Raul Onitza-Klugman, Senior Security Researcher at Snyk, joins Kyle to take a deep dive in to the latest set of malicious packages discovered by the Snyk Security Research team. Join us as we discuss how these findings came to be, what they mean for open source security, and some hypotheses about the future of supply chain security.

Building Java applications today means that we take a step further from writing code. We use open-source dependencies, create a Dockerfile to deploy containers to the cloud, and orchestrate this infrastructure with Kubernetes. Welcome, you're a cloud native application developer! As developers, our responsibility broadened, and more software means more software security concerns for us to address.

During this live stream, we explored the vulnerability known as Dompdf. We looked at what DomPDF is, how DomPDF makes your applications vulnerable, and most importantly what you can do to protect yourself.

Adolfo García Veytia, Staff Software Engineer at ChainGuard and Tech Lead on the Kubernetes SIG-Release team, joins Eric and Kyle to talk about how they were able to tackle signing all of the Kubernetes v1.24 image artifacts using Sigstore. Then we will demonstrate signing an image and vulnerability scan result attestations with Sigstore's cosign utility.

In an ecosystem with an increasing number of dependencies, maintainers and supply chain attacks, discover an open source tool designed to analyze in depth the dependencies of a given remote package or local manifest. Not knowing what’s in the node_modules directory is a bad dream from the past. Dive in with me to find out the secrets that your dependencies hide from you.

Getting started with Snyk is fast and free. Nope, it's not a free trial. It's a free tier that you can use for personal projects or for work!

During this live stream we had a conversation with the director of Information Security at Just Eat Takeaway Sherif Mansour, where we explored his day-to-day activities and how Snyk's products help him to perform his role.

Building JavaScript applications today means that we take a step further from writing code. We use open-source dependencies, create a Dockerfile to deploy containers to the cloud, and orchestrate this infrastructure with Kubernetes. Welcome, you're a cloud native application developer! As developers, our responsibility broadened, and more software means more software security concerns for us to address.

Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.

Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.