Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Cloud computing has created the most profound shift in information technology in recent memory. Leveraging cloud technology, companies can build, deploy, and scale their applications faster than ever. But the adoption of cloud native tools and processes also brings new security challenges. Between complex cloud infrastructure and the expansion of cloud-based services, malicious actors have access to a bigger attack surface than they did even a few years ago.

Spotify’s engineering team recently published a blog discussing their use of Snyk to maintain security testing in the SDLC. The following is a recap of that blog written by Engineering Manager, Edina Muminovic. Spotify, a company known for employing thousands of world-class developers, needed to redraw its software development lifecycle, or SDLC.

Onna Technologies, a data centralization software company, integrates security across every facet of their development process by using Snyk and Sysdig. We recently sat down with Onna’s Brent Neal (Director of Security), Mike Hoffman (Lead Security Engineer), and Andrew Leeb (Senior Software Engineer) to discuss data protection and compliance, cloud security priorities, and the benefits using Snyk and Sysdig for complete end-to-end container security.

Technology is always changing and your processes and practices need to keep up with those changes. So while npm is 12 years old, your practices around npm package creation should hopefully be a lot more modern. If you have a feeling they may be a little out of date, though, keep reading.

ConfigMaps is an API object used in Kubernetes to store data in key-value pairs. It’s essentially a dictionary that contains configuration settings. Some details you might expect to find in a ConfigMap include hostnames, public credentials, connection strings, and URLs. A ConfigMap decouples an application’s code from the configurations, making it possible to alter them without impacting the application.

Snyk Open Source supports C and C++ scanning for vendored open source dependencies via CLI — and we are happy to share that it is now available via our CI plugins as well. This guide will walk you through integrating C/C++ security scanning within pipelines to get vulnerability information and remediation advice directly to developers. Note that in the scope of this guide, we’ll refer to “C/C++” as just “C++”