London, UK
Jun 23, 2022   |  By Soumen Mukherjee
For application security, the shift left strategy is something that every enterprise is embracing today, which essentially means putting the security controls in earlier stages of development. This is more like a “nipping the problem in the bud” strategy where the security controls in their respective domains highlight the potential security weaknesses related to vulnerabilities in code, vulnerabilities in third-party packages and code quality issues.
Jun 22, 2022   |  By Tales Casagrande
Snyk Ambassadors are passionate about sharing their security expertise. Become one today by signing up! In the shipping industry, the container format follows ISO 668, a standard format that regulates the safe stacking of containers. Imagine your applications with multiple containers, running different applications, serving different purposes for people all over the world.
Jun 21, 2022   |  By Snyk
The State of Open Source Security Highlights Many Organizations Lacking Strategies to Address Application Vulnerabilities Arising from Code Reuse.
Jun 21, 2022   |  By Megan Moore
Open source software is a key component in modern applications. It has created a new era in software development, promoting a free exchange of ideas within the developer community and enabling developers to build more functional software, faster than ever. Based on most estimates, 70-90% of any piece of modern software includes open source code.
Jun 17, 2022   |  By Tal Dromi, Product Manager
Contributing to a legacy software development project, as a security-aware developer, is a bit like inheriting an old house. In my old house, the roof is missing tiles, the bathroom taps are dripping, the front door doesn't lock properly, the hallway needs redecorating and there are worrying cracks in the foundations. I don't know where to start. The security problems with the application I've recently (hypothetically) joined are similarly vexing and diverse. It has deprecated dependencies to older versions of software libraries. It could be misconfigured using insecure protocols.
Jun 8, 2022   |  By Erin Cullen
The cloud has enabled organizations to build and deploy applications faster than ever, but security has become more complex. The shift to cloud has created a world where everything is code — not just the applications, but also the infrastructure they run on. So, any security issue within an application or cloud environment can put an entire system at risk. And keeping that cloud native application stack secure is increasingly the responsibility of development teams.
Jun 6, 2022   |  By Aviad Hahami
Great things happen when the academic world and the software industry work together! Today, we’d like to share a story about our recent collaboration with the CISPA Helmholtz Center for Information Security, a big science institution in Germany. Back in January, Cris Staicu Ph.D. (Tenure-Track Faculty, CISPA), contacted us about his research on NodeJS and JavaScript.
Jun 2, 2022   |  By Dickson Boateng
Policies have a vital role in every organization, but can mean a lot of different things depending on the context. For our purposes, a policy refers to the principles or ideas that an organization uses to make decisions. In this post, we’ll discuss Open Policy Agent (OPA) and its rule language, Rego, highlighting how we can use them to write a simple policy for a payroll microservice.
May 26, 2022   |  By Brian Piper
During SnykWeek Boston, Simon Maple (Field CTO, Snyk) led a panel discussion about developer adoption of application security. The panelists included: Want the TL;DR? Here are some of our favorite takeaways: Read on to dive deeper into these illuminating insights around organizing security teams, setting security goals, empowering developers, improving compliance, and much more.
May 24, 2022   |  By Kirill Efimov
Snyk recently discovered overt 200 malicious packages in the npm registry. While we acknowledge that vulnerability fatigue is an issue for developers, this article is not about the typical case of typosquatting or random malicious package. This article shares the findings of targeted attacks aimed at businesses and corporations that Snyk was able to detect and share the insights.
Jun 16, 2022   |  By Snyk
In this episode, we’ll take a look at Snyk IaC - how to use it, what problems it solves, and we’ll also look at the new drift functionality with special guest Stephane Jourdan Throughout the session you can ask us anything! Bring all of your Snyk questions and we’ll do our very best to answer them.
Jun 16, 2022   |  By Snyk
Secure Containers and Eliminate Noise from Code to Production with Sysdig and Snyk. Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.
Jun 15, 2022   |  By Snyk
Building JavaScript applications today means that we take a step further from writing code. We use open-source dependencies, create a Dockerfile to deploy containers to the cloud, and orchestrate this infrastructure with Kubernetes. Welcome, you're a cloud native application developer! As developers, our responsibility broadened, and more software means more software security concerns for us to address.
Jun 14, 2022   |  By Snyk
When choosing open source packages for your projects it can be cumbersome and overwhelming. You need to evaluate them to make sure they fit your needs while also being well supported. Learn about some best practices when evaluating open source software and walk away with a free tool that can speed up this process for you.
Jun 7, 2022   |  By Snyk
This talk by Tomas Gonzalez, partner solutions architect at Snyk, talks about the rise of the security-conscious developer - someone who champions the use of new cloud technologies with a security mindset. This doesn’t mean developers are solely responsible for security risk management in isolation; secure developers are aware of risk management processes, are armed with the right technology to enforce them, and apply a shared-responsibility mentality to enable an agile, thriving secure business.
Jun 6, 2022   |  By Snyk
Zbyszek Tenerowicz (a.k.a. ZB) teaches us how we can be susceptible to malicious packages as developers. We also see demos on the possibilities of what a malicious package can do such as modify code, package.json publish scripts and more. You're sure to learn something new in this session and level up your Developer security skills. This was a recorded livestream titled "My NPM Package Will Eat Your Lunch"
Jun 2, 2022   |  By Snyk
Developer-focused security from code to cloud, and back to code. Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.
Jun 1, 2022   |  By Snyk
Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.
May 31, 2022   |  By Snyk
Visual Studio Code (VS Code) is a code editor redefined and optimized for building and debugging modern web and cloud applications. The Snyk integration for VS Code can help you create secure applications from the beginning. Join us to learn more about Snyk VS Code capabilities. During this session, we’ll take a look at: Throughout the session you can ask us anything! Bring all of your Snyk questions and we’ll do our very best to answer them.
May 26, 2022   |  By Snyk
Learn about interesting JS use cases, tricks, and challenges. Hosted by Brian Clark and Gerald Crescione. Chapters: 00:00:00 - Stream Start Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.
Mar 8, 2021   |  By Snyk
Forrester conducted a customer study to get insights into why organizations choose Snyk to help them tackle and implement developer-first security. Read the report to dive into the benefits, cost and value ROI for Snyk.
Mar 8, 2021   |  By Snyk
This book will help both development and application security architects and practitioners address the risk of vulnerable open source libraries and discuss why such vulnerable dependencies are the most likely to be exploited by attackers.
Feb 1, 2021   |  By Snyk
Snyk's annual State of Open Source Security Report 2020 is here. Download it now to learn how Open Source security is evolving.
Feb 1, 2021   |  By Snyk
This book reviews how the serverless paradigm affects the security of an application, and dives into the benefits it brings.
Jan 1, 2021   |  By Snyk
"Shift left" has become the holy grail for security teams today but organizations are still struggling to successfully implement some of the key processes that shifting security left entails. A new study sponsored by Snyk and conducted by Enterprise Strategy Group (ESG) has found that while developers are indeed being given more responsibility for testing their applications for security issues, they simply don't have the knowledge or right set of tools to do so.
Jan 1, 2021   |  By Snyk
81% of security and development professionals believe developers are responsible for open source security - but many organizations are still unsure how to start building a culture and practice of DevSecOps. Puppet & Snyk's study is digging deeper into the trends of DevSecOps adoption.
Dec 1, 2020   |  By Snyk
The 2020 Gartner Market Guide for SCA is here! Recent Gartner survey finds that over 90% of organizations leverage OSS in application development - and as a result, security of open source packages was the highest ranked concern for respondents. These concerns have led to a growing market, addressed by various vendors for SCA tools that mitigate the risk of OSS. New trends emerge with devops on the rise - as the market shifts towards developer-friendly SCA tools.

Snyk is an open source security platform designed to help software-driven businesses enhance developer security. Snyk's dependency scanner makes it the only solution that seamlessly and proactively finds, prioritizes and fixes vulnerabilities and license violations in open source dependencies and container images.

Security Across the Cloud Native Application Stack:

  • Open Source Security: Automatically find, prioritize and fix vulnerabilities in your open source dependencies throughout your development process.
  • Code Security: Find and fix vulnerabilities in your application code in real-time during the development process.
  • Container Security Find and automatically fix vulnerabilities in your containers at every point in the container lifecycle.
  • Infrastructure as Code Security Find and fix Kubernetes and Terraform infrastructure as code issues while in development.

Develop Fast. Stay Secure.