June 2019 Summaries
4 posts from Snyk
Filter
Month:
Year:
Post Summaries
Back to Blog
Best practices for secrets management in serverless applications are crucial to prevent sensitive information exposure, as users often store secrets in source code or manifest files, leading to potential security breaches and vulnerabilities. To securely manage secrets, it is recommended to use a secure storage solution such as AWS Simple Systems Manager or Hashicorp's Vault, which can fetch encrypted values and provide automatic key rotation, greatly reducing the chance of sensitive information exposure. Storing keys in secret storage mitigates risks associated with storing sensitive information in static files within source code repositories or environment variables. Using secure storage solutions and implementing best practices such as rotating keys regularly can significantly improve security in serverless applications.
Jun 13, 2019
709 words in the original blog post.
Visualizing your cloud infrastructure is crucial for gaining visibility into your resources, identifying misconfigurations, and demonstrating compliance. Fugue's auto-generated visual diagrams enable teams to work visually, improving communication and workflows between cloud teams. With this feature, organizations can understand their cloud resources, identify compliance violations, and demonstrate compliance with various standards. Additionally, cloud resource visualization helps teams make sense of infrastructure changes, validate changes, and prioritize remediation. This tool is designed for DevOps teams, security engineers, and compliance analysts to improve their workflows and ensure the security and safety of their cloud environments.
Jun 11, 2019
650 words in the original blog post.
We've made significant strides in container security with the addition of features like manual image import and Dockerfile remediation instructions, while also enhancing integrations with Bitbucket Cloud, Jenkins, and expanding support for the Snyk API.
Jun 10, 2019
346 words in the original blog post.
Npm, a package manager for JavaScript packages, has reached its one millionth package milestone, marking a significant achievement in its growth since its creation in 2010. The platform's popularity has grown exponentially over the past few years, with its top ten most popular packages including debug, kind-of, and supports-color, which have seen millions of weekly downloads. Despite the large number of packages available, npm has made efforts to improve security, including a tightened unpublishing policy and a malicious package incident in 2018. The platform's growth has also led to an increase in vulnerability incidents, with many packages containing known vulnerabilities, highlighting the importance of using secure versions of open-source packages.
Jun 04, 2019
872 words in the original blog post.