In this episode of our Kubernetes Quick Hits video series, Eric Smalling–Sr. Developer Advocate at Synk– talks about Linux Capabilities and why you probably can run with none of them enabled. Linux Capabilities is item number six from our recently published cheatsheet, 10 Kubernetes Security Context settings you should understand, check it out and start securing your Kubernetes application deployments today!

Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.

Learn about Snyk's Docker integrations and how the companies work together to help developers secure container images quickly and efficiently early in the software application development lifecycle.

Wouldn't it be great if we, developers, learn about application security by training on purposely-built vulnerable applications rather than finding our mistakes in production? Yes, we think so too. In this session, we welcome Priscila Oliveira, Software Engineer at Sentry and core contributor of open source npm proxy project Verdaccio, to chat about her appsec experiences as developer, and learn together about secure coding practices, how to hack a live application, open source vulnerabilities and how to fix them.

In this episode of our Kubernetes Quick Hits video series, Eric Smalling–Sr. Developer Advocate at Synk– talks about privileged mode containers and why, for the vast majority of us, it’s simply a bad idea as well as some ideas for finding and preventing its use. Privileged mode is part of item number five from our recently published cheatsheet, 10 Kubernetes Security Context settings you should understand, check it out and start securing your Kubernetes application deployments today!

Writing quality code is something all of us developers strive for, but it's not an easy task. Secure coding conventions have long been an aspiring goal for many developers, as they scour the web for best practices, and guidelines from OWASP and other resources. Some developers may have even tried using static code analysis to find security issues, like the use of linters (ESLint), only to find out that they are brittle and report on many false positives.

Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.

How does a team-centric collaboration focus change how a team maintains the security of the code? In this fireside chat, Patrick Debois, Snyk Labs Researcher, joins Anders Wallgren, Vice President of Technology Strategy at CloudBees. to explore this theme. They discuss what's new and changing with application security and what have we learned from DevOps that organizations can and should apply to DevSecOps.

We have been witnessing an ever-growing amount of supply chain security incidents in the wild. And now, those incidents are starting to extend to the place where developers spend most of their time: their integrated development environment, and specifically the Visual Studio Code IDE. Recently, Snyk has discovered and disclosed vulnerabilities that pose a real and imminent threat to developers who use these extensions. The potential compromise is so significantly severe that a remote code execution on a developer’s machine is possible by simply tricking the developer to click a link.

The traditional way of measuring the effectiveness of our application security programs doesn't translate into the new age of cloud transformation and DevOps software delivery. So, which metrics should we be looking at – and how do you measure them accurately? In this recording, Snyk Field CTO, Simon Maple, sits down with Alyssa Miller, BISO at S&P Global and Nick Vinson, DevSecOps Lead at Pearson, to discuss their different approaches to measuring security in a cloud native world.