As a leader in applying AI to developer security, Snyk’s approach is unique. Today, we want to provide a glimpse at how Snyk currently uses AI and data science, as well as a sneak peek at what’s to come. Before diving in, we want to highlight two aspects of Snyk’s use of AI to set the stage.
One of the exciting new features discussed at SnykLaunch today was Custom Base Image Recommendations (CBIR). In open beta since late 2022, CBIR is already being used by several organizations. We've been expanding the feature set as we approach general availability to include more flexibility and to incorporate hands-off automation capabilities, allowing users to leverage CBIR in their CI/CD pipelines.
We are thrilled to announce that Snyk has achieved Red Hat Vulnerability Scanner Certification, making it one of the few security platforms to receive this certification from Red Hat. This achievement demonstrates Snyk’s ongoing commitment to providing our customers with the highest level of security assurance for their applications.
Snyk recently hosted a half-day virtual event focused on security for application workloads running on AWS (you can catch it on demand here). The event was broken into six sessions spanning topics like developer challenges in cloud-native AppDev, top vulnerabilities from last year, hands-on workshops with industry-leading technology vendors, and several other subjects that help enable engineering and security teams to build a successful DevSecOps workflow.
At Snyk, we think of developers as citizens of a special community. In that community, your collection of apps is your neighborhood — and your code is your home base; your house. How do you secure a house? With a lock! And how do you make sure no one else can unlock that lock? You keep the key! That’s security ideation at its finest: keys. Just ask Vinz Clortho, Keymaster of Gozer.
Currently, there are a series of data leaks going on in the Netherlands. Blauw, a prominent market research firm in the Netherlands, reported a data leak earlier this week. Blauw offers qualitative market research for companies and events, and works with many big Dutch brands. The current leak of customer data has already resulted in personal data exposure for a substantial number of Dutch consumers.
Last month, Lead Partner Solutions Architect, David Schott, presented a demo on how Snyk works alongside Amazon Web Services (AWS) to identify vulnerabilities at every level of development and infrastructure. David covered why agile development in the cloud requires a different security approach than simply using the IT security methods of the past. Then, he showed a real-time example of how Snyk’s AWS cloud security tools can find and mitigate common vulnerabilities.
Mass assignment is a vulnerability that allows attackers to exploit predictable record patterns and invoke illegal actions. Mass assignment usually occurs when properties are not filtered when binding client-provided data-to-data models. Vulnerabilities of this type allow an attacker to create additional objects in POST request payloads, allowing them to modify properties that should be immutable.
We have grown to expect a reasonable level of privacy and security when we use services on the web and web-based applications. That’s because these services deal with every aspect of our daily lives — from money and finances, to how we interact with government services, to our education or the education of our children, to communicating with friends and family, to healthcare, to simply buying food to eat.
Since the beginning of 2023, Snyk has documented around 6800 malicious packages across PyPI and the npm registry, which requires little to no interaction, almost 860 of which were discovered by us.
