SnykSec

The Consortium for Information and Software Quality estimated that the cost of poor software quality in the United States reached $2.41 trillion in 2022. As we will show, it makes sense that the cost of poor software quality is so high. It’s also completely avoidable, and software flaws must be avoided with the world’s increased dependency on software.

SnykSec

Snyk for Government is our FedRAMP Moderate authorized solution for the public sector. This authorization underscores our unwavering commitment to providing secure development solutions that meet the rigorous standards of the Federal Risk and Authorization Management Program (FedRAMP).

SnykSec

Explore a personal journey through Black Hat Asia 2025 as a speaker, reviewer, and community connector. Discover insights on cloud security, women in cyber, AI, and building connections.

SnykSec

Tired of boring scans? Meet Greybeard, Snyk's humorous AI security CLI that gives unforgettable, brutally honest vulnerability feedback developers won't forget. Greybeard is an April Fool's tool that really works.

SnykSec

On Friday morning, March 21, 2025, at 9:00 a.m. UTC, a security advisory identified as CVE-2025-29927 was published. It cited a critical 9.1 severity vulnerability for mainstream Next.js applications.

SnykSec

Tired of endless security alerts? Snyk Delta Findings in the IDE helps developers cut through the noise and focus on *new* vulnerabilities introduced in their code. Reduce vulnerability fatigue and ship secure software faster. Get started for free!

SnykSec

A critical security exploit in the popular GitHub Action changed-files (tj-actions/changed-files) exposed encrypted secrets in plaintext within GitHub Action logs. This vulnerability, affecting over 23,000 repositories, was enabled by orphaned commits and manipulated release tags. Learn how to protect your GitHub workflows from similar exploits.

SnykSec

Discover how Snyk helps secure the open source Golang project Bento by contributing vulnerability fixes and leveraging AI-powered tools. Learn about our efforts to enhance Bento’s security and support open source maintainers through the Snyk Secure Developer Program.

SnykSec

How to detect and prevent JWT security risks? Follow Snyk’s JWT security best practices for enhanced security.

SnykSec

Using ChatGPT for coding has benefits but can also introduce security vulnerabilities. Learn more about ChatGPT and secure coding and how to offset risk here.

SnykSec

Learn about the top advantages of secure AI coding tools for stronger DevSecOps practices with Snyk.

SnykSec

Anthropic’s Claude 3.7 Sonnet shows improvements in secure code generation, but vulnerabilities like regex-based denial-of-service still emerge. See how it compares to other AI models and why Snyk’s security tools remain essential for developers.

SnykSec

Weak encryption algorithms are cryptographic algorithms that provide inadequate security against attacks. Find out how Snyk Code can help find weak cryptographic algorithms and with weak cryptography testing.

SnykSec

Recently, researchers have found another Software Supply Chain issue in BoltDB, a popular database tool in the Go programming environment. The BoltDB Go Module was found backdoored and contained hidden malicious code.

SnykSec

Discover how BFI Finance Indonesia transformed their SDLC with proactive security practices, improving compliance, developer experience, and collaboration. Learn key insights from their journey shared at CISO Indonesia 2024, moderated by Snyk's Didik Achmadi.

SnykSec

Understand the basics of Docker security best practices with our Docker Cheat Sheet to improve container security.

SnykSec

Discover the details of the Ultralytics AI supply chain attack, a sophisticated two-phase breach targeting PyPI releases and GitHub Actions with cryptocurrency mining malware. Learn how to detect exposure, secure your projects, and protect against future vulnerabilities using tools like Snyk.

SnykSec

Dive into Server-Side Request Forgery (SSRF) vulnerabilities in Go applications and explore mitigation techniques. Learn how to secure your Go code and leverage tools like Snyk Code for proactive security.

SnykSec

Looking to boost your cybersecurity skills? Snyk's CTF 101 Workshop offers a hands-on introduction to Capture the Flag competitions, empowering students to tackle real-world security challenges. Learn about application security, network vulnerabilities, and more through free, engaging training.

SnykSec

Read how command injection works and the dangers it poses. Learn about practical guidance on how to prevent it. By following best practices and using tools like Snyk, you can significantly reduce the risk of command injection attacks in your Go projects.

SnykSec

Learn about the HTTP Archive’s Web Almanac, a valuable, community-driven resource for today’s security teams.

SnykSec

On October 31st, 2024, another package compromise and cryptocurrency hijack story unfolded for a popular npm package. Scan open source dependencies and container images in the CLI or your SCM with Snyk to determine if you're using one of the vulnerable versions of lottie-player, and potentially uncover any other security vulnerabilities you may have in your projects.

SnykSec

By integrating security practices into the development lifecycle, providing continuous education and training, and automating security workflows, organizations can effectively mitigate risks from open-source supply chain incidents, AI-generated code, and emerging threats. Snyk provides the tools and resources to establish a proactive security culture and ensure application security.

SnykSec

Look into the security challenges facing the booming Software-Defined Vehicle (SDV) market. While SDV promises exciting features and revenue streams, its reliance on C and C++ code, notorious for vulnerabilities, raises concerns.

SnykSec

Discover how to break into the exciting field of application security. Learn about free online resources, community involvement, mentorship opportunities, and exclusive communities for women in cybersecurity. Get inspired by industry leaders and start your journey today.

SnykSec

Explore Snyk Deep Code AI Fix (DCAIF), a game-changer for developers. Unlike generative AI assistants that may introduce security vulnerabilities, DCAIF leverages a hybrid AI model to automatically fix common security issues like XSS right in your IDE.

SnykSec

Snyk Code's enhanced dataflow analysis simplifies vulnerability identification and remediation. Learn how this powerful tool streamlines the security process and saves developers valuable time.

SnykSec

Npm package aliasing can be a security threat. Learn about how malicious actors can exploit this feature to introduce fake packages into your projects. Protect your projects with best practices and stay vigilant against supply chain attacks.

SnykSec

Protect against modern threats like open-source supply chain attacks and AI-generated code vulnerabilities. Automate dependency scanning, remediation, and container security to ensure your applications are safe and compliant. Secure your software development with Snyk's comprehensive vulnerability management solution.

SnykSec

Security researcher evilsocket.net (Simone Margaritelli) published information about several vulnerabilities in CUPS that allow for remote code execution (RCE)