Home / Companies / Snyk / Blog / September 2021

September 2021 Summaries

9 posts from Snyk

Filter
Month: Year:
Post Summaries Back to Blog
IaC authors can ignore irrelevant security vulnerabilities to improve their focus on critical issues, and Snyk Infrastructure as Code (Snyk IaC) allows them to do so by generating a .snyk policy file that enables automatic ignoring of specific issues. By configuring the policy file, users can scope ignore rules to individual files or resources, helping them prioritize security efforts and avoid wasted effort on non-critical vulnerabilities. This approach supports secure infrastructure from the source, automating IaC security and compliance in workflows.
Sep 29, 2021 1,004 words in the original blog post.
The Snyk Awards, also known as the Snykie Awards, are being held to recognize developers who prioritize security during development and make significant contributions to secure coding practices. The first round of awards will focus on Secure Development, with nominees recognized for their efforts in catching vulnerabilities, introducing new processes or tools, and promoting a culture of security within their organizations. Nominations are now open, and the Snyk Awards committee will review submissions to select the winners, who will receive swag gift, social recognition, blog post recognition, and other rewards. The awards aim to appreciate and encourage secure development practices, ultimately benefiting the broader community by promoting a more secure world.
Sep 28, 2021 427 words in the original blog post.
The Python security best practices cheat sheet provides guidance for developers to maintain Python code security. It covers various aspects such as sanitizing external data, scanning your code, being careful when downloading packages, reviewing dependency licenses, using virtual environments, setting DEBUG = False in production, and being cautious with string formatting and serialization. The cheat sheet emphasizes the importance of assuming malicious packages exist in PyPI, using tools like Snyk Advisor to check package security, and leveraging type annotations for better code quality and security.
Sep 27, 2021 2,241 words in the original blog post.
The Snyk Code CLI is now available in public beta, allowing developers to easily integrate Static Application Security Testing (SAST) tools into their DevOps pipeline. The CLI supports real-time scanning of code with high accuracy, and can be triggered automatically as part of the CI/CD process. Developers can scan legacy code or perform a code review using the web-based UI. The CLI provides a data format called SARIF, which contains detailed information about vulnerabilities found in the code, including severity levels and recommended remediations. The CLI also supports filtering on severity level using the parameter --severity-threshold. To get started with Snyk Code, developers need to have the latest Snyk CLI installed, Snyk Code enabled for their org, and a Snyk Code-activated account on Snyk.
Sep 21, 2021 1,619 words in the original blog post.
The Linux Foundation hosts an annual event called the Open Source Summit, which features expert speakers from the open source community and includes talks on various topics such as DevOps, security, and cloud-native applications. Snyk will be sponsoring the event and presenting several talks related to open source security, including a live hacking workshop about securing Kubernetes configurations. The company has been working closely with the Linux Foundation to improve code security through their jointly developed LFX security tool, which aggregates security data and provides scanning engine expertise. Snyk is also involved in various other projects focused on application security across different areas of open source software development. During the summit, Snyk will host four talks about open source application security, covering topics such as software supply chain security, Kubernetes configuration security, nurturing women in the InfoSec community, and open source tooling for software bill of materials. The company is excited to be a sponsor at the event and invites attendees to learn more about open source application security.
Sep 16, 2021 680 words in the original blog post.
A soft introduction to Python dependency management explores the intricacies of managing dependencies in Python, a language known for its simplicity and ease of use. An interpreted language, Python relies on an interpreter to execute code, rather than compiling it into machine code beforehand. Dependencies are managed through package managers like pip, which can be used to install required libraries and ensure version compatibility. The article discusses the importance of performing due diligence on package health, security, and license risks. It also introduces popular dependency managers such as Poetry, pyenv, and Setuptools, each with their strengths and weaknesses. Additionally, it highlights the value of tools like Snyk Advisor for securing Python dependencies and promoting secure development practices.
Sep 14, 2021 1,651 words in the original blog post.
The market value of tools that help create software is growing with the trend of businesses becoming digital-first, as all industries are shifting towards technology to drive success. Cloud adoption is also on the rise, disrupting the IT market and requiring a shift from hardware-oriented solutions to application security ones. The need for cybersecurity is only expected to grow as attacks become more sophisticated, but simply pouring money into it does not solve the problem. Developers play a crucial role in securing digital applications, and with the right tools and mandate, they can build security and stay ahead of attackers, making developer security a vast market that needs investment and acceleration.
Sep 09, 2021 614 words in the original blog post.
SnykCon 2021 is a developer conference that takes place from October 5-7, 2021, featuring expert talks, hands-on workshops, and product roadmaps. The event includes sessions on topics such as security, DevOps, and the human element of security. Jenny Radcliffe will give a talk about being a people hacker, while Suzie Prince and Gareth Rushgrove will discuss autonomy for developers. Noam Moshe will explore URL parsing inconsistencies, and Cristina Buenahora Bustamante will advocate for collaboration in SRE mindset. The conference also includes a workshop on getting started with Snyk, as well as a "Fetch the Flag" competition where participants can show off their security skills. Simon Maple will be emceeing the event, and it's free to attend.
Sep 07, 2021 722 words in the original blog post.
I'm thrilled to announce that Adriana Bokel Herde joins Snyk today as our new Chief People Officer. In her new role, she will lead talent development and operations teams, including diversity and inclusion and talent branding initiatives. Adriana brings extensive experience in HR leadership from her previous roles at Biogen, Parexel, and Pegasystems. She is a true international citizen with a passion for changing the way people experience HR. With nearly half a million public and private cybersecurity jobs currently unfilled, Snyk aims to enlist the world's 27 million developers in its fight to achieve a more secure world. Adriana will harness this power to empower current employees and attract top talent, while putting the entire organization's focus on continuously prioritizing people.
Sep 01, 2021 588 words in the original blog post.