Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Making frequent changes to cloud applications running in production is the de-facto standard. To minimize errors, engineers use CI/CD automation, techniques like code reviews, green-blue deployments and others. Git pull requests often serve as a foundational component for triggering code reviews, Slack notifications, and subsequent automation such as testing and deployments. This automated process enforces peer reviews and creates enough visibility to minimize human error.

Open source helps developers build faster. But who’s making sure these open source dependencies (sometimes years out of development) stay secure? In a recent npm security research activity, Snyk uncovered a total of 8 npm packages which matched a specific malicious code vector of attack. This specific attack vector of the malicious packages included packages which had pre/post install scripts, which allowed them to run arbitrary commands when installed.

Writing a web application that supports securely logging into a website and managing your credentials is a surprisingly difficult task. You have to develop a way to manage sessions, understand how browsers store state (cookies), learn a cryptographically safe password storing technique (like bcrypt), all the while making sure you mitigate common web security vulnerabilities like XSS and CSRF.

Kubernetes developers and platform engineers are typically under a metric ton of pressure to keep app deployments humming at a brisk pace. With the scale and power of Kubernetes, this can feel daunting. Maybe you’re a retailer launching a new e-commerce feature for a huge sale. Maybe you’re a bank that’s scaling a finance app worldwide. In either case, compromises always get made in the interest of speed and schedules.

We are happy to announce Snyk Open Source support for GitHub Security Code Scanning, enabling you to automatically scan your open source dependencies for security vulnerabilities and license issues, as well as view results directly from within GitHub’s Security tab! A key ingredient of Snyk’s developer-first approach is integrating Snyk’s security data into the exact same processes that developers are using, whether this is within a developer’s IDE or a Git-based workflow.

As organizations continue to rely on software for core business processes, application security is an ever-critical consideration. Snyk recently held a roundtable with Reddit to discuss application security in 2021. In this post, we’ll recap the discussion between Guy Podjarny, President & Co-Founder of Snyk, and Spencer Koch, Security Wizard at Reddit.