London, UK
May 25, 2023   |  By Benson Kuria Macharia
Penetration testing is crucial to ensuring a resilient security posture within an organization. It simulates an attack on the system, application, or network to discover vulnerabilities before hackers do. Developers often use penetration testing to verify that applications’ internal resources are safe from unauthorized access. In this situation, the tester or ethical hacker serves as a malicious actor. They gather as much information about the system as possible to find exploitable weaknesses.
May 24, 2023   |  By Annabel Gauci
A security violation in the form of a data breach can create costly damage to a company's reputation. But what exactly is a data breach? The European Commission has divided data breaches into three distinct categories — confidentiality breaches, integrity breaches, and availability breaches: In this article, you'll learn more about what a data breach is and how you can prevent data breaches when designing and developing your software.
May 23, 2023   |  By Manoj Nair
We’re thrilled to announce that Snyk has been named a Leader in the 2023 Gartner Magic Quadrant for Application Security Testing! Snyk was named in the Magic Quadrant for Application Security Testing (AST), for the first time, as a Visionary in 2021. And today, we’re excited and honored to announce that Gartner has recognized us in the Leaders Quadrant in the 2023 Magic Quadrant report.
May 22, 2023   |  By Liran Tal
SBOM is the acronym for Software Bill of Materials, which is a list of all the open source npm packages that are part of your project. But it’s not only limited to open source or software packages, and can include operating system libraries, microservices inventory and more.
May 22, 2023   |  By Daniel Berman
The number and complexity of software vulnerabilities is continuously growing. The ability of development and security teams to assess the threat level a given vulnerability poses and prioritize fix efforts accordingly greatly depends on access to as much context as possible about the vulnerability.
May 19, 2023   |  By Mohammad-Ali A'râbi
Nowadays, the final product of most Git repositories is a Docker image, that is then used in a Kubernetes deployment. With security being a hot topic now (and for good reasons), it would be scanning the Docker images you create in the CI is vital. In this piece, I’ll use GitHub Actions to build Docker images and then scan them for security vulnerabilities. The Docker image built in the CI is also pushed to GitHub’s Docker registry.
May 18, 2023   |  By Mariah Gresham
Earlier this year, we released a report on the top 10 open source vulnerabilities from data based on user scans — giving you an inside look into the most common (and critical) vulnerabilities Snyk users found in their third-party code and dependencies. Building on this trend, we decided to look into the most common vulnerabilities in first-party code. While OWASP served as a guiding light for open source security intel, gathering data on proprietary code was a bit more complex.
May 17, 2023   |  By Mariah Gresham
Application security is constantly evolving — and there’s no better place to observe these changes than in the Bay Area. Silicon Valley is home to thousands of companies attempting to solve a multitude of problems, but one thing they all have in common is the often daunting task of risk mitigation.
May 16, 2023   |  By Sarah Conway
ServiceNow’s biggest event of the year — Knowledge 2023 — is here, and Snyk is excited to be a part of it with some big news! Back in January, we announced Snyk Security for Application Vulnerability Response to bring Snyk Open Source software composition analysis to ServiceNow Security Operations.
May 15, 2023   |  By Sarah Conway
Balancing the volume of applications and the increased deployment frequency with the need for security is a struggle for both development and security teams. Recent research indicates that vulnerability management in modern software development has become more complex, with 69% of CISOs acknowledging this challenge. Consequently, many applications are not adequately covered by security scans.
May 19, 2023   |  By Snyk
When starting with Snyk, users can import projects via Git repository or utilize CLI to run test their application code locally or via CI/CD. In this video, we will discuss the onboarding flows meant to help new users utilize the CLI to run their first source code (SAST), open source (SCA), container and infrastructure as code (IaC) tests and start fixing issues. Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.
May 17, 2023   |  By Snyk
What can startups and large enterprises have in common? Different organizational structures that cause friction when bringing in and rolling out a new tool. If you are familiar with Snyk, you’ll know that Groups can hold many organizations, and Organizations contain Projects. But that does not stop there… Each node in the organizational layer has different reporting, access control as well as security and license policy settings.
May 4, 2023   |  By Snyk
Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.
May 2, 2023   |  By Snyk
As part of the Snyk Partner Speak series, this video walks through how Snyk and ServiceNow helps you find, prioritize, and track vulnerabilities in open source dependencies to get a complete view of your application security posture.
Apr 27, 2023   |  By Snyk
Do you want to learn about key initial integrations when getting started with Snyk? Watch this recording where Shawn Miller and Jim Jones cover Integrations 101. You will learn about: Watch if you: Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.
Apr 25, 2023   |  By Snyk
Watch this video to learn: Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.
Mar 23, 2023   |  By Snyk
From cybersecurity Executive Orders, to Emergency Directives, to establishing a presence on the moon, cybersecurity at NASA encompasses a wide variety of both Information and Operational Technology assets, some of which are literally out of this world. Attendees will gain insights into the challenges and best practices in securing critical assets in highly dynamic and complex environments
Mar 23, 2023   |  By Snyk
Watch this office hours where we cover best practices for introducing a blocking/prevention strategy using the CI/CD Integration. Security and engineering teams often fail to find a balance between meeting the necessary security objectives for their organization and ensuring maximum velocity. While security teams view the process of blocking new critical severity vulnerabilities as a basic security best practice, engineering teams often push back out of fear that it will create too much friction for their developers.
Mar 10, 2023   |  By Snyk
Welcome to This Week in VulnDB, Each episode we will look through some of the newer vulnerabilities in the Snyk vulnerability database, looking at emerging trends in attack vectors appearing in programming languages, platforms and ecosystems.
Mar 9, 2023   |  By Snyk
Many organizations are encouraging their developer teams to adopt a security mindset and take more ownership on security issues earlier in the development process. But how can that actually be achieved effectively and what a successful program looks like in practice? In this recording, we’ll discuss some of the program lessons we’ve learnt from many enterprises that are going through this process and investigate different methodologies for implementing DevSecOps and will share what are best practices to follow and common pitfalls to avoid.
Mar 8, 2021   |  By Snyk
Forrester conducted a customer study to get insights into why organizations choose Snyk to help them tackle and implement developer-first security. Read the report to dive into the benefits, cost and value ROI for Snyk.
Mar 8, 2021   |  By Snyk
This book will help both development and application security architects and practitioners address the risk of vulnerable open source libraries and discuss why such vulnerable dependencies are the most likely to be exploited by attackers.
Feb 1, 2021   |  By Snyk
Snyk's annual State of Open Source Security Report 2020 is here. Download it now to learn how Open Source security is evolving.
Feb 1, 2021   |  By Snyk
This book reviews how the serverless paradigm affects the security of an application, and dives into the benefits it brings.
Jan 1, 2021   |  By Snyk
81% of security and development professionals believe developers are responsible for open source security - but many organizations are still unsure how to start building a culture and practice of DevSecOps. Puppet & Snyk's study is digging deeper into the trends of DevSecOps adoption.
Jan 1, 2021   |  By Snyk
"Shift left" has become the holy grail for security teams today but organizations are still struggling to successfully implement some of the key processes that shifting security left entails. A new study sponsored by Snyk and conducted by Enterprise Strategy Group (ESG) has found that while developers are indeed being given more responsibility for testing their applications for security issues, they simply don't have the knowledge or right set of tools to do so.
Dec 1, 2020   |  By Snyk
The 2020 Gartner Market Guide for SCA is here! Recent Gartner survey finds that over 90% of organizations leverage OSS in application development - and as a result, security of open source packages was the highest ranked concern for respondents. These concerns have led to a growing market, addressed by various vendors for SCA tools that mitigate the risk of OSS. New trends emerge with devops on the rise - as the market shifts towards developer-friendly SCA tools.

Snyk is an open source security platform designed to help software-driven businesses enhance developer security. Snyk's dependency scanner makes it the only solution that seamlessly and proactively finds, prioritizes and fixes vulnerabilities and license violations in open source dependencies and container images.

Security Across the Cloud Native Application Stack:

  • Open Source Security: Automatically find, prioritize and fix vulnerabilities in your open source dependencies throughout your development process.
  • Code Security: Find and fix vulnerabilities in your application code in real-time during the development process.
  • Container Security Find and automatically fix vulnerabilities in your containers at every point in the container lifecycle.
  • Infrastructure as Code Security Find and fix Kubernetes and Terraform infrastructure as code issues while in development.

Develop Fast. Stay Secure.