Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

April 2021

Snyk & Intuit roundtable: Breaking silos, engaging with security and developer communities

I recently attended a Snyk roundtable with Intuit, and it was such a good session that I wanted to write a post sharing some of the insightful discussion and takeaways — starting with this great artistic impression of the session! As a TL;DR, here are my biggest takeaways from the session.

Why developer-first SAST tools are the future of code security

Application security has a broad scope for teams that build and ship cloud native applications. The landscape spans many processes, tools, and team members, and includes anything from automating secure pipelines (hello DevSecOps) to open source security to cloud infrastructure security testing.

Secure Elixir development with Snyk

We’re happy to announce support for Elixir, enabling development and security teams to easily find, prioritize and fix vulnerabilities in the Elixir and Erlang packages they are using to build their applications! Using the Snyk CLI, Elixir developers can now test and monitor their Mix/Hex projects manually or at key steps of their CI process, ensuring that known vulnerabilities are caught early on and before code is deployed into production.

Kubernetes Quick Hits: Use SecurityContext to run containers with a read-only filesystem

In this episode of our Kubernetes Quick Hits video series, Eric Smalling–Sr. In less than four minutes, you’ll learn how to use the readOnlyRootFilesystem control to keep your containers immutable and safe from modification by hackers and misbehaving code. Snyk helps software-driven businesses develop fast and stay secure. In addition to container security scans, Snyk can continuously monitor to find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.

Shifting security left while building a Cloud Native bank

Building a digital bank requires a unique combination of agility and speed while maintaining the highest level of security. Lunar, a digital challenger bank in the Nordics, has always had technology and agility as a differentiator. Lunar was built for the cloud, with Cloud Native principles, such as microservices, containers, and container orchestration amongst others. In this presentation Kasper will present some insights into the principles on which the Lunar infrastructure was built on, the continuous focus on security, and how application security is shifting left and becoming a developer concern.

Announcing the Snyk Team plan: Secure development for teams

Today we’re excited to announce a new product tier—Snyk Team—designed to help development teams empower themselves to build applications securely, together! No development team wants to write an application that gets hacked—but many don’t have the skills or budget to use the application security tools currently offered in the market.

Snyk Maven plugin: Integrated security vulnerability scanning for developers

Maven is the most commonly used build system in the Java ecosystem, and it has been for many years. Building your application with Maven is easy since it takes care of many things for you. In different phases of the Maven lifecycle, it handles things like: With Maven, the development lifecycle happens the same way on every machine for every developer on the team, as well as within the CI pipeline.

Code Dx 5.3 integrates with Snyk for comprehensive vulnerability management

The Code Dx team is pleased to announce the general availability (GA) of Code Dx 5.3, which notably features an integration with Snyk to help customers integrate open source and container security into their continuous development processes. As we move toward a cloud native world, we’re working to ensure that developer-first tooling, secure cloud infrastructure, container security, and open source tools are fully integrated into Code Dx 5.3.

Kubernetes Quick Hits: SecurityContext and why not to run as root

In this, the first of our series of our Kubernetes Quick Hits videos, Eric Smalling–Sr. In less than five minutes, you understand why you need to *not* run your containers as root and what to do about it if you are. Snyk helps software-driven businesses develop fast and stay secure. In addition to container security scans, Snyk can continuously monitor to find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.

Secure Coding with IntelliJ

How can I do security in IntelliJ? Is there a security code scanner for IntelliJ? How can I test for security in Java? Is there a Snyk plug-in for IntelliJ? Make sure to subscribe so you don't miss new content! We know that IntelliJ IDEA is the most favorite and commonly used IDE in the Java landscape and a lot of developers practically live in their integrated development environment (IDE). A good IDE is like a swiss army knife; it is your go-to tool to do almost everything. Let’s see how we can integrate security and secure development into IntelliJ IDEA using this new Snyk plugin.

Snyk @ Snyk: Enabling Kubernetes RBAC for Snyk's Developers

As Uncle Ben once said, “With great power comes great responsibility.” This is also true of the Kubernetes API. It is very powerful, and you can build amazing things on top of it, but it comes with a price—a malicious user can also use the API to do bad things. Enter Kubernetes RBAC (role based access control), which enables you to use the API in a controlled manner by granting only required privileges needed, following least privilege principle.

Python language support now beta in Snyk Code

Snyk Code now offers beta support for Python 2.x and 3.x projects. You do not have to install or update anything since we added the support to the backend engine and it is available instantly to be used. When a repository is scanned, you will see Python beta results showing up. If you cannot wait for a scheduled rescan, you can manually trigger a scan.

Securing cloud native applications: ActiveCampaign's VP, Information Security provides perspective

Cloud native has been a growing trend as organizations shift away from on-premise infrastructure and longer software release cycles towards a more iterative development approach using cloud-based tooling and infrastructure. While cloud native applications enable rapid deployments and greater scalability, this emerging software approach also introduces security challenges.

How to fix Java security issues while coding in IntelliJ IDEA

Nowadays, developers are responsible for more than just creating the application. Besides working on features, developers have to focus on their applications’ maintainability, scalability, reliability, and security. Many developers are unsure of where to start with security. In addition, most companies still work with a dedicated security team instead of having security expertise inside the team. A lot of developers practically live in their integrated development environment (IDE).

Secure coding with Snyk's new JetBrains IDE plugin

We’re pleased to announce our new plugin for JetBrains IDEs, making it easier for developers to find and fix security issues as they code! Snyk’s new free JetBrains IDE plugin enables developers using IntelliJ IDEA and WebStorm to easily find and fix known vulnerabilities in their open source dependencies as well as any security issues and bugs in their own code.

5 ways to prevent code injection in JavaScript and Node.js

Writing secure code in a way that prevents code injection might seem like an ordinary task, but there are many pitfalls along the way. For example, the fact that you (a developer) follow best security practices doesn’t mean that others are doing the same. You’re likely using open source packages in your application. How do you know if those were developed securely? What if insecure code like eval() exists there? Let’s dive into it.

Snyk chats with Shutterstock about building a DevSecOps culture

While it’s relatively easy to buy modern security tools, the culture of a company can have an enormous impact on the successful rollout of new security processes. In fact, one of the greatest hurdles for implementing a DevSecOps approach to application security is company-wide adoption.

Scanning Harbor registry images for vulnerabilities with Snyk

It’s official! Snyk Container offers support for scanning container images stored in the popular open source container registry, Harbor. Snyk Container helps you find and fix vulnerabilities in your container images, and now it integrates with Harbor as a container registry, enabling you to import your projects and monitor your containers for vulnerabilities. Snyk tests the projects you’ve imported for any known security vulnerabilities found, testing at a frequency you control.

Scanning Red Hat Quay registry images for vulnerabilities with Snyk

We’re excited to share that you can now scan container images stored in Red Hat’s Quay container registry and their hosted Quay.io service with Snyk Container. Snyk Container helps you find and fix vulnerabilities in your container images and integrates with Quay as a container registry to enable you to import your projects and monitor your containers for vulnerabilities, as is fully described in our Snyk Container documentation.