Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

October 2021

Accelerating the Snyk infrastructure as code vision with the addition of CloudSkiff

We are thrilled to welcome the team at CloudSkiff to Snyk! Many of you may be more familiar with driftctl, the open source project started by the CloudSkiff team. I wanted to share with you why we’re excited about the addition of this fantastic group of people to Snyk, and our plans for the future of Snyk Infrastructure as Code (Snyk IaC), as well as our commitment to keeping driftctl open source.

Sharpen your security skills with open source! Introduction to modern infrastructure access

Secure access to complex computing environments is hard to get right. Introducing the open source identity-aware access proxy: Teleport. It is used by engineers at smart companies Nasdaq and Google, to easily access all to their computing resources — SSH servers, Kubernetes clusters, or databases. For security professionals, Teleport uses short-lived certificates, audit logs, and session recordings to make it easier to achieve high security standards and compliance.

Popular JavaScript Library ua-parser-js Compromised via Account Takeover

A few hours ago, an npm package with more than 7 million weekly downloads was compromised. It appears an ATO (account takeover) occurred in which the author’s account was hijacked either due to a password leakage or a brute force attempt (GitHub discussion).

Snyk joins OpenSSF: Tackling open source supply chain security with a developer-first approach

I’m excited to share that Snyk has joined the Linux Foundation’s expanded support of the Open Source Security Foundation (OpenSSF) as a premier member alongside Microsoft, Google, Cisco, Facebook, Intel, VMware, Red Hat, Oracle, and others. As Snyk’s mission is to enable developers to develop fast while staying secure, we believe that this cross-industry collaboration is critical to the future of software development and improving the security of open source.

Community is the Key to Investor Funding for Open-Source Startups

Securing investors is always a challenge for startups. But for open-source companies, it’s even harder. Open-source companies need the right investors to innovate and enter new markets. But when you deal with a specific subset like open source, it can be difficult to find VCs with the required experience and knowledge. Those of us in the open-source community know it’s not just about the money — it’s also about continuing to grow the community.

What is Open Source Intelligence?

Open source intelligence (OSINT) is the process of identifying, harvesting, processing, analyzing, and reporting data obtained from publicly available sources for intelligence purposes. Open source intelligence analysts use specialized methods to explore the diverse landscape of open source intelligence and pinpoint any data that meets their objectives. OSINT analysts regularly discover information that is not broadly known to be accessible to the public.