%term

10 Supply Chain Security Tips That Won't Slow Development Down

Jun 10, 2021 By Maciej Mensfeld In Mend

As supply chain attacks continue to dominate headlines, software development teams are beginning to realize that package management can’t be taken lightly — the threats hidden under the hood are real. In this installment of The Source, we want to talk about the practices and tools that developers need to adopt in order to protect against supply chain attacks.

Read Post

Mend

Read more about 10 Supply Chain Security Tips That Won't Slow Development Down

Understanding the software supply chain security requirements in the cybersecurity Executive Order

Jun 10, 2021 By Daniel Berman In Snyk

President Biden’s cybersecurity executive order from last month should cause little surprise for anyone following news headlines over the past year. The order is the U.S. Federal Government’s important response to a long list of incidents, starting with the SolarWinds attack and ending with a recent ransomware attack against Colonial Pipeline —- the largest known attack against a US energy firm.

Read Post

Snyk

Read more about Understanding the software supply chain security requirements in the cybersecurity Executive Order

Stranger Danger! Your App is Only as Secure as your Weakest Line of Code

Jun 10, 2021 By Snyk In Snyk

Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.

View Video

Snyk

Read more about Stranger Danger! Your App is Only as Secure as your Weakest Line of Code

Secure development in Visual Studio with Snyk Open Source

Jun 9, 2021 By Daniel Berman In Snyk

We’re pleased to announce our new extension for Visual Studio, making it easier for developers to stay both secure and compliant as they code within their favorite IDE. The extension supports Visual Studio 2015, 2017, and 2019. Snyk’s new free extension for Visual Studio enables developers to easily find and fix both known vulnerabilities and license issues in their open source dependencies, helping them address security early on and ship secure code faster.

Read Post

Snyk

Read more about Secure development in Visual Studio with Snyk Open Source

Recapping DockerCon 2021 with Snyk: Red Ventures, Docker container security, and more

Jun 9, 2021 By Sarah Conway In Snyk

DockerCon 2021 brought containerization experts together to discuss all things Docker, from building containerized applications and running container images to improving container security. In this post, we’ll recap a live panel discussing how container security fits into the new cloud native era, how Red Ventures scaled container security scanning with Snyk, and ways to make vulnerability remediation easier.

Read Post

Snyk

Read more about Recapping DockerCon 2021 with Snyk: Red Ventures, Docker container security, and more

Snyk Builds Security into AWS CodePipeline to Mitigate Open Source Risk for Developer and Security Teams

Jun 8, 2021 By Snyk In Snyk

Latest integration inside the AWS CodePipeline console builds upon continued collaboration to deliver Snyk products within the AWS DevOps segment, AWS Marketplace, and AWS GovCloud.

Read Post

Snyk

Read more about Snyk Builds Security into AWS CodePipeline to Mitigate Open Source Risk for Developer and Security Teams

Automate vulnerability scanning in AWS CodePipeline with Snyk

Jun 8, 2021 By Jay Yeras In Snyk

Empowering developers to build securely has always been Snyk’s mission. We enable you to find and fix security vulnerabilities in your code and open source dependencies, as well as enable development teams to easily integrate security testing as part of their automated delivery pipelines. Snyk also provides native integrations with leading CI/CD platforms such as Jenkins, TeamCity, and CircleCI. To this end, we are happy to announce Snyk’s latest integration with AWS CodePipeline.

Read Post

Snyk

Read more about Automate vulnerability scanning in AWS CodePipeline with Snyk

A Team-Centric View of Security with Snyk and CloudBees

Jun 8, 2021 By Snyk In Snyk

How does a team-centric collaboration focus change how a team maintains the security of the code? In this fireside chat, Patrick Debois, Snyk Labs Researcher, joins Anders Wallgren, Vice President of Technology Strategy at CloudBees. to explore this theme. They discuss what's new and changing with application security and what have we learned from DevOps that organizations can and should apply to DevSecOps.

View Video

Snyk

Read more about A Team-Centric View of Security with Snyk and CloudBees

I can use VS Code to hack into your development environment

Jun 8, 2021 By Snyk In Snyk

We have been witnessing an ever-growing amount of supply chain security incidents in the wild. And now, those incidents are starting to extend to the place where developers spend most of their time: their integrated development environment, and specifically the Visual Studio Code IDE. Recently, Snyk has discovered and disclosed vulnerabilities that pose a real and imminent threat to developers who use these extensions. The potential compromise is so significantly severe that a remote code execution on a developer’s machine is possible by simply tricking the developer to click a link.

View Video