Learn coding concepts by building real projects with modern technologies

Snyk Security Review

By Lane Wagner on Jul 16, 2019

We recently integrated Snyk into boot.dev as a way to get more visibility into known vulnerabilities in boot.dev’s codebase. Snyk has already patched a critical vulnerability in lodash for us. This allowed us to continue releasing new versions before the official fix for lodash was published a few days ago.

We can’t speak to whether Snyk is a cost-effective tool for commercial applications. However, their support for the open-source community by offering free integrations is worth the few minutes it takes to install.

snyk

Their quick start page allows developers to integrate their GitHub repository, then use the command-line tool to detect and apply any patches to their code.

Snyk Badge

We added a badge to our github repo that shows in near real-time whether or not the boot.dev code contains any known vulnerabilities according to Snyk. If you are into open source and are looking for a way to keep your code secure, Snyk is a tool you should look into.

Learn to code by building real projects

Related Reading