We have collection of more than 1 Million open source products ranging from Enterprise product to small libraries in all platforms. We aggregate information from all open source repositories. Search and find the best for your needs. Check out projects section.
snyk - CLI and build-time tool to find & fix known vulnerabilities in open-source dependencies
Snyk helps you find, fix and monitor for known vulnerabilities in Node.js npm, Ruby and Java dependencies, both on an ad hoc basis and as part of your CI (Build) system.For more detail on how to authenticate take a look at the CLI authentication section of the Snyk documentation.
security monitor snyk vulnerabilitiesvulnerabilitydb - Snyk's public vulnerability database
This is the vulnerability database used by Snyk, a tool that helps you find and fix known vulnerabilities in your dependencies, both ad hoc and as part of your CI (Build) system.This github repository is synced once a month, and does not contain the most up to date vulnerability information. Please refer to Snyk's Vulnerability Database for up to date information.
security vulnerabilities vulnerability-databases vulndb snyk infosec vulnerability advisory dbjobs - Job opportunities at Snyk - join us in driving Open Source Security!
Open Source code, pulled from npm, Maven, RubyGems and others, is often the majority of code in an application, and yet it receives no security attention. Most developers do nothing to track known vulnerabilities in the packages they use, and trust this code as though it's their own. This risk is massive today, and is only made worse by the growing use of packages and the simplicity offered by package managers. It is further compounded by the fact that unpatched servers, which account for most successful exploits today, are slowly being abstracted away by PaaS and Serverless, making vulnerabilities in open source code packages become the easiest way in.At Snyk we believe this problem can only be fixed by developers and DevOps teams, being built into the way we create software. We offer a SaaS CI/CD and runtime monitoring product that helps organisations continuously find and fix vulnerable dependencies without slowing down development.
jobs recruitment security snykserverless-snyk - Serverless plugin for securing your dependencies with Snyk
Around 14% of npm packages carry a known vulnerability, and new vulnerabilities are being discovered every day. The Serverless Snyk plugin helps you keep your application secure by allowing you to check the Node.js dependencies in your Serverless app for known vulnerabilities using Snyk.Read more about Serverless security and how vulnerable open source packages affect it on the Snyk blog.
snyk security serverless vulnerabilitiesnodejs-runtime-agent - Snyk Node Runtime Agent
Use this package as a library in your application to monitor your dependencies and to learn how the vulnerable functions of the dependencies are invoked in your deployments. There is a self-contained demo named node-woof, which you can clone and run. It will guide you through the setup of the project on your machine.
agent instrumentation monitor monitoring policy runtime secure security snyk validatesnyker - An opinionated, heavy-handed wrapper around Snyk.
The Snyk CLI is great for reporting vulnerabilities and providing top level dependency upgrades and patches, but struggles when the vulnerability rests within a nested sub-dependency. This is despite the fact that many sub-dependencies have reasonable flexibility in the version ranges they allow for their own dependencies. This CLI takes a brute-force approach to solving this limitation of Snyk. It purges the .snyk file from a project, checks for vulnerable paths using Snyk, then forces yarn / npm to try to upgrade any dependency along the vulnerable paths before finally ignoring any vulnerability that cannot be fixed in the previous steps. If a patch is available for any outstanding vulnerability then it is also added to the Snyk policy.
cli security vulnerabilities snyk snyk-cli vulnerable-pathssnyk-tekton - A set of Tekton Tasks for using Snyk to check for vulnerabilities in your pipelines
See the individual Actions linked above for per-language instructions.
snyk tektonsnykctl - A CLI tool for interacting with the Snyk API.
A command line tool for interacting with the Snyk API. Using the API requires a valid API token to be set in the SNYK_TOKEN environment variable. The Snyk API is enabled for all Snyk customers.
snyk crystal-langsnykin - A sample vulnerable Node application for demonstration purposes.
A sample vulnerable Node application for demonstration purposes. The image will be built locally, and deployed using Helm to your configured Kubernetes cluster. Any changes, to the application code or Dockerfile, will trigger a rebuild and redeploy.
helm tilt snyksnykus - A real-world workflow for using Docker, Snyk and GitHub to build, secure and publish container images
A real-world workflow for using Docker, Snyk and GitHub to build, secure and publish container images. The workflow is reasonably complex, but it's also very powerful.
docker snyk ghcrsnyky - A known vulnerable Flask app with an excessive amount of automated testing
The following application is used for demonstration purposes only. It contains a large number of overlapping integrations described below. These policies can be applied in a variety of different ways. Note this is for demonstration purposes only, it's likely that you would only use one or two of these in a real application.
snyk
We have large collection of open source products. Follow the tags from
Tag Cloud >>
Open source products are scattered around the web. Please provide information
about the open source projects you own / you use.
Add Projects.
