There’s never a dull moment at Snyk and for our Channel team that it’s been especially rewarding. We’re very excited to say that this week Snyk Infrastructure as Code (Snyk IaC) was named the winner of the cloud security category for the 2021 CRN Tech Innovator award. The full list of winners, unveiled earlier this week, showcases innovative vendors in the IT channel across 47 different technology categories, in key areas ranging from cloud to storage to networking to security.

Managing application resources at scale can be tricky business. As such, many DevOps and AppSec teams turn to using a declarative framework rather than writing individual scripts to deploy, manage, and maintain access controls for their resources. For Azure environments, Azure Resource Manager (ARM) is this management layer that allows teams to manage their infrastructure as code (IaC) through declarative ARM templates.

Red Hat® OpenShift® Container Platform (OCP) is an enterprise-grade Kubernetes platform for building, deploying, running, and managing containerized applications in a hybrid world. The reality is that with Red Hat OCP, building, deploying, running, and managing containerized workloads couldn’t be any easier.

When David McCheyne, DevOps Engineer at Datto, outlined a plan to ease the company into developer-first security using Snyk, he thought it would take his teams a year to prove the concept. A seasoned DevOps pro, David understood very well the enormity of this change and was prepared to slowly introduce Datto security champions to the Snyk platform and not force the process.

On November 1st, 2021, a public disclosure of a paper titled Trojan Source: Invisible Vulnerabilities described how malicious actors may employ unicode-based bidirectional control characters to slip malicious source code into an otherwise benign codebase. This attack relies on reviewers confusing the obfuscated malicious source code with comments.

Embedded devices with limited memory and storage resources are likely to leverage a tool such as BusyBox, which is marketed as the Swiss Army Knife of embedded Linux. BusyBox is a software suite of many useful Unix utilities, known as applets, that are packaged as a single executable file. Within BusyBox you can find a full-fledged shell, a DHCP client/server, and small utilities such as cp, ls, grep, and others.

2020-2021 were unusually rough in the information security field. The pandemic accelerated the pace of discovering new attack techniques and the attacker’s motivation was high due to the potential impact of each attack. In addition, work methodologies that have changed led to the exposure of new vulnerabilities and an increase in the organizational attack surface.

I recently had to revamp my home office setup and decided to make a trip to my closest IKEA. The wide range of choices of desks in Micke, Malm, Brusali, Alex, and Bekant was only the beginning of the journey. I knew I had to head back home with the desk, find a good place to unpack the unit, find my screwdrivers, hammer, alan keys, and finally dedicate a few hours of labor to assemble everything. I enjoy the process but it is not devoid of frustrations.

At Rezilion, we eliminate friction in the DevSecOps process by identifying which vulnerabilities pose an actual risk to an organization. This dynamic approach allows us to filter out unloaded vulnerabilities and reduce the workload of the security and development teams. Because we need to analyze the process we also need to understand its runtime environment (native, c#, java, python, etc.) and based on its runtime, analyze it differently.