Intuit: Dev-First Cloud Native Application Security
Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Breaking Containers to Improve Security: Docker and Snyk
What does a container exploit look like? What happens when someone breaks into your container? How can Docker and Snyk integration help you fix these problems? This Docker Workshop "Breaking Containers to Improve Security" answers these questions in a live hack demo. Snyk and Docker partner to power image scanning behind Docker Desktop and Docker Hub. Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.
Snyk's new vulnerability cards - fix issues fast with a new look and feel
One of our missions at Snyk is a simple one: help developers fix things easily. We further our mission by releasing features and improvements as quickly as possible, but it’s also just as important that developers have an experience which helps them gain as much value from Snyk as possible. This includes being able to quickly understand what needs to be fixed, and making that task incredibly easy.
Snyk Code: An Introduction to Dev-First SAST
Conventional Static Application Security Testing (SAST) tools are limited by lengthy scan times and poor accuracy – returning too many false positives. Sound familiar? That's why Snyk developed a new approach to finding and fixing code vulnerabilities with a developer-friendly experience – introducing: Snyk Code! Watch this live demo of Snyk Code to see how it integrates into Snyk's Cloud Native Application Security platform to help developers build software securely across the entire stack – including the code, open source, containers, Kubernetes, and IaC.
Securing your modern software supply chain
Software supply chain security concerns are more prevalent than ever. The U.S. Pentagon, Department of State, Department of Homeland Security, Microsoft, FireEye – this is just a partial list of the government agencies and companies hacked as a result of the attack on SolarWinds’ proprietary software – the Orion network monitoring program.
SolarWinds Orion Security Breach: A Shift In The Software Supply Chain Paradigm
The recent SolarWinds breach highlights a new paradigm in the Software Supply Chain. When compared simply to the code itself without any additional tools, Proprietary Code is no more secure than Open Source. By contrast, many would argue that Open Source Code is more secure due to a faster fix/patch/update cycle and the pervasive access to source code (Clarke, Dorwin, and Nash, n.d.).
Java configuration: how to prevent security misconfigurations
Java configuration is everywhere. With all the application frameworks that the Java ecosystem has, proper configuration is something that is overlooked easily. However, thinking about Java configuration can also end up in a security issue if it is done in the wrong way. We call this misconfiguration. Security misconfiguration is part of the infamous OWASP top 10 vulnerability list and has a prominent spot on place 6.
How Shutterstock Implemented DevSecOps from the Ground Up
Learn how Shutterstock’s Director of Product and Application Security, Christian Bobadilla, built security into the development culture of Shutterstock from the ground up. Christian will share his experience working with developers on embedding security throughout the SDLC, reducing vulnerabilities in their cloud native applications, and ultimately embracing a new security culture. Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.
Snyk IaC scanning enhancements include Azure and AWS infrastructure as code
Recently I wrote about Infrastructure as Code (IaC) and how Snyk’s IaC scanning can help catch issues in your templates before they make it to provisioning. Our engineering team continues to expand the breadth of our IaC scanning policies to better protect your platforms from vulnerabilities and issues.
How to choose a Software Composition Analysis (SCA) tool
Whether you’re a developer or a security engineer, Software Composition Analysis—or SCA for short—is a term you will start to hear of more and more. If you haven’t already, that is. The reason for this is simple. Your company is increasingly relying on open source software and containers to develop its applications and by doing so is introducing risk in the form of security vulnerabilities and license violations.