snyk v1.130.0 releases: find & fix known vulnerabilities in open-source dependencies

snyk

Snyk helps you find, fix and monitor known vulnerabilities in Node.js npm, Ruby and Java dependencies, both on an ad hoc basis and as part of your CI (Build) system.

Features

  • Find known vulnerabilities by running snyk test on a project either as a one-off or as part of your CI process.
  • Fix vulnerabilities using snyk wizard and snyk protect.
    • snyk wizard walks you through finding and fixing known vulnerabilities in your project. Remediation options include configuring your policy file to update, auto patch and ignore vulnerabilities. (npm only)
    • snyk protect your code from vulnerabilities by applying patches and optionally suppressing specific vulnerabilities.
  • Alert snyk monitor records the state of dependencies and any vulnerabilities on snyk.io so you can be alerted when new vulnerabilities or updates/patches are disclosed that affect your repositories.
    • Prevent new vulnerable dependencies from being added to your project by running snyk test as part of your CI to fail tests when vulnerable Node.js or Ruby dependencies are added.

Changelog

1.130.0 (2019-02-13)

Features

  • remove misleading docker layers count breakdown (a25d205)

Installation

  1. Install the Snyk utility using npm install -g snyk.
  2. Once installed you will need to authenticate with your Snyk account: snyk auth

For more detail on how to authenticate take a look at the CLI authentication section of the Snyk documentation.

Use

The package argument is optional. If no package is given, Snyk will run the command against the current working directory allowing you test you non-public applications.

$ snyk test
✗ High severity vulnerability found on [email protected]
- desc: Regular Expression Denial of Service
- info: https://snyk.io/vuln/npm:minimatch:20160620
- from: [email protected] > [email protected] > [email protected] > [email protected] > [email protected] > [email protected]
Upgrade direct dependency [email protected] to [email protected] (triggers upgrades to [email protected] > [email protected] > [email protected] > [email protected])

✗ Medium severity vulnerability found on [email protected]
- desc: Regular Expression Denial of Service
- info: https://snyk.io/vuln/npm:moment:20161019
- from: [email protected] > [email protected]
Upgrade direct dependency [email protected] to [email protected]

✗ Medium severity vulnerability found on [email protected]
- desc: Root Path Disclosure
- info: https://snyk.io/vuln/npm:send:20151103
- from: [email protected] > [email protected] > [email protected]
Upgrade direct dependency [email protected] to [email protected] (triggers upgrades to [email protected])

Tutorial

Copyright 2015 Snyk Ltd.
Source: https://github.com/snyk/

Anastasis Vasileiadis

PC Technical || Penetration Tester || Ethical Hacker || Cyber Security Expert || Cyber Security Analyst || Information Security Researcher || Malware analyst || Malware Investigator || Reverse Engineering

SC ProDefence SRL - Cyber Security Services