Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Today, we announced the exciting news that Snyk has acquired Probely, a fast-growing modern provider of API Security Testing and Dynamic Application Security Testing (DAST). With this addition, Snyk now offers a full range of development and application security solutions, with customers immediately benefiting from a broader range of developer friendly testing techniques.

How often are you surprised by a threat or vulnerability from a software asset you never knew existed? For many companies, the answer is, “More often than we’d like.” This is because you can’t protect what you can’t see. Full visibility across the entire software supply chain is a must for AppSec teams, but this comprehensive view across the attack surface can be elusive.

Terraform is today’s leading Infrastructure-as-Code platform, relied upon by organizations ranging from small startups to multinational corporations. It enables teams to declaratively manage their cloud or on-premises infrastructure, allowing them to provision or decommission infrastructure components simply, consistently, and with auditability.

Most, if not all, of us in the software development space have benefitted from community-driven projects at some point. We’ve tapped into open source libraries, searched for advice on Reddit, and posted our seemingly unsolvable questions on Stack Overflow. But you might be missing out on a community project that especially excites me. It’s the Web Almanac, a collaborative report that provides tons of valuable insights into how people build and use the web.

On October 31st, 2024, another package compromise and cryptocurrency hijack story unfolded for a popular npm package.

7 hours. That’s how long, on average, a developer takes to remediate a security issue in their code. Vulnerability detection is improving rapidly and scaling, but remediating security risks is still a tedious, time-consuming process that takes developers away from their core work. And now, with AI-generated code introducing vulnerabilities at greater speed and volume than ever before, remediation is taking even more time.

Continuous vulnerability management is not just a best practice—it's a necessity. With so many open-source dependencies to choose from (almost 3 million on the npm registry!), it’s no wonder supply chain security incidents are the focus of malicious actors. Let’s not forget the rise of ChatGPT, LLM chatbots, and AI-assisted code generation.