Demo

Vulnerability Scanning for Applications with Snyk & CircleCI

Watch this live stream replay on how to use Snyk and CircleCI to assess vulnerabilities and scan projects as part of their deployment pipeline.

Speakers

  • Jacquie Grindrod
    Jacquie GrindrodDeveloper Advocate, HashiCorp
  • Rosemary Wang
    Rosemary WangDeveloper Advocate, HashiCorp
  • LT
    Liran TalDeveloper Advocate, Snyk

How do we add vulnerability scanning to our application deployment pipeline? How do we know which vulnerabilities can be remediated? Watch this replay from the HashiCorp Live stream to learn about JavaScript security, secure developer workflows, assessing vulnerabilities, and shift-left vulnerability scanning. Rosemary Wang and Jacquie Grindrod (Developer Advocate, HashiCorp) learn from Liran Tal (Developer Advocate, Snyk) about JavaScript, web security, and Snyk while attempting to configure a CircleCI pipeline to scan a React.js application.

Subscribe to the HashiCorp Live Twitch channel to watch future live streams!

Outline

0:00 — Introductions

02:00 — Getting Started with Web & JavaScript Security. Check out OWASP Top Ten, MyDevSecOps.

05:30 — Visualize Vulnerability Scanning Reports with pie-my-vulns

07:30 — Workflow for Vulnerability Management in Enterprise

12:00 — Assessing & Triaging Vulnerabilities

13:10 — Running pie-my-vulns on hashicorp-demoapp/frontend

26:30 — Vuln Cost - security scanner for VS Code

31:00 — Triaging Vulnerabilities

38:00 — Security Scanning of synk/goof, a vulnerable application

49:00 — Exploiting a vulnerability in the marked library

1:17:30 — Add Vulnerability Scanning to hashicorp-demoapp/frontend

1:26:00 — Import hashicorp-demoapp/frontend to Snyk (for vulnerability scanning on PRs)

1:31:00 — Add stage to CircleCI pipeline to run Synkf for vulnerability scanning

More resources like this one