SolarWinds Orion Security Breach: A Shift In The Software Supply Chain Paradigm

The recent SolarWinds breach highlights a new paradigm in the Software Supply Chain. When compared simply to the code itself without any additional tools, Proprietary Code is no more secure than Open Source. By contrast, many would argue that Open Source Code is more secure due to a faster fix/patch/update cycle and the pervasive access […]

March 1, 2021

Securing your modern software supply chain

Software supply chain security concerns are more prevalent than ever. The U.S. Pentagon, Department of State, Department of Homeland Security, Microsoft, FireEye – this is just a partial list of the government agencies and companies hacked as a result of the attack on SolarWinds’ proprietary software – the Orion network monitoring program. The scope of […]

March 1, 2021

Java configuration: how to prevent security misconfigurations

Java configuration is everywhere. With all the application frameworks that the Java ecosystem has, proper configuration is something that is overlooked easily. However, thinking about Java configuration can also end up in a security issue if it is done in the wrong way. We call this misconfiguration. Security misconfiguration is part of the infamous OWASP […]

February 26, 2021

Snyk IaC scanning enhancements include Azure and AWS infrastructure as code

Recently I wrote about Infrastructure as Code (IaC) and how Snyk’s IaC scanning can help catch issues in your templates before they make it to provisioning.  Our engineering team continues to expand the breadth of our IaC scanning policies to better protect your platforms from vulnerabilities and issues.  In this post, we’ll review the IaC […]

February 23, 2021

How to choose a Software Composition Analysis (SCA) tool

Whether you’re a developer or a security engineer, Software Composition Analysis—or SCA for short—is a term you will start to hear of more and more. If you haven’t already, that is.  The reason for this is simple.  Your company is increasingly relying on open source software and containers to develop its applications and by doing […]

February 22, 2021

10 best practices to build a Java container with Docker

So, you want to build a Java application and run it inside a Docker image? Wouldn’t it be awesome if you knew what best practices to follow when building a Java container with Docker? Let me help you out with this one! In the following cheatsheet, I will provide you with best practices to build […]

February 18, 2021

Snyk-Watcher: keep Snyk in sync

Welcome to Snyk API Wednesdays! This is our newest blog series that highlights the different ways the Snyk API is leveraged by our customers. Snyk’s extensibility and API enable developers to tune Snyk’s security automation to their specific workflows, ensuring both developer experience and consistent platform governance. We’re proud to start the series with a […]

February 17, 2021

Extensibility and the Snyk API: our vision, commitment, and progress

At Snyk, we strongly believe in empowering developers to take ownership of security.  Developers are the builders of today and ultimately hold the keys to successfully securing their code. Only a developer-first approach, one that combines developer-friendly tooling together with guidance by security, can help organizations traverse the path to better-secured applications.  We are continuously […]

February 17, 2021

Snyk kicks off Community Outreach Internship Program

Last fall, we made the decision to launch a Community Outreach Internship Program at Snyk.  Like many across the globe, we at Snyk were troubled by how the economic impacts of covid-19 are disproportionately affecting women and underrepresented minorities, and wanted to ensure that Snyk was playing a role in being a part of the […]

February 11, 2021

AWS vulnerability scanning using the Snyk integration

If you’re using the AWS suite of Kubernetes related tools, you’ll be pleased to know that you can scan with Snyk directly into your workflows there too with integrations into Amazon Elastic Container Registry ( ECR ) and Amazon Elastic Kubernetes Service ( EKS ). Here’s how to get started! During this post I’m going […]

February 10, 2021

The latest Docker Build show features new Snyk & Docker workshop

2020 was a busy year for Docker and Snyk! In the same year, we announced (and released) Snyk-powered vulnerability scanning within Docker Desktop and Docker Hub. We expect 2021 to be bigger as we grow these products and release Snyk-secured Docker Official Images. Snyk and Docker’s goal for our partnership is to help developers more […]

February 4, 2021