Open Source


Snyk uncovers malicious code activities in open source supply chain security on the npm registry

Open source helps developers build faster. But who’s making sure these open source dependencies (sometimes years out of development) stay secure? In a recent npm security research activity, Snyk uncovered a total of 8 npm packages which matched a specific malicious code vector of attack. This specific attack vector of the malicious packages included packages which had pre/post install scripts, which allowed them to run arbitrary commands when installed.


GitHub Security Code Scanning: Secure your open source dependencies

We are happy to announce Snyk Open Source support for GitHub Security Code Scanning, enabling you to automatically scan your open source dependencies for security vulnerabilities and license issues, as well as view results directly from within GitHub’s Security tab! A key ingredient of Snyk’s developer-first approach is integrating Snyk’s security data into the exact same processes that developers are using, whether this is within a developer’s IDE or a Git-based workflow.


Focalboard is an open source, self-hosted alternative to Trello, Notion, and Asana. It's a project management tool that helps define, organize, track and manage work across teams, using a familiar kanban board view. We're currently in early-access beta, and are looking for feedback. So please download it today and let us know what you think. Focalboard is open source! Check out the source code here, and contribute to the future of this project.

Taking open-source to the next level at Bitrise - Step by step

One of the reasons I joined Bitrise was the awesome community and the fact that most of the codebase here is actually open-sourced. If the Step Library is the brain of each and every build running on Bitrise, the open-source community must be the heart of it, playing a key role in the success of our product. That's why we have some plans to do more amazing things.


A hacker's approach to finding security bugs in open source software

Spencer Pearlman, Security Researcher at Detectify, presented A Hacker’s Approach to Finding Security Bugs in Open Source Software in a partnered webinar with friends at Debricked. Securing modern web applications takes new approaches, and this includes looking at it from a hacker’s perspective. Here are highlights from the presentation on how tech teams can apply the same hacker mindset to discover vulnerabilities in open-source software in their tech stack.