As a developer, you’re probably using some infrastructure cloud provider. And chances are, you automate parts of your infrastructure using infrastructure as code (IaC), so deployments are repeatable, consistent, easily deployable, and overall, more secure because code makes parameters more visible.

Snyk Code is turning one! We’ve hit so many milestones in the last 12 months, and today we invite you to look back, celebrate, and peer into the future of code security with us.

Many companies look to CISOs or compliance teams to manage security throughout software development. But this practice usually keeps security considerations separate from developers. CISOs can assign security tasks to developers, but if developers aren’t thinking about security regularly, those tasks may be overlooked.

You might think of Star Wars as a movie reserved for geeks, but what if I told you that there are deep life lessons that can be applied to developer security practices? Get your lightsaber ready and prepare to dive into JavaScript security! Star Wars is an epic space-based film series written and directed by George Lucas that often needs no introduction. I’m a fan myself, and personally relate to many of the quotes shared by Jedi Knights in the movie series.

In our mission to make Terraform Cloud workflows more streamlined and secure, we’re excited to announce our new native integration into HashiCorp Terraform Cloud. This integration embeds the security expertise and developer-friendly fixes of Snyk Infrastructure as Code (Snyk IaC) directly into Terraform Cloud, making the Terraform Cloud workflow one of the safest ways to provision and manage public cloud infrastructure.

Over the years, as a developer, I’ve built and deployed many applications through digital agencies, side projects, startups, and freelance work. With time-sensitive deadlines, client expectations, and delivery dates to consider, security wasn’t usually top of mind when npm installing an open source package. This often led to reworking and cleanup on deployments that had let in known vulnerabilities, adding to compounding timelines and client disappointment.

Ignore a vulnerability? That sounds like a paradox. Why would anyone want to ignore a vulnerability? While ignoring security issues should not be your default practice, it is still sometimes necessary. Development and security teams today face vulnerability backlogs consisting of thousands of issues. To maintain rapid development, they must be able to effectively prioritize their work.