Links

Snyk Code - Additional resources

To learn more about Snyk Code, you can also use the following resources:

Web page

Webinars

  • Introduction to Snyk Code (Developer-first SAST): (1:00:57)
Conventional Static Application Security Testing (SAST) tools are limited by lengthy scan times and poor accuracy – returning too many false positives. Sound familiar? That's why Snyk developed a new approach to finding and fixing code vulnerabilities with a developer-friendly experience – introducing: Snyk Code! Watch this live demo of Snyk Code to see how it integrates into Snyk's Cloud Native Application Security platform to help developers build software securely across the entire stack – including the code, open source, containers, Kubernetes, and IaC.
  • User Office Hours: Introduction to Snyk Code: (1:00:22)
During this session, we’ll explore how to get started with Snyk Code. We’ll look at: Snyk Code language & framework support; How to enable Snyk Code in the web UI; and Best practices for using Snyk Code's IDE plugins.
  • Snyk Code: An Introduction to Dev-First SAST: (1:00:56)
Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.
  • Securing your code using Snyk Code in 15 minutes: (11:27)
Learn how to implement Snyk quickly and get results right away! It's that easy.
  • How to Get Started with Snyk Code - The Big Fix 2022 by Snyk: (22:16)
Nate Michalov, Sr. Solutions Engineering at Snyk, teaches us what Snyk Code is, why it's beneficial and how to get started using it.
  • Snyk Code Hands-on Workshop: (57:20)
Snyk Code is developer-first: embedding SAST as part of the development process, enabling developers to build software securely during development, and not trying to find and fix problems after the code is compiled. Snyk Code works in the IDEs and SCMs developers use to build and review software, and provides fast, actionable, meaningful results to fix issues in real-time.

External reviewers - videos

  • Secure Your Code from the Start with Snyk.io and Snyk Code - CoderDave: (26:31)
Developer security is important, and even more important is to fix security vulnerabilities and secure your code from the start of the development cycle with DevSecOps tools and practices. This is what Snyk.io and their Snyk Code do. This is a review of these Real Time Static Application Security Testing tools. Let's talk application security in real time and real time scan!
  • HackTheBox CA CTF - Using Snyk to Find & Fix Vulnerabilities - John Hammond: (30:35)
Seriously, isn't Snyk SUPER COOL? Exploit Goof, the vulnerable web app! https://github.com/snyk/goof
  • Find Vulnerabilities in Your Code with Snyk – Tech With Tim: (19:43)
In this video, I'll be going over security in python projects and packages. Usually, when we are using Python, we pull packages and dependencies from PYPI. However, there are no security checks needed for these uploaded packages or dependencies.

Selected Blogs

  • Happy 1st Birthday, Snyk Code! (May 2022)
Snyk Code is turning one! We’ve hit so many milestones in the last 12 months, and today we invite you to look back, celebrate, and peer into the future of code security with us.
  • Snyk and StackHawk form strategic alliance to equip app teams with modern, developer-first security testing (May 2022)
AppSec teams require data-driven tooling that equips engineers with tools that help them catch vulnerabilities early in the development lifecycle, utilizing automated testing to find and fix them before they are released to production. Without this capability, engineers are forced to scramble after the fact, often creating a world of chaos that disrupts internal processes and can also negatively impact end-user and customer experiences.
This is where Snyk’s strategic alliance with StackHawk comes in, bringing modern, developer-centric perspectives to application security to provide a holistic, scalable approach to securing the SDLC in development.
  • Modernizing SAST rules maintenance to catch vulnerabilities faster (April 2022)
Snyk Code separates itself from the majority of static code analysis tools by generating and maintaining rule sets for its users — helping them combat common and newly discovered threats. A recent Hub article described a new Javascript vulnerability called prototype pollution, which allows attackers to modify, or “pollute”, a Javascript object prototype and execute a variety of malicious actions.
In this post, we’ll use the example of prototype pollution to walk through how the rule maintenance features of Snyk Code help developers and security professionals protect their application.
  • SAST and SCA: Better together with Snyk (February 2022)
As applications become more complex, so does the task of securing them.
While the source code making up applications consists of proprietary code, a great deal of it is also third-party, open source code. Development and security teams looking to release secure code while also maintaining a rapid pace of development, need to therefore combine static application security testing (SAST) and software composition analysis (SCA) as part of a comprehensive software security strategy.
But using both SAST and SCA independently runs counter to the growing preference by organizations to minimize tool sprawl and consolidate application security tooling and so the thinking process is often SAST or SCA rather than considering SAST and SCA as part of a combined approach.
In this post, we’ll take a look at why SAST and SCA is the right approach, and how to implement both without creating sprawl.
  • Snyk Code in 2021: Redefining SAST (December 2021)
Starting in early 2021, Snyk Code became available as a freemium offering for Snyk users. Snyk Code helps developers quickly and accurately find, prioritize, and fix security flaws in proprietary code. With detailed remediation guidance at every stage of the software development lifecycle (SDLC), from the developer’s environment (IDE) to continuous integration and development (CI/CD) pipelines, Snyk Code revolutionizes static application security testing (SAST).
  • How Snyk Code prioritizes vulnerabilities using their Priority Score (November 2021)
If every vulnerability seems to be equally critical, engineers would get overwhelmed and probably waste time on the wrong issues. This is why it’s important for developer security tools to provide clear and simple prioritization functionality. As you’ve likely noticed, Snyk Code provides a Priority Score on the top right corner of the overview panel.
  • Exploring the advanced technologies behind Snyk Code (October 2021)
Snyk Code is the static application security testing (SAST) solution from Snyk, and it introduces some revolutionary technologies into the SAST space. It is based on the research and technologies developed by a spin-off from the ETH (Zurich/Switzerland), DeepCode, which joined Snyk at the end of 2020. This article is about these technologies and how Snyk not only gives back to the open source community, but also how it promotes and works with the academic community in the field of static program analysis.
  • Secure coding with Snyk Code: Ignore functionality with a twist (March 2021)
When scanning your code with our secure coding tool, Snyk Code might find all kinds of security vulnerabilities. And while Snyk Code is fast, accurate, and rich in content, sometimes there is the need to suppress specific warnings. Typical example use cases arise in test code when you explicitly use hard coded passwords to test your routines, or you know about an issue but decide not to fix it. For this situation, Snyk Code - as well as the other Snyk platform products - provides the ability to ignore suggestions.
And there is more to ignore than you think. Let’s explore how you ignore an issue, and then take look behind the scenes at how we implemented the feature.