We’re excited to announce the launch support for AWS CloudFormation in Snyk Infrastructure as Code. In our recent Infrastructure as Code Security Insights report, we found that 36% of survey participants were using AWS CloudFormation (CF) as their primary infrastructure as code tool of choice. Using Snyk Infrastructure as Code, you can now scan your CF YAML or JSON templates against our comprehensive set of AWS security rules.
Many people will have heard of the SPDX project through the work on the SPDX License List. This list of canonical identifiers for various software licenses is used in a huge range of developer-focused software, from Snyk to GitHub. But the SPDX project, which is part of the Linux Foundation, has a much broader focus on providing an open standard for communicating software bill of material information.
There are a lot of challenges one might face when trying to identify the best SAST tool for your team. But how do you measure something that is meant to find unknowns? How do you know if the tool is appropriate for your needs? How do you compare different tools? It’s no wonder that we often get asked, “Does Snyk Code have coverage for the OWASP Top 10?” followed by “How do you suggest we evaluate and compare different SAST tools?”
We’re excited to share that we have enhanced our partnership with Atlassian. In support of this partnership, today we are releasing full availability of the new integration, which natively embeds Snyk into Bitbucket Cloud for security. The Snyk security integration is free and easy to set up with just a few clicks inside the Bitbucket Cloud product. For the first time, developers can consume information that was previously only available inside Snyk now within Bitbucket Cloud.
Snyk is a developer-first, cloud native security platform that scans for vulnerabilities across code, dependencies, containers, and infrastructure as code. Snyk does a great job of surfacing vulnerabilities in your codebase, but it can often be challenging to map these issues back to actual services and their owners. Fortunately, Snyk’s robust API can be used to tune Snyk to integrate into solutions designed to help engineering teams understand and improve their service-oriented architecture.
President Biden’s cybersecurity executive order from last month should cause little surprise for anyone following news headlines over the past year. The order is the U.S. Federal Government’s important response to a long list of incidents, starting with the SolarWinds attack and ending with a recent ransomware attack against Colonial Pipeline —- the largest known attack against a US energy firm.
We’re pleased to announce our new extension for Visual Studio, making it easier for developers to stay both secure and compliant as they code within their favorite IDE. The extension supports Visual Studio 2015, 2017, and 2019. Snyk’s new free extension for Visual Studio enables developers to easily find and fix both known vulnerabilities and license issues in their open source dependencies, helping them address security early on and ship secure code faster.
DockerCon 2021 brought containerization experts together to discuss all things Docker, from building containerized applications and running container images to improving container security. In this post, we’ll recap a live panel discussing how container security fits into the new cloud native era, how Red Ventures scaled container security scanning with Snyk, and ways to make vulnerability remediation easier.
Empowering developers to build securely has always been Snyk’s mission. We enable you to find and fix security vulnerabilities in your code and open source dependencies, as well as enable development teams to easily integrate security testing as part of their automated delivery pipelines. Snyk also provides native integrations with leading CI/CD platforms such as Jenkins, TeamCity, and CircleCI. To this end, we are happy to announce Snyk’s latest integration with AWS CodePipeline.
