Earlier in the year, over 500 malicious packages were released into the npm ecosystem to create dependency confusion. Let’s look at some ways to help protect applications from dependency injection. ... more
You might think of Star Wars as a movie reserved for geeks, but what if I told you that there are deep life lessons that can be applied to developer security practices? Get your lightsaber ready and prepare to dive into JavaScript security! ... more
Vue.js users using the dependency “node-ipc” are experiencing a supply chain attack protesting the invasion of Ukraine, from a package named “peacenotwar”. ... more
Snyk Code, the AI-based static application security testing (SAST) tool, now offers Python as a supported development language (beta). Snyk Code already fully supports Java, JavaScript, and TypeScript. ... more
Fancy learning front-end security concepts while also learning how to deploy a static website on Netlify? Ready to learn how you can automatically detect and fix vulnerable JavaScript dependencies? Jump right in. In this article we’ll use the following: ... more
Welcome to the Snyk Monthly Vulnerability Profile. In this series, Snyk looks back on the vulnerabilities discovered by or reported to our Security Research Team. We choose one noteworthy vulnerability from the past month and tell the story behind the ... more
On March 11th, 2020, Snyk published a medium severity prototype pollution security vulnerability (CVE-2020-7598) affecting the minimist npm package. This is part of an ongoing research by the Snyk security research team which had previously uncovered ... more
Open source security is our passion here at Snyk. Every year starting in 2017, Snyk has produced our annual State of Open Source Security report. In this report, we analyze the trends in open source security and how organizations are managing security ... more
A backdoor in our code that can perform OS injection is one of the most scary scenarios ever. Currently, npm has more than 1.2M of public packages available. For the last 3 years, our dependencies have become the perfect target for cybercriminals. We ... more
In this security best practices cheatsheet, we focus on AngularJS and discuss tips and guidelines that ensure secure coding practices. In essence, this cheatsheet is a collection of AngularJS security fundamentals for web developers. Download AngularJS ... more
On April 9th Francesco Soncina –also known as phra on the HackerOne security bug bounty platform– reported a Server-side JavaScript code injection vulnerability to the Node.js Security working group. This vulnerability, initially identified Fastify, ... more
We’re pleased to announce the graduation of Automatic Dependency Upgrades, a Snyk Open Source capability that helps developers proactively reduce security vulnerabilities and maintain dependency health when using open source software. Automatic Dependency ... more
If you run a website, whether this is a full-fledged SaaS web application or a small blog — built by Gatsby, WordPress, or an indie GitHub Pages setup — one of the key concerns you want to mitigate is security vulnerabilities. Security vulnerabilities ... more
As we wrap up February, dive into the JVM Ecosystem report, tune into DevSecOps learnings, catch up on the latest Snyk product updates, and mark your calendar for KubeCon EU! Security news New! JVM ecosystem report 2020 Insights based on a global developer ... more
Connecting Snyk with the repositories you’ve stored in a source code management system such as GitHub or GitLab and then importing your projects to Snyk is a great way to leverage and benefit from security application testing throughout your core application ... more
I recently worked on a simple static website for an open source project I have and took Gatsby for a spin along with one of the theme starters. To serve the web pages, I decided to host my Gatsby generated static website on GitHub pages where I also ... more
We are excited to announce the release of a new way to take action on the deep insights Snyk offers regarding security and project health—auto upgrades. Where Snyk’s automated fix pull requests (PRs) apply targeted vulnerability fixes to make the smallest ... more
Welcome to Snyk’s State of JavaScript frameworks security report 2019. In this section, we review the security risk of the indirect independencies for both Angular and React, and then we also review the direct dependencies, first for Angular and then ... more
Welcome to Snyk’s State of JavaScript frameworks security report 2019, this section of the report is about Angular and React projects overall security posture. In this section, we explore both the Angular and the React project security postures. This ... more
Welcome to Snyk’s State of JavaScript frameworks security report 2019. In this blog post we’ll review security vulnerabilities found in other frontend ecosystem projects. After reviewing Angular and React as major JavaScript frameworks, we’ll take a ... more
Welcome to Snyk’s State of JavaScript frameworks security report 2019. In this section, we review the impact that security vulnerabilities can have by looking at the severity, CVSS scores and more over the years for both Angular and React. Furthermore, ... more
Welcome to Snyk’s State of JavaScript frameworks security report 2019. Download the Report here Let’s begin this report by exploring the different security vulnerabilities found in the core Angular and React projects. We then review the severity breakdown ... more
Remember our previous blog post on the new PCI standards and how to comply? We recently hosted a webinar to break down what’s important to take away from the latest update, far beyond the fundamentals. During the session, Jim Manico (founder at Manicode) ... more
In the State of Open Source Security Report 2019, we set out to measure the pulse of the open source security landscape throughout the different language ecosystems and have analyzed responses from over five hundred open source maintainers and users ... more
I recently started playing around with the idea of threat modeling packages on the npm ecosystem. Can an event-stream incident happen again? How about other supply chain attacks? What will be the next vector of attack that we haven’t seen yet and might ... more
Think about the most important container image that you have running in production right now. How did you choose its base image? Do you know how many vulnerabilities that base image has? Wouldn’t you like to know? Here at Snyk we try to make the process ... more
In this cheat sheet edition, we’re going to focus on ten Java security best practices for both open source maintainers and developers. This cheat sheet is a collaboration between Brian Vermeer, Developer Advocate for Snyk and Jim Manico, Java Champion ... more
In continuation to the 10 npm security best practices guide we published earlier this year, I’d like to further explore how to make it easier to switch between different Node.js versions and to switch between different npm registries while working in ... more
We are excited to share that starting today, you can make sure that vulnerable artifacts will not be used in your organization by using Snyk’s Artifactory plugin! Snyk as your Artifactory gatekeeper Snyk’s Artifactory plugin allows your team to define ... more