Snyk Code - Additional resources

To learn more about Snyk Code, visit the product web page and consult the following resources:

Snyk Code videos

Introduction to Snyk Code (Developer-first SAST): (1:00:57)

Watch this live demo of Snyk Code to see how it integrates into the Snyk Cloud Native Application Security platform to help developers build software securely across the entire stack, including the code, open source, containers, Kubernetes, and IaC.

User Office Hours: Introduction to Snyk Code: (1:00:22)

This video explores how to get started with Snyk Code. It looks at Snyk Code language and framework support, how to enable Snyk Code in the Web UI, and best practices for using Snyk Code IDE plugins.

Snyk Code: An Introduction to Dev-First SAST: (1:00:56)

View this introduction to see how Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI, and more.

Securing your code using Snyk Code in 15 minutes: (11:27)

View this video to learn how to implement Snyk quickly and get results right away.

How to Get Started with Snyk Code - The Big Fix 2022 by Snyk: (22:16)

This video explains what Snyk Code is, why it is beneficial, and how to get started using it.

Snyk Code Hands-on Workshop: (57:20)

This video shows that Snyk Code is developer-first, embedding SAST as part of the development process, enabling developers to build software securely during development, and not trying to find and fix problems after the code is compiled. Snyk Code works in the IDEs and SCMs developers use to build and review software, and provides fast, actionable, meaningful results to fix issues in real-time.

Videos by external reviewers

Secure Your Code from the Start with and Snyk Code - CoderDave: (26:31)

This video is a review of Snyk Code.

HackTheBox CA CTF - Using Snyk to Find & Fix Vulnerabilities - John Hammond: (30:35)

This video demonstrates using Snyk.

Find Vulnerabilities in Your Code with Snyk – Tech With Tim: (19:43)

This video addresses security in Python Projects and packages.

Selected blogs

This blog post looks at the first year of Snyk Code and the future of code security with Snyk.
This blog post discusses how the strategic alliance between Snyk and StackHawk brings modern, developer-centric perspectives to application security to provide a holistic, scalable approach to securing the SDLC in development.
This post uses the example of a new Javascript vulnerability called prototype pollution to walk through how the rule maintenance features of Snyk Code help developers and security professionals protect their application.
This post looks at why considering SAST and SCA as part of a combined approach is the right approach and how to implement both without creating sprawl.
Starting in early 2021, Snyk Code became available as a freemium offering for Snyk users. Snyk Code helps developers quickly and accurately find, prioritize, and fix security flaws in proprietary code. This post discusses how, with detailed remediation guidance at every stage of the software development lifecycle (SDLC), from the developer’s environment (IDE) to continuous integration and development (CI/CD) pipelines, Snyk Code revolutionizes static application security testing (SAST).
If every vulnerability seems equally critical, engineers would get overwhelmed and probably waste time on the wrong issues. This is why it’s important for developer security tools to provide clear and simple prioritization functionality. As you’ve likely noticed, Snyk Code provides a Priority Score on the top right corner of the overview panel. This post discusses the Priority Score.
Snyk Code is the static application security testing (SAST) solution from Snyk, and it introduces some revolutionary technologies into the SAST space. It is based on the research and technologies developed by a spin-off of the ETH (Zurich/Switzerland), DeepCode, which joined Snyk at the end of 2020. This post is about these technologies and how Snyk not only gives back to the open-source community but promotes and works with the academic community in the field of static program analysis.
When scanning your code, Snyk Code might find all kinds of security vulnerabilities. While Snyk Code is fast, accurate, and rich in content, sometimes there is the need to suppress specific warnings. Typical example use cases arise in test code when you explicitly use hard-coded passwords to test your routines, or you know about an issue but decide not to fix it. For this situation, Snyk Code, as well as the other Snyk platform products, provides the ability to ignore suggestions.
There is more to ignore than you think. This post explores how you ignore an issue and takes a look behind the scenes at how Snyk implemented the feature.