Python now fully supported in Snyk Code

Earlier this year, we announced the beta support for Python in Snyk Code. This beta period gave us the chance to let customers have access to our extensive collection of Python rules while we finished our knowledge base review and added curated content. We are happy to announce that this work has concluded, and Python is now a fully supported language. 🐍 🎉


Python language support now beta in Snyk Code

Snyk Code now offers beta support for Python 2.x and 3.x projects. You do not have to install or update anything since we added the support to the backend engine and it is available instantly to be used. When a repository is scanned, you will see Python beta results showing up. If you cannot wait for a scheduled rescan, you can manually trigger a scan.


Preventing SQL injections in Python (and other vulnerabilities)

Python is a wonderful language, ideal for beginners, and easy to scale up from starter projects to complex applications for data processing and serving dynamic web pages. But as you increase complexity in your applications, it can be easy to inadvertently introduce potential problems and vulnerabilities. In this article, I will highlight the easiest to miss that can cause the biggest problems, how to avoid them and tools and services that help you save time doing so.


Fixing CRLF Injection Logging Issues in Python

It can sometimes be a little challenging to figure out specifically how to address different vulnerability classes in Python. This article addresses one of the top finding categories found in Python, CWE 117 (also known as CRLF Injection), and shows how to use a custom log formatter to address the issue. We’ll use this project, which deactivates or deletes user accounts from the Veracode platform, to illustrate the functionality.


Sort, Filter, and Remap API Data in Python

Are you taking data from an API in the format the web services gives it to you? You should not dictate the structure of data inside your application based on how an API provider structures their data. Instead, you can take advantage of the power of Python's list manipulation techniques to sort, filter, and reorganize data in ways that best suit your needs.


How to Listen for Webhooks with Python

Webhooks run a large portion of the "magic" that happens between applications. They are sometimes called reverse APIs, callbacks, and even notifications. Many services, such as SendGrid, Stripe, Slack, and GitHub use events to send webhooks as part of their API. This allows your application to listen for events and perform actions when they happen. In a previous article, we looked at how to consume webhooks with Node.js and Express.


Top 10 Python security best practices

On the sleepy island of Gozo, security isn’t a concern. Tourists can leave their bags on the beach and go off on an adventure without worrying that their belongings will be stolen. In my home city, however, we say that “if you don’t tie it down, it’s not yours.” Everything can be stolen. Similarly, the internet is the biggest and busiest city in the world! If it can be read, copied, written, or injected with SQL, it’s not yours.