Product

Learn more about new features and Snyk product announcements.

Automate container security with Dockerfile pull requests

Integration with your source code managers and issuing pull requests to fix issues has been part of Snyk’s success in helping our customers fix application dependencies for several years. Now, we want to help you address container security in a similar way. We’re happy to share that we are extending Snyk Container by helping you […]

March 16, 2021

Defining Developer-first Container Security

Have you shifted left, yet? That’s the big trend, isn’t it? It’s meant to signal a movement of security responsibilities, moving from central IT teams over to developers, but that’s trickier than it sounds. Simply taking tools that are intended for use by security experts and making them run earlier in the supply chain does […]

March 16, 2021

Snyk’s new vulnerability cards – fix issues fast with a new look and feel

One of our missions at Snyk is a simple one: help developers fix things easily. We further our mission by releasing features and improvements as quickly as possible, but it’s also just as important that developers have an experience which helps them gain as much value from Snyk as possible. This includes being able to […]

March 2, 2021

Snyk-Watcher: keep Snyk in sync

Welcome to Snyk API Wednesdays! This is our newest blog series that highlights the different ways the Snyk API is leveraged by our customers. Snyk’s extensibility and API enable developers to tune Snyk’s security automation to their specific workflows, ensuring both developer experience and consistent platform governance. We’re proud to start the series with a […]

February 17, 2021

Extensibility and the Snyk API: our vision, commitment, and progress

At Snyk, we strongly believe in empowering developers to take ownership of security.  Developers are the builders of today and ultimately hold the keys to successfully securing their code. Only a developer-first approach, one that combines developer-friendly tooling together with guidance by security, can help organizations traverse the path to better-secured applications.  We are continuously […]

February 17, 2021

Identify, prioritize, and fix vulnerabilities with Reachable Vulnerabilities for GitHub

Imagine you are a Java programmer and that you just decided you want to use Snyk Open Source scanning to help you find security problems in your third party libraries. Good call!  However, after connecting your repository to the Snyk Open Source scanner, you find out that you have ten or maybe even 50 vulnerabilities […]

January 28, 2021

Golang security: access restriction bypass vulnerability in JWT

Back in July, the Snyk security team was alerted about a potential security issue in the JWT package. This package provides a Go implementation of JSON web tokens and the issue that was discovered related to a function called VerifyAudience that was not working as expected. The function allowed passing a double quotes (“”) value […]

December 22, 2020

Blazing the trail for cloud native application security

2020 was an incredibly challenging year for all of us but with the dawn of a new year just over the horizon, it’s a great opportunity as any to take a few moments to appreciate the work done by our engineering and product teams. Hard work that was executed under difficult and strenuous circumstances and […]

December 21, 2020

Go security: announcing enhanced security for Go applications

We’re happy to announce enhanced support for Go security in Snyk Open Source and Snyk Container, enabling development and security teams to find and fix vulnerabilities in their Go applications more efficiently! Go developers can now test and monitor their Go projects across the different stages of the SDLC—starting as far left as their first […]

December 16, 2020

Snyk CLI cheatsheet

The Snyk CLI is an excellent and powerful tool to scan your applications, containers, and infrastructure as code for security vulnerabilities. In this cheatsheet, we will look at the most powerful features our CLI has to offer. You can use the CLI for scanning and monitoring on your local machine, but you can also integrate […]

November 26, 2020

The new, improved Snyk Container CLI

As more and more of you adopt containers for packaging up your applications, identifying vulnerabilities in them before you ship them is becoming incredibly important. Snyk has had the ability to test your Docker images using our CLI for over a year now. With the latest release of the CLI, we’re improving the user experience […]

October 29, 2020