Snyk IaC public beta introduces Terraform plan analysis
We’re happy to share new beta features of Snyk Infrastructure as Code (Snyk IaC) inside the Snyk CLI, adding support for Terraform plan scanning, plus performance and security improvements.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Kubernetes Quick Hits: Use SecurityContext to run containers with a read-only filesystem
In this episode of our Kubernetes Quick Hits video series, Eric Smalling–Sr. In less than four minutes, you’ll learn how to use the readOnlyRootFilesystem control to keep your containers immutable and safe from modification by hackers and misbehaving code. Snyk helps software-driven businesses develop fast and stay secure. In addition to container security scans, Snyk can continuously monitor to find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.
Shifting security left while building a Cloud Native bank
Building a digital bank requires a unique combination of agility and speed while maintaining the highest level of security. Lunar, a digital challenger bank in the Nordics, has always had technology and agility as a differentiator. Lunar was built for the cloud, with Cloud Native principles, such as microservices, containers, and container orchestration amongst others. In this presentation Kasper will present some insights into the principles on which the Lunar infrastructure was built on, the continuous focus on security, and how application security is shifting left and becoming a developer concern.
Developer Security Champions Rule the DevSecOps Revolution
DevSecOps has fundamentally changed the way in which organizations approach security in modern software development. The role of developer security champion was created to meet the need for security to be tightly integrated into DevOps and DevSecOps practices. Read on to learn more about what developer security champions are and how they help promote secure coding best practices as organizations work toward continuous integration and delivery.
Announcing the Snyk Team plan: Secure development for teams
Today we’re excited to announce a new product tier—Snyk Team—designed to help development teams empower themselves to build applications securely, together! No development team wants to write an application that gets hacked—but many don’t have the skills or budget to use the application security tools currently offered in the market.
Welcome to WhiteSource, Diffend!
Today we’re thrilled to announce that Diffend, an innovative software supply chain security service, is now part of WhiteSource. At WhiteSource we believe that open source risk management is a pillar of software supply chain security, and Diffend helps us extend our capabilities in this area. While 99.999% of open source releases may be safe, our customers trust us to help identify the ones that could do harm and should be avoided.
Snyk Maven plugin: Integrated security vulnerability scanning for developers
Maven is the most commonly used build system in the Java ecosystem, and it has been for many years. Building your application with Maven is easy since it takes care of many things for you. In different phases of the Maven lifecycle, it handles things like: With Maven, the development lifecycle happens the same way on every machine for every developer on the team, as well as within the CI pipeline.
When should a startup hire a CSO? Access Control #1 - Donnie Hasseltine
Key Topics on Access Control Podcast: Episode 1 – A Security Chat with Donnie Hasseltine.
The K8s network (security) effect
Around 20 years ago I had the privilege of joining a young company that invented the Firewall – Check Point. I learned most of my networking knowledge and skills at Check Point and, at that time, I was involved in the high end, rapidly evolving internet. This might be the reason why I truly believe that network security must be a layer in the overall security strategy. A few years ago, I came back to Check Point as a cloud security product manager.
Featured Post
4 ways Security and DevOps can collaborate to reduce application vulnerabilities
Today's organisations are operating in a digital landscape filled with complexities and vulnerabilities. Increasingly, the applications and technologies businesses use to facilitate crucial business operations and connect people are at the mercy of cybercriminals - who are eager to attack from the shadows exploiting and stealing sensitive information held within these everyday applications. As such, security and DevOps teams need a collaborative approach to address and triage application vulnerabilities that continually present themselves - despite each team having different overall objectives.