Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

DevSecOps

What does a modern code security pipeline look like? (Hint: not like a pipeline).

What does a good DevSecOps pipeline should look like from a code security perspective? We hear this question often, and even though there are multiple answers, we’ve put together a blueprint that everybody could easily start with.

Enhancing Code Security with Generative AI: Using Veracode Fix to Secure Code Generated by ChatGPT

Artificial Intelligence (AI) and companion coding can help developers write software faster than ever. However, as companies look to adopt AI-powered companion coding, they must be aware of the strengths and limitations of different approaches – especially regarding code security. Watch this 4-minute video to see a developer generate insecure code with ChatGPT, find the flaw with static analysis, and secure it with Veracode Fix to quickly develop a function without writing any code.

Creating a better internet at IETF117

The other week in San Francisco at IETF117, a group of developers and subject matter experts gathered to do just that. The IETF mission is: “To make the internet work better by producing high quality, relevant technical documents that influence the way people design, use, and manage the internet.” This standards body is quite unique – anyone with the right passion can join. Believe it or not, humming is a measure of consensus.

CodeSecDays conference and more complete security coverage with GitGuardian

As secrets have a role in most security incidents, Snyk is excited to partner with GitGuardian to help development and security teams scale their security programs and further reduce an application's attack surface at every stage of the code-to-cloud lifecycle. We recently spoke at GitGuardian's first digital conference, CodeSecDays, joining security leaders from Chainguard, Doppler, Kondukto, and more — who shared insights on software signing, open source security, and secrets management.

5 tips to supercharge app security from code to cloud

As the partnership between Snyk and GitGuardian continues to grow, we’ve collaborated on a new cheat sheet that identifies key security considerations and tools that can help you mitigate risks and protect your code. The journey from code to cloud and back to code necessitates a holistic approach to security.

C2PA, external manifests, and expanding content provenance

Last month, Adobe’s Chief Trust Officer Dana Rao testified to Congress about the importance of content provenance, encouraging Congress to require platforms to maintain proof of origin for content, ensuring that “attributions are not stripped away, and artists can receive credit for their work.” Following Rao’s testimony, Google, Microsoft, Amazon, and other AI leaders met at the White House to voluntarily agree to “ Develop and deploy mechanisms that enable users to under

Developer-first security to prevent downstream risks

Synopsys and Secure Code Warrior partner for developer-first security. Securing software is paramount to realizing organizations’ need to safeguard sensitive data, ensure uptime of business-critical applications, and protect customers’ best interests. Traditionally, this responsibility has fallen to security and AppSec teams, which own the tools and processes that detect and mitigate security issues in the software pipeline.