London, UK
Jan 26, 2022   |  By Snyk
Today, 43% of all data breaches are directly linked to vulnerabilities found in applications. With the programming language Python reaching ever greater popularity in the developer space, Snyk has taken an in-depth look at security issues relating to the language and found that, "while 81% of the most popular Python packages are in a healthy state," roughly 20% of the security weaknesses identified by Snyk Code are related to Python projects.
Jan 26, 2022   |  By DeveloperSteve
We recently announced our beta release for PHP support in Snyk Code, which brought with it the ability to identify potential PHP security vulnerabilities at the code level. After a successful public beta program, PHP security support in Snyk Code is now GA. 🎉🎉🎉 PHP is a popular programming language that is used by developers all over the world. In this blog post, we will take a look at some of the features of Snyk Code and how it can be used with PHP.
Jan 25, 2022   |  By Sarah Wills
The Log4Shell vulnerability took the Java community by surprise at the end of 2021, and many organizations are still mitigating its impact. To help development teams stay informed as the situation unfolds, Snyk has created and continues to update its Log4j vulnerability resource center.
Jan 20, 2022   |  By Brian Piper
At SnykCon 2021, there were a number of insightful talks from companies that were able to build successful AppSec programs. As the Lead Platform Architect at Lunar and a Cloud Native Computing Foundation (CNCF) ambassador, Kasper Nissen’s presentation was no exception. In this post, we’ll recap Nissen’s talk about how his security team at Lunar was able to shift security left while building a cloud native bank.
Jan 19, 2022   |  By Eric Smalling
The Cambridge Dictionary defines a policy as: “a set of ideas or a plan of what to do in particular situations that has been agreed to officially by a group of people, a business organization, a government, or a political party.” And in the context of software development, your organization may have some rules about how a policy is built, configured, deployed, and used. Some examples of software policies include.
Jan 18, 2022   |  By Frank Fischer
Snyk Code provides a new generation of static application security testing (SAST). It uses a unique process that uses machine learning to rapidly grow its knowledge base and a Snyk security engineer to assure the quality of the rules. As a result, the Snyk Code knowledge base grows exponentially and results in an industry-leading high accuracy. On top of that, Snyk Code provides real-time scanning so developers can use it right from their favorite IDE.
Jan 12, 2022   |  By Snyk
Snyk announces the appointment of Samantha Wessels as New Vice President, EMEA Sales.
Jan 12, 2022   |  By Brian Vermeer
Traditionally, we start the new year with resolutions. We want to do more good things, like working, other things we try to eliminate. Considering the latter, my 2022 resolution is to stop accidentally exposing confidential information while I hack my application during demos on stage or similar. Yes, this new years resolution sounds very specific, and it has an excellent security horror story behind it…
URLs have forever changed the way we interact with computers. Conceptualized in 1992 and defined in 1994, the Uniform Resource Locator (URL) continues to be a critical component of the internet, allowing people to navigate the web via descriptive, human-understandable addresses. But with the need for human readability came the need for breaking them into machine-usable components; this is handled with URL parsers.
Jan 9, 2022   |  By Liran Tal, Assaf Ben Josef
On January 8, 2022, the open source maintainer of the wildly popular npm package colors, published colors@1.4.1 and colors@1.4.44-liberty-2 in which they intentionally introduced an offending commit that adds an infinite loop to the source code. The infinite loop is triggered and executed immediately upon initialization of the package’s source code, and would result in a Denial of Service (DoS) to any Node.js server using it.
Jan 25, 2022   |  By Snyk
Learn about The Big Fix campaign which Snyk is leading to help developers, and security practitioners fix security issues. Join us to get a sneak (snyk?) peak into the fun.
Jan 19, 2022   |  By Snyk
CISO Journey What is a like CISO role? what was it like an operational ciso v/s a field ciso? like rght now we are talking only about log4j issues and how it would have been for you. What would have been your strategy? Have you seen other field Cxo’s? What is one Unique thing, you are trying to implement? How different is this role from a regular CISO?
Jan 18, 2022   |  By Snyk
The Big Fix brings together developers, DevOps, and security practitioners of all skill levels to help make the internet more secure. Our goal is to make security 100x better in 2022 by finding and fixing 202,200 security vulnerabilities! Join us to help find (and fix!) security vulnerabilities while making friends and winning swag. In this short video we'll help you get started finding (and fixing!) security vulnerabilities in your applications -- it's easy!
Jan 18, 2022   |  By Snyk
As cloud-native technologies disrupt the Application Security (AppSec) market, forward-thinking enterprises are shifting their security to the left. A range of cutting-edge security platforms is now available, empowering developers to build secure applications within the development process. But what do secure applications look like, and why does it matter? Why are enterprises implementing security during the deployment phase?
Jan 17, 2022   |  By Snyk
We talk with the Claroty team and Daniel Stenberg, creator of curl, about URL Confusion Vulnerabilities.
Jan 13, 2022   |  By Snyk
Brian and Kyle chat with Johannes about the project!
Jan 12, 2022   |  By Snyk
On January 8, 2022, the open source maintainer of the wildly popular npm package colors, published colors@1.4.1 and colors@1.4.44-liberty-2 in which they intentionally introduced an offending commit that adds an infinite loop to the source code. The infinite loop is triggered and executed immediately upon initialization of the package’s source code, and would result in a Denial of Service (DoS) to any Node.js server using it.
Jan 6, 2022   |  By Snyk
Navigating the world of secure software development is hard. There is a lot of noise and not enough time to investigate everything thoroughly. Make your life and the lives of your colleagues easier by building a world-class DevSecOps automation pipeline. Automate feedback delivery in a way that makes sense. It doesn’t have to be hard; automate the pain away!
Jan 6, 2022   |  By Snyk
We hear a lot about DevOps but how do we turn it from myth into reality? In this panel with Waleed Arshad, Community Manager at Snyk, Frank Dornberger, Team lead of DevSecOps at movingimage EVP GmbH, and Idir Ouhab Meskine, Staff Solutions Engineer at Splunk, we're go over: Waleed Arshad, Community Manager at Snyk Frank Dornberger, Teamlead DevSecOps at movingimage EVP GmbH Idir Ouhab Meskine, Staff Solutions Engineer at Splunk
Dec 29, 2021   |  By Snyk
Note: As of Dec. 28, 2 PM PST, we recommend upgrading to the latest Log4j version. We give a brief overview of the vulnerability and dive right into some examples of the exploit in action. We then show several real-world remediation approaches as well as other fixes outside code.. We give a final round of fun demos, including container and IaC hacks as well as Java-based game hacks. We wrap up with a great list of takeaway resources and answer your questions.
Mar 8, 2021   |  By Snyk
This book will help both development and application security architects and practitioners address the risk of vulnerable open source libraries and discuss why such vulnerable dependencies are the most likely to be exploited by attackers.
Mar 8, 2021   |  By Snyk
Forrester conducted a customer study to get insights into why organizations choose Snyk to help them tackle and implement developer-first security. Read the report to dive into the benefits, cost and value ROI for Snyk.
Feb 1, 2021   |  By Snyk
This book reviews how the serverless paradigm affects the security of an application, and dives into the benefits it brings.
Feb 1, 2021   |  By Snyk
Snyk's annual State of Open Source Security Report 2020 is here. Download it now to learn how Open Source security is evolving.
Jan 1, 2021   |  By Snyk
81% of security and development professionals believe developers are responsible for open source security - but many organizations are still unsure how to start building a culture and practice of DevSecOps. Puppet & Snyk's study is digging deeper into the trends of DevSecOps adoption.
Jan 1, 2021   |  By Snyk
"Shift left" has become the holy grail for security teams today but organizations are still struggling to successfully implement some of the key processes that shifting security left entails. A new study sponsored by Snyk and conducted by Enterprise Strategy Group (ESG) has found that while developers are indeed being given more responsibility for testing their applications for security issues, they simply don't have the knowledge or right set of tools to do so.
Dec 1, 2020   |  By Snyk
The 2020 Gartner Market Guide for SCA is here! Recent Gartner survey finds that over 90% of organizations leverage OSS in application development - and as a result, security of open source packages was the highest ranked concern for respondents. These concerns have led to a growing market, addressed by various vendors for SCA tools that mitigate the risk of OSS. New trends emerge with devops on the rise - as the market shifts towards developer-friendly SCA tools.

Snyk is an open source security platform designed to help software-driven businesses enhance developer security. Snyk's dependency scanner makes it the only solution that seamlessly and proactively finds, prioritizes and fixes vulnerabilities and license violations in open source dependencies and container images.

Security Across the Cloud Native Application Stack:

  • Open Source Security: Automatically find, prioritize and fix vulnerabilities in your open source dependencies throughout your development process.
  • Code Security: Find and fix vulnerabilities in your application code in real-time during the development process.
  • Container Security Find and automatically fix vulnerabilities in your containers at every point in the container lifecycle.
  • Infrastructure as Code Security Find and fix Kubernetes and Terraform infrastructure as code issues while in development.

Develop Fast. Stay Secure.