Snyk teams with Google to detect JavaScript vulnerabilities in Chrome Lighthouse
Security firm Snyk Ltd. today said it has partnered with Google LLC to power the vulnerable JavaScript libraries audit in Google Chrome’s Lighthouse, an automated developer tool for improving the quality of web apps.
The integration of Snyk’s open-source vulnerabilities data into Lighthouse is aimed at developing more secure web applications by making developers aware of securities in their code, so it’s easier to take action on them.
The Snyk data will be offered through Lighthouse’s “Best Practices” audit that detects front-end JavaScript libraries in use with a known security vulnerability by testing against Snyk’s vulnerability database. If any known security issues are detected, the developer receives a detailed report of each vulnerability with a link to Snyk to resolve the issues.
“In early 2017, researchers found that 37 percent of sites had at least one client-side JavaScript library containing a known security vulnerability,” Snyk Chief Executive Guy Podjarny said in a statement. “Recently, we completed a report noting that the reality was worse: 77 percent of the top 433,000 URLs used a JavaScript library with a known security issue. Recognizing the importance of the issue, Snyk collaborated with the Lighthouse team to audit vulnerable JavaScript libraries. This integration applies an extra layer of visibility for developers as we work toward making the web more secure by default.”
Snyk has been growing in popularity as developers become more aware of security vulnerabilities in open source software and code, much of which is commonly used in most web applications. Snyk’s data also integrates into existing developer workflows, including source control services such as GitHub and BitBucket.
In an interview with SiliconANGLE’s theCUBE in August, Podjarny explained that oftentimes developers are not aware of just how much dependency there is on risky outside software packages. “Snyk deals with open-source security, specifically in Node.js in the world of NPM,” he said, referring to Node Package Manager. “NPM is amazing and allows us to build on the shoulders of giants. But there are some inherent security risks with just pulling code off the internet and running it in your application.”
The company raised $7 million earlier this month from Boldstart Ventures, Canaan Partners, Heavybit and FundFire. As of its last round, Snyk said that it had more than 120,000 developers using the platform, 100,000 projects protected and 350,000 downloads per month.
Image: Google
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU