npm and security, how much do you know about your dependencies?
Hack-along, live hacking of a vulnerable Node app https://github.com/snyk-labs/nodejs-goof, Vulnerabilities from both Open source and written code. Encouraged to download the application and hack along with us.
Fixing the issues and an introduction to Snyk with a demo.
Open questions.
Prerequisites
GitHub account
This workshop has been presented at React Summit 2022, check out the latest edition of this React Conference.
Alexandra is a solution engineer at Snyk who led the presentation and workshop on open source security.
The main topic of the presentation is open source security, specifically finding and addressing vulnerabilities in OSS applications.
Yes, participants are encouraged to use their cameras and engage with the presenters to make the session more interactive.
Snyk provides information on which parent package versions have fixed versions of transitive dependencies. It allows users to open a pull request to change to a secure version.
Unlike Dependabot, Snyk can provide detailed information on changing parent versions to fix vulnerabilities and can automatically scan and fix issues in different environments, including CLI and IDE.
Yes, Snyk supports GitLab integration along with other platforms.
When raising a pull request, Snyk scans for license issues, security issues with open source, and SAS vulnerabilities, providing detailed feedback on any changes.
Participants can meet the Snyk team in person at the event days in Amsterdam, either on a Thursday or Friday.
Participants can ask questions in the chat, where Matt, another solutions engineer at Snyk, will be available to answer them.
Open source software is widely used due to its collaborative and public nature, making it convenient for developers. However, it also poses security risks that need to be managed.
