hello.js

var please = require('share');
console.log('thank you');

Tuesday, 21 August, 2018 UTC

Importing projects via the API

Importing projects via the API

We’ve just released a shiny new API endpoint that will let you import your repositories, projects, functions and apps so that they are monitored for vulnerabilities. It’s really very simple to use. You make a request with the integration you wish to ... more


Thursday, 16 August, 2018 UTC

10 Spring Boot Security Best Practices

10 Spring Boot Security Best Practices

DOWNLOAD THE CHEAT SHEET! This month’s cheat sheet is about how you can secure your Spring Boot application. Spring Boot has dramatically simplified the development of Spring applications. Its autoconfiguration and starter dependencies reduce the amount ... more


Wednesday, 15 August, 2018 UTC

Behind the Disclosure: The Zip Slip Vulnerability

Behind the Disclosure: The Zip Slip Vulnerability

In June 2018, the Snyk research team found many exploitable instances of the Zip Slip vulnerability in various ecosystems that affected thousands of applications. This kind of wide reaching vulnerability requires a well thought out private disclosure ... more


Wednesday, 1 August, 2018 UTC

How to crash an email server with a single email

How to crash an email server with a single email

Five of the most popular email parsers for Node.js have recently been found to be susceptible to a trivial denial of service (DoS) vulnerability. The vulnerability can be exploited by packing a few million empty attachments in a email that will bypass ... more


Thursday, 28 June, 2018 UTC

Container Vulnerability Management For Developers

Container Vulnerability Management For Developers

Today Snyk released a container vulnerability management solution which empowers developers to fully own the security of their Dockerized application! Containers are becoming the standard form in which applications are packaged and executed, so the need ... more


Wednesday, 27 June, 2018 UTC

The Most Common Vulnerabilities in Maven and npm

The Most Common Vulnerabilities in Maven and npm

The full version of this blog entry was originally posted by Snyk as a guest post on the Cloud Foundry blog. In this post we’ll look at the most common types of vulnerabilities for two of the main ecosystems we track in our vulnerability database, namely ... more


Tuesday, 5 June, 2018 UTC

Public Disclosure of a Critical Arbitrary File Overwrite Vulnerability: Zip Slip

Public Disclosure of a Critical Arbitrary File Overwrite Vulnerability: Zip Slip

The Snyk Security team is today announcing the public disclosure of a critical arbitrary file overwrite vulnerability called Zip Slip. It is a widespread vulnerability which typically results in remote command execution. The vulnerability affects thousands ... more


Wednesday, 30 May, 2018 UTC

10 GitHub Security Best Practices

10 GitHub Security Best Practices

In the second installment of our cheat sheet series, we’re going to cover how you can be more secure as a GitHub user or contributor. Much of it is specific to GitHub, but there’s also general advice in both the cheat sheet and this blog that is applicable ... more


Wednesday, 11 April, 2018 UTC

JavaScript and Node.js Security – The Common Pitfalls

JavaScript and Node.js Security – The Common Pitfalls

JavaScript and Node.js have shown themselves to be amazing platforms. Their sheer ease of use has empowered an entire community of creative individuals to build amazing things. Like in all cases, however, amongst the goodness lurk some risks. Nobody’s ... more


Thursday, 5 April, 2018 UTC

Attacking an FTP Client: MGETting more than you bargained for

Attacking an FTP Client: MGETting more than you bargained for

Introduction We often hear about vulnerabilities in HTTP clients, such as web browsers, that are typically exploited by malicious web content, there’s nothing new here. But did you know that the FTP clients themselves can also have vulnerabilities that ... more


Thursday, 8 March, 2018 UTC

Snyk $7M Series A - and a huge thanks!

Snyk $7M Series A - and a huge thanks!

On Tuesday we announced our $7M series A! This funding is a great testament to the importance of having developers own security and the critical need to secure our use of open source code. It’s also a humbling show of faith in our product and team, who ... more


Thursday, 1 March, 2018 UTC

JFrog Xray+Snyk... good, better, best!

JFrog Xray+Snyk... good, better, best!

With the launch of Xray, JFrog has pioneered the binary scanning space providing radical transparency and unparalleled insight into your software architecture. Snyk’s integration into Xray expands on that to take Xray up the stack and provide scanning ... more


Thursday, 15 February, 2018 UTC

Suppressing issues in Snyk

Suppressing issues in Snyk

Ignoring security issues shouldn’t be the default action, but it is sometimes necessary. Snyk only validates vulnerabilities that exist in dependent components, so it has a relatively low false-positive rate (which should reduce the need to ignore), ... more


Thursday, 25 January, 2018 UTC

Where do security patches come from?

Where do security patches come from?

Known vulnerabilities in software is a widely known problem, and was the cause of some of the world’s biggest security breaches, including the Mossack Fonesca (Panama Papers) breach, the VerticalScope breach in which 45 million passwords and IP addresses ... more


Thursday, 11 January, 2018 UTC

npm Shrinkwrap Reloaded: Locking npm Deps with Package-Lock and Yarn.Lock

npm Shrinkwrap Reloaded: Locking npm Deps with Package-Lock and Yarn.Lock

In 2016 dependency management made headlines around the world, when an unknown developer unpublished a tiny Node.js package called left-pad, broke thousands of projects which depended on that package, and brought down some of the world’s biggest websites. ... more


Wednesday, 3 January, 2018 UTC

Using the Snyk API to get your vulnerabilities

Using the Snyk API to get your vulnerabilities

Illustration by Lou Reade. In this blog post, you will learn how to use the Snyk API to retrieve all the issues associated with a given project. There are several reasons you may find it valuable, notably pulling them into your reports and dashboards, ... more


Thursday, 21 December, 2017 UTC

Announcing Snyk for .NET, Go and PHP

Announcing Snyk for .NET, Go and PHP

The holiday season is around the corner, and we thought, why not give a modest gift of our own to Snyk’s growing community? Snyk has always been committed to making it easy to use open-source code without compromising security. Today, we’re taking another ... more


Tuesday, 5 December, 2017 UTC

Bower is dead, long live npm. And Yarn. And webpack.

Bower is dead, long live npm. And Yarn. And webpack.

Bower is no longer the dependency manager of choice for front-end projects. While the open source project is still maintained, its creators decided to deprecate it, and advise how to migrate to other solutions—namely Yarn and webpack. In this post, we ... more


Tuesday, 21 November, 2017 UTC

77% of 433,000 Sites Use Vulnerable JavaScript Libraries

77% of 433,000 Sites Use Vulnerable JavaScript Libraries

Last week, we released our first annual State of Open Source Security report. One of the discoveries the report mentions is that an analysis of around 433,000 sites found that 77% of them use at least one front-end JavaScript library with a known security ... more


Thursday, 16 November, 2017 UTC

Announcing the 2017 State of Open Source Security Report

Announcing the 2017 State of Open Source Security Report

Today we’re excited to launch the 2017 State of Open Source Security Report! You can download the full report as a free PDF, or visit https://snyk.io/stateofossecurity/ for an overview of the findings. Open source is awesome and rapidly growing. The ... more


Wednesday, 1 November, 2017 UTC

MIT, Apache 2 or BSD license: Who is the fairest of them all?

MIT, Apache 2 or BSD license: Who is the fairest of them all?

In 1997, Eric Raymond published his landmark essay “The Cathedral and the Bazaar”, which became the manifesto for the open source movement. He set forward principles like “plan to throw one version away”, “release early, release often”, and “given enough ... more


Friday, 27 October, 2017 UTC

Snyk is Now Integrated with Chrome's Lighthouse

Snyk is Now Integrated with Chrome's Lighthouse

Today we have another exciting announcement: Snyk is now powering the brand-new vulnerable JavaScript audit in Google Chrome’s Lighthouse, the auditing tool built by the Google Chrome team that checks for how performance, accessible and secure your site ... more


Wednesday, 25 October, 2017 UTC

Announcing Snyk-Powered Linting in Sonar

Announcing Snyk-Powered Linting in Sonar

We’re proud to announce that Snyk now powers the vulnerable JavaScript libraries linter in Sonar—an open-source linting tool for developers lead by a bunch of folks from Microsoft. Earlier this year we ran a test on the top 5,000 URL’s on the web and ... more


Thursday, 21 September, 2017 UTC

Launching the State of Open Source Security Survey

Launching the State of Open Source Security Survey

Earlier this week, we kicked off The State of Open Source Security survey. Our goal is to help all of us understand where we stand when it comes to building and consuming open source in a way that keeps us and the data we hold safe. We’ve made the survey ... more


Monday, 11 September, 2017 UTC

Open source vulnerabilities tripped Equifax, how can you defend yourself?

Open source vulnerabilities tripped Equifax, how can you defend yourself?

Equifax, a credit monitoring giant, disclosed last week it was breached, exposing highly personal data of 143 million people, and stated the root cause was vulnerability in Apache Struts, a highly popular Java library. The company fumbled its response ... more


Thursday, 24 August, 2017 UTC

Snyk and Atlassian, Sitting in a Tree

Snyk and Atlassian, Sitting in a Tree

With Snyk support for Bitbucket Server now out of beta, you can tightly integrate Snyk with your Atlassian workflow from start to finish—from easily monitoring your projects, to integration with Bitbucket pipelines and even JIRA ticket creation. Bitbucket ... more


Wednesday, 2 August, 2017 UTC

Announcing Snyk for Gradle, Scala and Python

Announcing Snyk for Gradle, Scala and Python

Since we launched nearly two years ago, Snyk has been focused on making it easier to use open-source code without compromising security. Initially, we focused on Node.js, making sure we built up a robust, developer-friendly tool in the process. Since ... more


Thursday, 29 June, 2017 UTC

Getting the Most Out of Snyk Test with JSON

Getting the Most Out of Snyk Test with JSON

Running snyk test will scan your application’s dependencies and test to see if any of them contain known vulnerabilities. If any vulnerabilities are discovered, the command will result in an error and output information about the vulnerability, and how ... more


Friday, 9 June, 2017 UTC

XSS Attacks: The Next Wave

XSS Attacks: The Next Wave

Has the XSS threat died down? It’s been over 10 years since Cross Site Scripting (XSS) became big news, awareness has grown and defenses have become much more sophisticated. But recent data paints a different story: XSS attacks grew 39% in Q1 of 2017, ... more


Wednesday, 7 June, 2017 UTC

Bitbucket Server Integration in Beta

Bitbucket Server Integration in Beta

Hot on the heels of the launch of Snyk serverless integration for Heroku and AWS Lambda, we are launching our next integration with Bitbucket Server, Atlassian’s Git solution for professional teams. The integration is currently in beta, and we’re looking ... more