I recently attended a Snyk roundtable with Intuit, and it was such a good session that I wanted to write a post sharing some of the insightful discussion and takeaways — starting with this great artistic impression of the session! As a TL;DR, here are my biggest takeaways from the session.

Application security has a broad scope for teams that build and ship cloud native applications. The landscape spans many processes, tools, and team members, and includes anything from automating secure pipelines (hello DevSecOps) to open source security to cloud infrastructure security testing.

We’re happy to announce support for Elixir, enabling development and security teams to easily find, prioritize and fix vulnerabilities in the Elixir and Erlang packages they are using to build their applications! Using the Snyk CLI, Elixir developers can now test and monitor their Mix/Hex projects manually or at key steps of their CI process, ensuring that known vulnerabilities are caught early on and before code is deployed into production.

We’re happy to share new beta features of Snyk Infrastructure as Code (Snyk IaC) inside the Snyk CLI, adding support for Terraform plan scanning, plus performance and security improvements.

Today we’re excited to announce a new product tier—Snyk Team—designed to help development teams empower themselves to build applications securely, together! No development team wants to write an application that gets hacked—but many don’t have the skills or budget to use the application security tools currently offered in the market.

Maven is the most commonly used build system in the Java ecosystem, and it has been for many years. Building your application with Maven is easy since it takes care of many things for you. In different phases of the Maven lifecycle, it handles things like: With Maven, the development lifecycle happens the same way on every machine for every developer on the team, as well as within the CI pipeline.

The Code Dx team is pleased to announce the general availability (GA) of Code Dx 5.3, which notably features an integration with Snyk to help customers integrate open source and container security into their continuous development processes. As we move toward a cloud native world, we’re working to ensure that developer-first tooling, secure cloud infrastructure, container security, and open source tools are fully integrated into Code Dx 5.3.

As Uncle Ben once said, “With great power comes great responsibility.” This is also true of the Kubernetes API. It is very powerful, and you can build amazing things on top of it, but it comes with a price—a malicious user can also use the API to do bad things. Enter Kubernetes RBAC (role based access control), which enables you to use the API in a controlled manner by granting only required privileges needed, following least privilege principle.

Snyk Code now offers beta support for Python 2.x and 3.x projects. You do not have to install or update anything since we added the support to the backend engine and it is available instantly to be used. When a repository is scanned, you will see Python beta results showing up. If you cannot wait for a scheduled rescan, you can manually trigger a scan.

Cloud native has been a growing trend as organizations shift away from on-premise infrastructure and longer software release cycles towards a more iterative development approach using cloud-based tooling and infrastructure. While cloud native applications enable rapid deployments and greater scalability, this emerging software approach also introduces security challenges.