Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Snyk

Phony PyPi package imitates known developer

Oct 4, 2022 By Kyle Suero, Elliot Ward In Snyk

Snyk Security Researchers have been using dynamic analysis techniques to unravel the behaviors of obfuscated malicious packages. A recent interesting finding in the Python Package Index (PyPi) attempted to imitate a known open source developer through identity spoofing. Upon further analysis, the team uncovered that the package, raw-tool, was attempting to hide malicious behavior using base64 encoding, reaching out to malicious servers, and executing obfuscated code.

Read Post
Snyk

Choosing the best Node.js Docker image

Sep 29, 2022 By Liran Tal In Snyk

Choosing a Node.js Docker image may seem like a small thing, but image sizes and potential vulnerabilities can have dramatic effects on your CI/CD pipeline and security posture. So, how do you choose the best Node.js Docker image? It can be easy to miss the potential risks of using FROM node:latest, or just FROM node(which is an alias for the former). This is even more true if you’re unaware of the overall security risks and sheer file size they introduce to a CI/CD pipeline.

Read Post
Snyk

Snyk IaC for Terraform Enterprise: Expanding Snyk compatibility with HashiCorp Terraform

Sep 28, 2022 By Sarah Conway In Snyk

Even the most precise and regimented DevOps teams can be plagued by numerous post-deployment security issues, causing potentially damaging production delays and engineering rework. Building on Snyk’s successful acceleration of DevSecOps, Snyk IaC empowers developers to treat Terraform like any other form of code and proactively test IaC early as well as continuously monitor infrastructure post-deployment.

Read Post
Snyk

Introducing the new Snyk UI

Sep 28, 2022 By Steve Winton In Snyk

Starting October 12th, 2022 we’ll be rolling out some exciting new user interface changes for the Snyk application, at app.snyk.io. These changes make use of the Snyk design system by incorporating standardized UI components, an updated color palette, and other elements to help you get even more from Snyk. In this blog post, we’ll walk through the most important changes.

Read Post

Introduction to OWASP's Vulnerable Node.js Apps: Part 1 | Snyk

Sep 28, 2022 By Snyk In Snyk
Introduction to OWASP's Vulnerable Node.js Apps During this livestream we give an introduction to a vulnerable Node.js application created by the OWASP organization. We also show how some of the OWASP Top 10 security risks apply to web applications, and also how to mitigate these concerns. Didn't catch the live stream? Ask all of your Snyk questions and we’ll do our very best to answer them in the comment section.
View Video

Stranger Danger: Your Java Attack Surface Just Got Bigger

Sep 28, 2022 By Snyk In Snyk
Building Java applications today means that we take a step further from writing code. We use open-source dependencies, create a Dockerfile to deploy containers to the cloud, and orchestrate this infrastructure with Kubernetes. Welcome, you're a cloud native application developer! As developers, our responsibility broadened, and more software means more software security concerns for us to address.
View Video
Snyk

Supply chain security and Executive Order M-21-30

Sep 28, 2022 By Vandana Verma In Snyk

On September 14, the White House released Executive Order M-21-30, emphasizing and reminding us that there are NIST guidelines for securing any software being sold to the US Government. According to the Executive Order (EO), self-attestation is a requirement for software vendors or agencies and acts as a “conformance statement” outlined by the NIST Guidance.

Read Post

Copyright © 2026 OpsMatters™. All rights reserved.