Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

SuiteCRM: PHAR deserialization vulnerability to code execution

SuiteCRM is a free and open source Customer Relationship Management application for servers. This advisory details a PHAR deserialization vulnerability that exists in SuiteCRM which could be leveraged by an authenticated administrator to execute commands on the underlying operating system. This issue has been fixed in release 7.11.19. In PHP, PHAR (PHP Archive) files can be used to package PHP applications and PHP libraries into one archive file.

Snyk Code is now available for free

Snyk’s mission is to empower developers and DevOps teams to secure their applications. As part of that security mission, Snyk offers a Free plan for Snyk Open Source, Snyk Container, and Snyk Infrastructure as Code, so all developers can code securely. Today, we’re excited to announce that Snyk Code is now available for free as well.

Snyk uncovers malicious code activities in open source supply chain security on the npm registry

Open source helps developers build faster. But who’s making sure these open source dependencies (sometimes years out of development) stay secure? In a recent npm security research activity, Snyk uncovered a total of 8 npm packages which matched a specific malicious code vector of attack. This specific attack vector of the malicious packages included packages which had pre/post install scripts, which allowed them to run arbitrary commands when installed.

GitHub Security Code Scanning: Secure your open source dependencies

We are happy to announce Snyk Open Source support for GitHub Security Code Scanning, enabling you to automatically scan your open source dependencies for security vulnerabilities and license issues, as well as view results directly from within GitHub’s Security tab! A key ingredient of Snyk’s developer-first approach is integrating Snyk’s security data into the exact same processes that developers are using, whether this is within a developer’s IDE or a Git-based workflow.

How AppSec has evolved in 2021: Reddit's perspective

As organizations continue to rely on software for core business processes, application security is an ever-critical consideration. Snyk recently held a roundtable with Reddit to discuss application security in 2021. In this post, we’ll recap the discussion between Guy Podjarny, President & Co-Founder of Snyk, and Spencer Koch, Security Wizard at Reddit.

Snyk & Intuit roundtable: Breaking silos, engaging with security and developer communities

I recently attended a Snyk roundtable with Intuit, and it was such a good session that I wanted to write a post sharing some of the insightful discussion and takeaways — starting with this great artistic impression of the session! As a TL;DR, here are my biggest takeaways from the session.

Why developer-first SAST tools are the future of code security

Application security has a broad scope for teams that build and ship cloud native applications. The landscape spans many processes, tools, and team members, and includes anything from automating secure pipelines (hello DevSecOps) to open source security to cloud infrastructure security testing.

Secure Elixir development with Snyk

We’re happy to announce support for Elixir, enabling development and security teams to easily find, prioritize and fix vulnerabilities in the Elixir and Erlang packages they are using to build their applications! Using the Snyk CLI, Elixir developers can now test and monitor their Mix/Hex projects manually or at key steps of their CI process, ensuring that known vulnerabilities are caught early on and before code is deployed into production.