Keeping up with today’s rapidly evolving threat landscape is an ongoing journey for software development enterprises in cloud-native environments, as many struggle to keep their assets and customers secure while keeping up with the competitive pace of software delivery in cloud native environments. Earlier this summer WhiteSource hosted a roundtable discussion with HackerOne, AWS, and IGT about the new security challenges enterprises face as they shift to a digital native environment.

With the rise of security threats comes an increased need for strong security measures, but it’s hard to know where to invest your time and money, especially if you’re a small startup. Who should own security when you first get started? Is it worth it to hire a Chief Security Officer (CSO) right away? Is it better to build out an internal security team or hire an external agency instead?

We’re honored to share that, for the second consecutive year, Snyk has been named to the prestigious Forbes Cloud 100 List, coming in at #39! The full list, unveiled yesterday, is Forbes’ “definitive ranking of the best, brightest, and most valuable private companies in the cloud.” We’re up 47 spots from our ranking last year — a testament to our incredible team, growth, and maturation as a company in 2021 thus far. And it’s only August!

Snyk security policies just got a whole lot more powerful with a new action and two new conditions, helping your development and security teams assess risk and focus resources more efficiently. For developers, the less “noise” the better. Tasked with fixing issues that are simply not important or relevant is a waste of valuable development time and will likely result in creating frustration and mistrust.

Cloud native tooling for authorization is an emerging trend poised to revolutionize how we approach this oft-neglected part of our applications. Open Policy Agent (OPA) is the leading contender to become a de-facto standard for applying policies to many different systems — from workloads running on Kubernetes to requests passing through Istio.

Ruby is a well-defined and thought-out language and has been around since the mid-1990s. In 2004, Ruby incorporated RubyGems as its package manager. RubyGems is used to manage libraries and dependencies in a self-contained format known as a gem. The interface for RubyGems is a command line tool that integrates with the Ruby runtime and allows Gemfiles to be added or updated in a project. I looked at three Ruby platforms and found vulnerabilities that were surprising, even to me.

In a previous post, we presented a step-by-step tutorial on how to publish Node.js Docker images to GitHub Packages registry using GitHub Actions. In this post, we’ll focus on publishing the Docker image that we build to the public Docker Hub registry. Why is this useful you might ask? The Docker command line application docker has a default registry setting for docker.io which points to the Docker Hub registry.

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have published comprehensive recommendations for strengthening the security of an organization’s Kubernetes system to help companies make their Kubernetes environment more difficult to compromise. This 52-page cybersecurity technical report offers practical guidance for admins to manage Kubernetes securely, focusing on the common three sources for a compromised Kubernetes environment.