July 2020 Summaries
3 posts from Snyk
Filter
Month:
Year:
Post Summaries
Back to Blog
Snyk is announcing its developer-first prioritization capabilities, which help development and security teams prioritize fixes for security vulnerabilities in their open source dependencies and containers more effectively. These capabilities aim to address the challenge of effective prioritization by providing a comprehensive suite of tools, including instant prioritization, deep application context, and governance at scale. The new Priority Score is an advanced scoring system that calculates a score ranging from 1-1000 for security vulnerabilities based on factors such as CVSS score, exploit maturity, and reachability. Snyk's Exploit Maturity tool differentiates between vulnerability maturity levels, while Reachable Vulnerabilities provides deeper application-level context to help prioritize issues. Additionally, Snyk is introducing Kubernetes-specific prioritization and Security Policies to automate prioritization across the organization.
Jul 22, 2020
1,604 words in the original blog post.
The financial services sector is undergoing significant changes, including accelerated digital transformation and increased adoption of cloud technologies, which introduces new security risks. Cybercrime remains a major concern for the industry, with malicious actors targeting financial institutions to exploit resources for illegal gains. The intersection of these trends highlights the need for DevSecOps, an approach that integrates development operations with application security to scale security beyond smaller AppSec teams and mitigate breach costs. By adopting DevSecOps, financial institutions can ensure safe digital services experiences while driving business growth and innovation.
Jul 13, 2020
932 words in the original blog post.
Importing an existing infrastructure into Terraform is a crucial step for migrating or expanding an existing codebase, especially when dealing with complex environments. This can be achieved through the use of Terraform's `terraform import` subcommand or using third-party tools like Terraformer to automatically generate infrastructure code from an existing environment. However, simply importing resources may not be enough; it is essential to follow additional steps to ensure that the imported infrastructure is repeatable, secure, and properly configured. This includes ensuring variables are unified, explicitly declaring dependencies, randomizing names to generate unique identifiers, and securing Terraform configurations through tools like Snyk. By following these key steps, developers can create a stable and maintainable Terraform codebase that meets their organization's security and compliance standards.
Jul 02, 2020
1,089 words in the original blog post.