July 2021 Summaries
8 posts from Snyk
Filter
Month:
Year:
Post Summaries
Back to Blog
Snyk Code has added support for security scanning of C# and .NET projects, expanding its portfolio to include Java, JavaScript, TypeScript, and Python. This move brings the total number of supported languages to five, making it a versatile tool for developers working with various programming languages. With Snyk Code's data flow analysis, it can detect typical injection attacks such as SQL injection, XML injection, and Zip Slip, providing remediation suggestions for .NET projects. The tool supports major frameworks like .NET Framework, .NET Core, ASP.NET, and ASP.NET Core, and allows users to scan source files with a `.cs` ending. Snyk Code is now available for C# projects, enabling developers to secure their code and prevent vulnerabilities in their applications.
Jul 29, 2021
588 words in the original blog post.
Social Trends is a new feature by Snyk that adds social media intelligence to its vulnerability data, providing development and security teams with the ability to prioritize vulnerabilities more effectively. This feature leverages curated and cultivated security expertise from Snyk's Security Research team to provide context on security issues in applications, including signals from social media platforms like Twitter and potentially others. By analyzing discussions around vulnerabilities on these platforms, Social Trends aims to help users focus their efforts on those vulnerabilities posing the greatest risk, reducing the likelihood of exploitation and improving overall security posture.
Jul 28, 2021
1,232 words in the original blog post.
Tamar Yehoshua has joined the Snyk Board of Directors, bringing her experience as Slack's Chief Product Officer and previous leadership roles at Google and Amazon. This new addition aims to empower developers worldwide with fast and secure building practices. With Snyk's rapid growth and mission to pioneer developer-first security, Tamar's expertise will be instrumental in navigating this pivotal phase. The CEO and Tamar express their enthusiasm for working together to expand and diversify the company, while highlighting Snyk's accomplishments as a leader in Cloud Native Application Security.
Jul 26, 2021
405 words in the original blog post.
Snyk Code has been compared to two common SAST tools, LGTM and SonarQube, in terms of speed. The comparison was conducted on 48 JavaScript open source repositories, with the aim of simulating real-world development challenges. Snyk Code proved to be significantly faster than both LGTM and SonarQube, with average scan times being around 22 seconds for Snyk Code, 312 seconds for LGTM, and 110 seconds for SonarQube. The results show that Snyk Code is not only developer-friendly but also provides near real-time feedback, allowing developers to address security issues during the development process without delaying their work. The comparison highlights the importance of speed in SAST solutions, as it enables developers to work efficiently and effectively.
Jul 22, 2021
1,443 words in the original blog post.
Snyk, a company that supports multiple authentication strategies on its APIs, has implemented Gloo Edge, an API Gateway developed by Solo.io, to normalize authentication and improve security. The central monolith was replaced with a service-oriented architecture (SOA) where each service would need to handle multiple authentication strategies, but this became cumbersome and hard to scale. To address this, Snyk introduced a single authority that normalizes authentication into a cryptographically assured identity token, which is then consumed by services without handling the complexity of supporting multiple authentication strategies. Gloo Edge was chosen as the new layer in their system to authenticate requests and produce the normalized token. The API Gateway supports request validation, rate limiting, and authentication, among other features, and allows Snyk to offload lines of code and simplify their authentication process. By moving JWT validation to the edge, Snyk can unify authentication strategies and enable Gloo to make authentication decisions based on key material provided by users. The company is now focusing on future work, including a canary release of all API traffic through Gloo Edge and extending its capabilities to include request validation at the edge.
Jul 20, 2021
1,490 words in the original blog post.
Container image security is a critical aspect of ensuring the integrity and trustworthiness of software applications deployed in containers. To effectively harden your container image security strategy, it's essential to establish a baseline by scanning just your base image before adding modifications, prioritize vulnerabilities based on severity, CVSS score, and availability of fixes, and define a strategy that balances effort and risk. It's also crucial to understand your security boundaries, know your tools, automate remediation, and adopt a developer-first approach to container security. By following these guidelines, you can reduce the vulnerability count in most cases and maintain a secure container image security baseline.
Jul 14, 2021
1,166 words in the original blog post.
This summary provides a detailed overview of managing Node.js Docker images in GitHub Packages using GitHub Actions, including publishing and pulling Docker-based images from the registry. The workflow sets up authentication with GitHub's container registry, builds a Docker image, extracts metadata, and publishes it to the registry. The process also covers how to specify Docker version images to pull and find Docker images in GitHub Packages. Additionally, the summary touches on security best practices and resources for further learning.
Jul 13, 2021
1,791 words in the original blog post.
Visibility, scalability, and relationships are key components of Phil Guimond's approach to secure development and information security program building. Visibility is crucial for prioritizing risk and insights throughout an organization, allowing teams to respond effectively to emerging threats and identify areas for improvement. By leveraging visibility data, organizations can eliminate vulnerabilities, fix issues with minimal effort, and improve incident response capabilities. Scalability is also essential, as it enables teams to handle large-scale security challenges without overwhelming their resources. Phil advocates for a tool consolidation approach, eliminating unnecessary tools and focusing on those that provide real value to the security team and developers. Building relationships with cross-functional teams and vendors can help achieve this goal, while also fostering a culture of collaboration and innovation within the organization. Ultimately, Guimond's approach emphasizes the importance of embracing diverse perspectives, adapting to changing environments, and prioritizing scalability and visibility in information security program development.
Jul 01, 2021
2,244 words in the original blog post.