We often hear about the importance of DevSecOps — integrating security into DevOps processes. But as many security professionals know, it’s not nearly as easy as it sounds. Cultivating secure software development practices requires working alongside developers with varying opinions, priorities, and idiosyncrasies. And any process involving humans is complicated.  So, how do today’s security teams overcome these challenges and make secure software development practices a reality? Snyk interviewed some of the world’s most innovative security leaders to find out. Let’s dive into their bigges ..read more

Editor’s note: The following think piece, written by Snyk’s Open Source and Open Standards Strategy Director, Daniel Appelquist, examines the origin of the term “supply chain security” and whether it’s a good fit for today’s open source software development process. I was inspired to write this after reading a post from Thomas Depierre on Mastodon: The post touched on something that’s been troubling me recently. When it comes to software security, we spend a lot of time talking about the software supply chain and related concepts, such as the software bill of materials (SBOM). This metaphor c ..read more

If I throw a coin high up in the air, I know the outcome — it will either be heads or tails. However, I can’t predict which it will be. I will certainly be able to guess with a 50% chance, but I can’t be 100% certain. If I were to roll a die, my certainty becomes less (1 in 6). However, I still know what the output could be. Computers are great at many things, especially predictability. They are deterministic and creating a truly random number is impossible. However, we can use functions to create approximate randomness. These functions are called pseudo-random number generators.  Let’s t ..read more

Our long-standing partnership with Atlassian is built on our mutual commitment to providing a great developer experience. It started with our native integration within the Bitbucket Cloud UI, and today we’re incredibly excited to announce yet another new door opening in our partnership. The new Snyk integration for Jira Software will bring security and collaboration to Atlassian users at every stage of the development lifecycle.  At times, developers see security as a blocker to rapid application development and efficient deployment.  According to recent studies, nearly half (46 ..read more

Audits are challenging. Especially when it comes to assessing abstract compliance standards against multiple cloud environments, unique cloud infrastructure setups, and many possible (mis)configurations.  To help our customers automate compliance assessments, Snyk Cloud now supports 10+ compliance standards— including CIS Benchmarks for AWS, Azure, and Google Cloud, SOC 2, PCI DSS, ISO 27001, HIPAA, and more. By continuously identifying issues in your Cloud environments and IaC, mapped to industry benchmarks and compliance standards, Snyk Cloud can provide teams with necessary evidence an ..read more

2022 was a pivotal year for cloud security at Snyk. At Snyk, we’re best known for pioneering developer-first application security, empowering developers to find and fix vulnerabilities in their code early in the development lifecycle. We revolutionized the AppSec market by breaking down silos of tools, people, and processes between security and development teams by enabling security checks to happen from the moment code is written, versus the “deploy, detect, and respond” model used by many security tools.  And we realized that painful paradigm still exists for cloud security. The current ..read more

Controlling and filtering traffic when containerizing a workload within Kubernetes Pods is just as crucial as a firewall in a more traditional network setup. The difference is that, in this scenario, those capabilities are provided by the Kubernetes NetworkPolicy API. This article will explore Kubernetes NetworkPolicy by creating an example network policy and examining its core parameters. Then, we’ll look at some common NetworkPolicy use cases and learn how to monitor them using kubectl. Finally, we’ll discover how to implement Container Network Interface (CNI) using third-party Kubernetes ex ..read more

In our latest Snyk in 30, Jason Lane (Director of Product Marketing) and I (Marco Morales, Partner Solutions Architect) showcased Snyk Open Source with a focus on our integration with Bitbucket Cloud.  They covered why open source security is vital for modern app development, along with tips on taking a holistic approach to application security that goes beyond just shifting left. The session ended with a demo of Snyk App for Bitbucket Cloud, showcasing how we enable developers to access high vulnerability counts and rich, contextual information within a native Bitbucket workflow. Today ..read more

Live conferences are finally back, and the 11th annual AWS re:Invent did not disappoint. After a virtual 2020 and an in-person reduced-sized edition in 2021, there were more than 52,000 (yes — 52,000!) smiling faces milling about this year’s conference in Las Vegas.  As per usual, re:Invent was full of exciting product news and updates. Here are the major announcements that got our attention and some of the things Snyk was up to in Vegas.   Exciting AWS security announcement One of the product announcements that excited us most was a preview of the Amazon Security Lake – A Purpo ..read more

This post was written by Snyk Ambassador, Mark Johnson (@tazmainiandevil). Get inside access to Snyk by signing up to become a Snyk Ambassador. Azure Bicep is getting more popular by the day and is rapidly becoming the replacement for Azure Resource Manager (ARM) templates. In this post, I am going to go over some security fundamentals when using Bicep. If you are not familiar with Bicep then I recommend taking a look at the Microsoft Learn documentation to find out more. Keep secrets out of source control We all know we want to keep our secrets out of source control but it is very easy t ..read more