no more cubes

Tag: snyk

  • Malicious PyPI Packages

    It was a matter of time. After the npm-repository was hit later last year and ruby gems were found mining crypto-currency, this times it’s PyPI that spreads bad code. Supply chain attacks, as this vector is typically referred to, becomes an increasing problem. Foremost for software vendors.

    The rich supply of community maintained packages make particular languages attractive to businesses. Plenty of ready made packages allow to rapidly build the most important components required to bootstrap any SaaS business. Authentication, database connectivity, model view abstraction layers, web request routing, html templating, it all can be found in either of these, at no added cost.

    However, nothing in life is free and the price vendors pay is the added risk of unvalidated or unverified sources.

    (more…)

  • Snyk Acquires FossID

    FossID is a software composition analysis tool that scans code for open source licenses and vulnerabilities. It is the third acquisition by Snyk in the past 6 months.

    FossID, a software composition analysis tool that scans code for open source licenses and vulnerabilities

    Source: Snyk Acquires FossID to Accelerate Worldwide Developer-First Security Adoption | Snyk

  • Snyk to acquire DeepCode

    Snyk, vendor of open source security software, announced their intent to acquire DeepCode, a Zurich based startup that build AI based security solutions for developers.

    From the announcement

    We are excited to integrate DeepCode’s technology to our developer-first vision and the Snyk Cloud Native Application Security platform.

    From the announcement

    Source: Accelerating our developer-first vision with DeepCode | Snyk

  • Snyk closes mega funding round

    snyk

    Snyk closes mega funding round: the London based company offers open-source services and products for modern security. The company announced the funding round on it’s own blog. The company, founded by Guy Podjarny, grew rapidly since it’s founding in 2015. The product addresses modern security needs for a container driven IT world. With open source and developer first approaches it delivers an approach that hits a nerve. Increasing complexity of software development and dependencies to open-source components drives demand. Dependencies to open-source components are a twofold reality: They allow faster development for any product team. At the same time, they bring a level of complexity that requires additional management. This reality created a market for companies like Snyk, but also WhiteSource or BlackDuck, in the security space, with a special focus on software development.

    Snyk helps software-driven organizations find and fix vulnerabilities in open source dependencies and container images.

    We are truly humbled to announce the closing of our latest funding round—an investment of $200 million led by Addition—to modernize the security industry.

    from the Snyk blog.

    The funding round is a Series D. Snyk closes mega funding round: With previous rounds, the company expanded internationally before. This recent funding round let’s expect further rapid growth of the brand and product. The size of the funding sets expectations for the near future pace of growth.

    Source: Snyk Closes $200M to Modernize Security Industry | Snyk