VULNERABILITY ANALYSIS / WEB VULNERABILITY ANALYSIS

snyk v1.114.0 releases: find & fix known vulnerabilities in open-source dependencies

Snyk helps you find, fix and monitor known vulnerabilities in Node.js npm, Ruby and Java dependencies, both on an ad hoc basis and as part of your CI (Build) system.

Features

  • Find known vulnerabilities by running snyk test on a project either as a one-off or as part of your CI process.
  • Fix vulnerabilities using snyk wizard and snyk protect.
    • snyk wizard walks you through finding and fixing known vulnerabilities in your project. Remediation options include configuring your policy file to update, auto patch and ignore vulnerabilities. (npm only)
    • snyk protect your code from vulnerabilities by applying patches and optionally suppressing specific vulnerabilities.
  • Alert snyk monitor records the state of dependencies and any vulnerabilities on snyk.io so you can be alerted when new vulnerabilities or updates/patches are disclosed that affect your repositories.
    • Prevent new vulnerable dependencies from being added to your project by running snyk test as part of your CI to fail tests when vulnerable Node.js or Ruby dependencies are added.

Changelog

1.114.0 (2018-12-04)

Features

  • bump docker plugin version (b8e085c)

Installation

  1. Install the Snyk utility using npm install -g snyk.
  2. Once installed you will need to authenticate with your Snyk account: snyk auth
For more detail on how to authenticate take a look at the CLI authentication section of the Snyk documentation.

Use

The package argument is optional. If no package is given, Snyk will run the command against the current working directory allowing you test you non-public applications.
$ snyk test ✗ High severity vulnerability found on minimatch@0.3.0 - desc: Regular Expression Denial of Service - info: https://snyk.io/vuln/npm:minimatch:20160620 - from: ionic@2.1.17 > gulp@3.8.8 > liftoff@0.12.1 > findup-sync@0.1.3 > glob@3.2.11 > minimatch@0.3.0 Upgrade direct dependency gulp@3.8.8 to gulp@3.8.11 (triggers upgrades to liftoff@2.2.0 > findup-sync@0.3.0 > glob@5.0.15 > minimatch@3.0.2) ✗ Medium severity vulnerability found on moment@2.11.1 - desc: Regular Expression Denial of Service - info: https://snyk.io/vuln/npm:moment:20161019 - from: ionic@2.1.17 > moment@2.11.1 Upgrade direct dependency moment@2.11.1 to moment@2.15.2 ✗ Medium severity vulnerability found on send@0.10.1 - desc: Root Path Disclosure - info: https://snyk.io/vuln/npm:send:20151103 - from: ionic@2.1.17 > serve-static@1.7.1 > send@0.10.1 Upgrade direct dependency serve-static@1.7.1 to serve-static@1.8.1 (triggers upgrades to send@0.11.1)

Comments

Popular Posts