here.
Videos
If you prefer videos to written documentation, we got you covered! Check out our introductory videos on how to use Snyk, learn your way around the Snyk app and its basic functions. Find all our videos here.
Stay up-to-date directly from our in-app widget
Visit us at https://updates.snyk.io/ and never miss the feature you've been waiting for again.
Community learnings
Security Boulevard: Integrate Security Early and Often For Successful DevSecOps
Join this presentation by Snyk and Rapid7 to learn how security experts are evolving application security. April 9 | Register here.
On DevOps.com: Do You Trust Your DevSecOps Pipeline?
Join Patrick Debois, Snyk DevOps Evangelist and co-author of “The DevOps Handbook,” along with Anders Wallgren, CloudBees Field CTO, as they share tips to allow developers and operators to increase delivery velocity and harden their pipelines. April 16 | Register here.
MyDevSecOps Webinar: Cloud misconfiguration detection- Runtime vs Static analysis
Tune into Barak Schoster's webinar on “Cloud misconfiguration detection - Runtime vs Static analysis”. April 2.
DevSecCon 24 Virtual Conference
Join the first-ever DevSecCon virtual conference delivering top DevSecOps content over 24 hours without leaving your home or office! It’s a free event, so mark your calendars for June 15th & 16th and register to attend.
Destination: Centralization Conference
Join us on April 16th at this digital conference from Kong exploring how container and microservices adoption is impacting software architectures
Register to hear Snyk's Developer Advocate Liran Tal walk through how to test APIs, whether they are GraphQL, REST or Event-driven, to help simplify continuous delivery of microservices.