Earlier this year, we announced the beta support for Python in Snyk Code. This beta period gave us the chance to let customers have access to our extensive collection of Python rules while we finished our knowledge base review and added curated content. We are happy to announce that this work has concluded, and Python is now a fully supported language. 🐍 🎉

In previous posts we explored the potential for intent-based Android security vulnerabilities and then used Snyk Code to find exploits in popular apps on the Google Play store. If you know Snyk, you also know there’s no way we can just point out vulnerabilities and not recommend fixes. Analyzing such an extensive dataset enabled us to review a lot of code.

We have more than a few reasons to be thrilled with the results of the 2021 Gartner Magic Quadrant for Application Security Testing. In our debut on the report, Snyk has been recognized as a Visionary. Additionally, we are placed furthest in the Visionaries quadrant for both Completeness of Vision and Ability to Execute, and second-furthest for Completeness of Vision in the overall Magic Quadrant.

We are honored to share that Snyk has been named to the ninth annual CNBC Disruptor 50 List, coming in at #15! The full list, unveiled earlier this week, identifies 50 private companies “aligned with today’s rapid pace of technological change and poised to emerge from the pandemic as the next generation of business leaders.” The pandemic accelerated digital transformation and associated cybersecurity concerns.

In our previous blog, we explored the nature of intent-based Android security vulnerabilities. Now we’re going to dive into how we performed our security analysis on apps in the Google Play Store with Snyk Code.

We have been witnessing an ever growing amount of supply chain security incidents in the wild. Everything from open source package managers security flaws being exploited to continuous integration systems being compromised to software artifacts being backdoored. And now, those incidents are starting to extend to the place where developers spend most of their time: their integrated development environment, and specifically the Visual Studio Code IDE.

To stay ahead of attackers, we constantly monitor various security threats. One of these threats — supply chain attacks — aims to compromise an organization through its software development process. Recently, a huge spike in supply chain attacks was observed — dependency confusion was discovered, the SolarWinds breach was reported and more malicious packages were flagged. This certainly drew our attention (as well as the rest of the world’s)!