With the rise in popularity of technologies such as HashiCorp Terraform, Docker, and Kubernetes, developers are writing and maintaining more and more configurations in addition to building the application itself. The growing use of infrastructure as code presents security complexity and the potential for risk that developers often struggle with as their workloads increase and more advanced skills are required.
Today’s the first day of October as well as the first day of the 18th annual Cybersecurity Awareness Month. The purpose of Cybersecurity Awareness Month is not only to raise awareness about the importance of cybersecurity, but also to inspire people to improve their cybersecurity posture: whether that be through implementing multi-factor authentication, not clicking that suspicious email attachment, or even writing code more securely by utilizing a tool like Snyk. =)
In 2019, Snyk released its first Python cheat sheet. Since then, many aspects of Python security have changed. Using our learnings as a developer security company — as well as Python-specific best practices — we compiled this updated cheat sheet to make sure you keep your Python code secure. And before going any further, I need to give special thanks to Chibo and Daniel for their help with this cheat sheet!
We’re excited to share that you can now use Snyk Container to scan container images stored in many more container registries. The latest additions include Github Container Registry, Nexus, DigitalOcean, GitLab Container Registry, and Google Artifact Registry.
Snyk is on the mission to make Static Application Security Testing (SAST) tools work for developers throughout the DevOps pipeline. Snyk Code scans in real time with high accuracy — and it does it right from the tools and workflows developers are already using. For example, the IDE plugins for IntelliJ, PyCharm, WebStorm, and Visual Studio Code make it easy to code, scan and fix even before code hits the version management.
We’re excited to announce two big updates to our Snyk User Content platform. You can now get better, quicker, clearer access to Snyk user documentation, allowing you to find the information you need, to get more and better use of your Snyk platform. This will help you implement, enable, and configure your Snyk integration, leading to a faster and smoother adoption and usage of Snyk at your company. Here are the enhancements to our User Content platform.
Python has been deemed as a “simple” language — easy to use and easy to develop scripts to do numerous tasks — from web scraping to automation to building large-scale web applications and even performing data science. However, dependencies are managed quite differently in Python than in other languages, and the myriad options of setting up an environment and package managers only add to the confusion.
On February 9, 2021, Alex Birsan disclosed his aptly named security research, dependency confusion. In his disclosure, he describes how a novel supply chain attack that exploits misconfiguration by developers, as well as design flaws of numerous package managers in the open source language-based software ecosystems, allowed him to gain access and exfiltrate data from companies such as Yelp, Tesla, Apple, Microsoft, and others.