Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

Automate security controls from development to production on Google Cloud

To help businesses develop fast and stay secure, Snyk prioritizes seamless compatibility with developers’ existing workflows. In other words, every major tool or environment a developer touches in their everyday work can interface with Snyk tooling. This compatibility includes partnerships with major cloud providers like Google Cloud.

Why "vulnerability management" falls short in modern application security

Faced with the growing complexity of software development environments, combined with expanding cyber threats and regulatory requirements, AppSec teams find themselves grappling with a daunting array of challenges. While the advent and subsequent adoption of "shift left" methodologies marks a significant and necessary step forward, it is now evident that this approach requires an accompanying mindset shift.

4 AI coding risks and how to address them

96% of developers use AI coding tools to generate code, detect bugs, and offer documentation or coding suggestions. Developers rely on tools like ChatGPT and GitHub Copilot so much that roughly 80% of them bypass security protocols to use them. That means that whether you discourage AI-generated code in your organization or not, developers will probably use it. And it comes with its fair share of risks. On one hand, AI-generated code helps developers save time.

Snyk and AWS announce native Amazon EKS support directly from the AWS Management Console

We’re excited to announce that Snyk has now developed an AWS Marketplace add-on for Amazon Elastic Kubernetes Service (Amazon EKS), embedded directly into the AWS Management Console! Snyk joins a small number of approved ISVs around the globe, allowing customers to deploy a Snyk agent on Amazon EKS clusters using the same methods you would use to deploy native AWS services, either manually via the AWS Management Console or by using AWS’ command-line interface (CLI).

AI quality: Garbage in, garbage out

If you use expired, moldy ingredients for your dessert, you may get something that looks good but tastes awful. And you definitely wouldn’t want to serve it to guests. Garbage in, garbage out (GIGO) applies to more than just technology and AI. Inputting bad ingredients into a recipe will lead to a potentially poisonous output. Of course, if it looks a little suspicious, you can cover it in frosting, and no one will know. This is the danger we are seeing now.

Call for action: Exploring vulnerabilities in Github Actions

To address the need for streamlined code changes and rapid feature delivery, CI/CD solutions have become essential. Among these solutions, GitHub Actions, launched in 2018, has quickly garnered significant attention from the security community. Notable findings have been published by companies like Cycode and Praetorian and security researchers such as Teddy Katz and Adnan Khan.

Talk to us about Snyk CLI

At the end of April 2024, we introduced Semantic Versioning and release channels to Snyk CLI, changes that were well received by our customers. Building on that momentum, we aim to design the CLI so that it not only helps you do your job well but also brings you joy in doing so. We invite you to accompany us on this path to discover together. In today’s blog post, Neil and I, the design and product duo for Snyk CLI, will share the following three things with you.

Securing next-gen development: Lessons from Trust Bank and TASConnect

Today, the average application contains thousands of moving parts. Organizations deploy to multi-cloud environments with containers and microservices, using a combination of code written by internal teams, generated by AI, and curated by third parties. Security teams face a tall order in keeping these complex applications secure, especially given the increasing number of software supply chain attacks.