Faced with the growing complexity of software development environments, combined with expanding cyber threats and regulatory requirements, AppSec teams find themselves grappling with a daunting array of challenges. While the advent and subsequent adoption of "shift left" methodologies marks a significant and necessary step forward, it is now evident that this approach requires an accompanying mindset shift.

96% of developers use AI coding tools to generate code, detect bugs, and offer documentation or coding suggestions. Developers rely on tools like ChatGPT and GitHub Copilot so much that roughly 80% of them bypass security protocols to use them. That means that whether you discourage AI-generated code in your organization or not, developers will probably use it. And it comes with its fair share of risks. On one hand, AI-generated code helps developers save time.

Node.js backend development continues to stand out in 2024 as a powerful and flexible runtime for building scalable and efficient applications, even more so with the rise of other runtimes such as Bun.

We’re excited to announce that Snyk has now developed an AWS Marketplace add-on for Amazon Elastic Kubernetes Service (Amazon EKS), embedded directly into the AWS Management Console! Snyk joins a small number of approved ISVs around the globe, allowing customers to deploy a Snyk agent on Amazon EKS clusters using the same methods you would use to deploy native AWS services, either manually via the AWS Management Console or by using AWS’ command-line interface (CLI).

If you use expired, moldy ingredients for your dessert, you may get something that looks good but tastes awful. And you definitely wouldn’t want to serve it to guests. Garbage in, garbage out (GIGO) applies to more than just technology and AI. Inputting bad ingredients into a recipe will lead to a potentially poisonous output. Of course, if it looks a little suspicious, you can cover it in frosting, and no one will know. This is the danger we are seeing now.

To address the need for streamlined code changes and rapid feature delivery, CI/CD solutions have become essential. Among these solutions, GitHub Actions, launched in 2018, has quickly garnered significant attention from the security community. Notable findings have been published by companies like Cycode and Praetorian and security researchers such as Teddy Katz and Adnan Khan.