Displaying 1 to 11 from 11 results

snyk - CLI and build-time tool to find & fix known vulnerabilities in open-source dependencies

  •    Javascript

Snyk helps you find, fix and monitor for known vulnerabilities in Node.js npm, Ruby and Java dependencies, both on an ad hoc basis and as part of your CI (Build) system.For more detail on how to authenticate take a look at the CLI authentication section of the Snyk documentation.

vulnerabilitydb - Snyk's public vulnerability database

  •    Javascript

This is the vulnerability database used by Snyk, a tool that helps you find and fix known vulnerabilities in your dependencies, both ad hoc and as part of your CI (Build) system.This github repository is synced once a month, and does not contain the most up to date vulnerability information. Please refer to Snyk's Vulnerability Database for up to date information.

jobs - Job opportunities at Snyk - join us in driving Open Source Security!

  •    Javascript

Open Source code, pulled from npm, Maven, RubyGems and others, is often the majority of code in an application, and yet it receives no security attention. Most developers do nothing to track known vulnerabilities in the packages they use, and trust this code as though it's their own. This risk is massive today, and is only made worse by the growing use of packages and the simplicity offered by package managers. It is further compounded by the fact that unpatched servers, which account for most successful exploits today, are slowly being abstracted away by PaaS and Serverless, making vulnerabilities in open source code packages become the easiest way in.At Snyk we believe this problem can only be fixed by developers and DevOps teams, being built into the way we create software. We offer a SaaS CI/CD and runtime monitoring product that helps organisations continuously find and fix vulnerable dependencies without slowing down development.

serverless-snyk - Serverless plugin for securing your dependencies with Snyk

  •    Javascript

Around 14% of npm packages carry a known vulnerability, and new vulnerabilities are being discovered every day. The Serverless Snyk plugin helps you keep your application secure by allowing you to check the Node.js dependencies in your Serverless app for known vulnerabilities using Snyk.Read more about Serverless security and how vulnerable open source packages affect it on the Snyk blog.

nodejs-runtime-agent - Snyk Node Runtime Agent

  •    Javascript

Use this package as a library in your application to monitor your dependencies and to learn how the vulnerable functions of the dependencies are invoked in your deployments. There is a self-contained demo named node-woof, which you can clone and run. It will guide you through the setup of the project on your machine.

snyker - An opinionated, heavy-handed wrapper around Snyk.

  •    Javascript

The Snyk CLI is great for reporting vulnerabilities and providing top level dependency upgrades and patches, but struggles when the vulnerability rests within a nested sub-dependency. This is despite the fact that many sub-dependencies have reasonable flexibility in the version ranges they allow for their own dependencies. This CLI takes a brute-force approach to solving this limitation of Snyk. It purges the .snyk file from a project, checks for vulnerable paths using Snyk, then forces yarn / npm to try to upgrade any dependency along the vulnerable paths before finally ignoring any vulnerability that cannot be fixed in the previous steps. If a patch is available for any outstanding vulnerability then it is also added to the Snyk policy.

snyk-tekton - A set of Tekton Tasks for using Snyk to check for vulnerabilities in your pipelines

  •    HTML

See the individual Actions linked above for per-language instructions.

snykctl - A CLI tool for interacting with the Snyk API.

  •    Crystal

A command line tool for interacting with the Snyk API. Using the API requires a valid API token to be set in the SNYK_TOKEN environment variable. The Snyk API is enabled for all Snyk customers.

snykin - A sample vulnerable Node application for demonstration purposes.

  •    Smarty

A sample vulnerable Node application for demonstration purposes. The image will be built locally, and deployed using Helm to your configured Kubernetes cluster. Any changes, to the application code or Dockerfile, will trigger a rebuild and redeploy.

snykus - A real-world workflow for using Docker, Snyk and GitHub to build, secure and publish container images

  •    Dockerfile

A real-world workflow for using Docker, Snyk and GitHub to build, secure and publish container images. The workflow is reasonably complex, but it's also very powerful.

snyky - A known vulnerable Flask app with an excessive amount of automated testing

  •    Open

The following application is used for demonstration purposes only. It contains a large number of overlapping integrations described below. These policies can be applied in a variety of different ways. Note this is for demonstration purposes only, it's likely that you would only use one or two of these in a real application.

We have large collection of open source products. Follow the tags from Tag Cloud >>

Open source products are scattered around the web. Please provide information about the open source projects you own / you use. Add Projects.