Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Snyk

The State of Infrastructure as Code Security at Kubecon Europe

May 10, 2021 By Snyk In Snyk
The adoption of infrastructure-as-code and configuration-as-code is soaring with the rising popularity of technologies like Kubernetes and Terraform. This means that designing and deploying infrastructure is a developer task, even if your “developer” is an infrastructure architect, and, just like application code, configurations can use test-driven methodologies to automate security prior to deployment.
View Video
Snyk

SuiteCRM: PHAR deserialization vulnerability to code execution

May 7, 2021 By Sam Sanoop In Snyk

SuiteCRM is a free and open source Customer Relationship Management application for servers. This advisory details a PHAR deserialization vulnerability that exists in SuiteCRM which could be leveraged by an authenticated administrator to execute commands on the underlying operating system. This issue has been fixed in release 7.11.19. In PHP, PHAR (PHP Archive) files can be used to package PHP applications and PHP libraries into one archive file.

Read Post
Snyk

Snyk Code is now available for free

May 6, 2021 By Frank Fischer In Snyk

Snyk’s mission is to empower developers and DevOps teams to secure their applications. As part of that security mission, Snyk offers a Free plan for Snyk Open Source, Snyk Container, and Snyk Infrastructure as Code, so all developers can code securely. Today, we’re excited to announce that Snyk Code is now available for free as well.

Read Post
Snyk

Snyk uncovers malicious code activities in open source supply chain security on the npm registry

May 5, 2021 By Liran Tal In Snyk

Open source helps developers build faster. But who’s making sure these open source dependencies (sometimes years out of development) stay secure? In a recent npm security research activity, Snyk uncovered a total of 8 npm packages which matched a specific malicious code vector of attack. This specific attack vector of the malicious packages included packages which had pre/post install scripts, which allowed them to run arbitrary commands when installed.

Read Post
Snyk

GitHub Security Code Scanning: Secure your open source dependencies

May 4, 2021 By Daniel Berman In Snyk

We are happy to announce Snyk Open Source support for GitHub Security Code Scanning, enabling you to automatically scan your open source dependencies for security vulnerabilities and license issues, as well as view results directly from within GitHub’s Security tab! A key ingredient of Snyk’s developer-first approach is integrating Snyk’s security data into the exact same processes that developers are using, whether this is within a developer’s IDE or a Git-based workflow.

Read Post
Snyk

How AppSec has evolved in 2021: Reddit's perspective

May 3, 2021 By Brian Piper In Snyk

As organizations continue to rely on software for core business processes, application security is an ever-critical consideration. Snyk recently held a roundtable with Reddit to discuss application security in 2021. In this post, we’ll recap the discussion between Guy Podjarny, President & Co-Founder of Snyk, and Spencer Koch, Security Wizard at Reddit.

Read Post
Snyk

Snyk & Intuit roundtable: Breaking silos, engaging with security and developer communities

Apr 30, 2021 By Simon Maple In Snyk

I recently attended a Snyk roundtable with Intuit, and it was such a good session that I wanted to write a post sharing some of the insightful discussion and takeaways — starting with this great artistic impression of the session! As a TL;DR, here are my biggest takeaways from the session.

Read Post
Subscribe to Snyk

Copyright © 2024 OpsMatters™. All rights reserved.