Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Posts

Java configuration: how to prevent security misconfigurations

Java configuration is everywhere. With all the application frameworks that the Java ecosystem has, proper configuration is something that is overlooked easily. However, thinking about Java configuration can also end up in a security issue if it is done in the wrong way. We call this misconfiguration. Security misconfiguration is part of the infamous OWASP top 10 vulnerability list and has a prominent spot on place 6.

Snyk IaC scanning enhancements include Azure and AWS infrastructure as code

Recently I wrote about Infrastructure as Code (IaC) and how Snyk’s IaC scanning can help catch issues in your templates before they make it to provisioning. Our engineering team continues to expand the breadth of our IaC scanning policies to better protect your platforms from vulnerabilities and issues.

How to choose a Software Composition Analysis (SCA) tool

Whether you’re a developer or a security engineer, Software Composition Analysis—or SCA for short—is a term you will start to hear of more and more. If you haven’t already, that is. The reason for this is simple. Your company is increasingly relying on open source software and containers to develop its applications and by doing so is introducing risk in the form of security vulnerabilities and license violations.

10 best practices to build a Java container with Docker

So, you want to build a Java application and run it inside a Docker image? Wouldn’t it be awesome if you knew what best practices to follow when building a Java container with Docker? Let me help you out with this one! In the following cheatsheet, I will provide you with best practices to build a production-grade Java container. In the Java container example, I build using these guidelines, I will focus on creating an optimized secure Java container for your application.

Extensibility and the Snyk API: our vision, commitment, and progress

At Snyk, we strongly believe in empowering developers to take ownership of security. Developers are the builders of today and ultimately hold the keys to successfully securing their code. Only a developer-first approach, one that combines developer-friendly tooling together with guidance by security, can help organizations traverse the path to better-secured applications.

The latest Docker Build show features new Snyk & Docker workshop

2020 was a busy year for Docker and Snyk! In the same year, we announced (and released) Snyk-powered vulnerability scanning within Docker Desktop and Docker Hub. We expect 2021 to be bigger as we grow these products and release Snyk-secured Docker Official Images.

The State of Cloud Native Application Security survey-2021

Cloud native application security—or CNAS for short— is our passion here at Snyk. CNAS focuses on the security of your code, open source dependencies, container and infrastructure as code. Snyk is expanding on our annual State of Open Source Security report, by adding a new report in which we take a holistic view of the overall application developers work with on a day to day basis.

Snyk and Rapid7 strengthen partnership to provide a holistic risk assessment solution for container applications

Modern organizations are working hard to differentiate their products and services by creating innovative solutions that their customers can leverage at home and on-the-go, forcing them to consider new, more agile approaches to application development that empower their development teams to accelerate time-to-market, and launch new solutions as quickly as possible.

Identify, prioritize, and fix vulnerabilities with Reachable Vulnerabilities for GitHub

Imagine you are a Java programmer and that you just decided you want to use Snyk Open Source scanning to help you find security problems in your third party libraries. Good call! However, after connecting your repository to the Snyk Open Source scanner, you find out that you have ten or maybe even 50 vulnerabilities in the packages you depend on. The major question is: where do I start?

Guide to Software Composition Analysis (SCA)

2020 was a watershed year for open source. Digital transformation, already gaining momentum before COVID19 hit, suddenly accelerated. More and more companies became software companies, and with this shift—usage of open source peaked. Why? Simply put, open source enables development teams to deliver value more rapidly and more frequently, thus enabling their companies to better compete in their respective markets.