Vulnerability Scanning for Applications with Snyk & CircleCI
Watch this live stream replay on how to use Snyk and CircleCI to assess vulnerabilities and scan projects as part of their deployment pipeline.
Speakers
Jacquie GrindrodDeveloper Advocate, HashiCorp
Rosemary WangDeveloper Advocate, HashiCorp- LTLiran TalDeveloper Advocate, Snyk
How do we add vulnerability scanning to our application deployment pipeline? How do we know which vulnerabilities can be remediated? Watch this replay from the HashiCorp Live stream to learn about JavaScript security, secure developer workflows, assessing vulnerabilities, and shift-left vulnerability scanning. Rosemary Wang and Jacquie Grindrod (Developer Advocate, HashiCorp) learn from Liran Tal (Developer Advocate, Snyk) about JavaScript, web security, and Snyk while attempting to configure a CircleCI pipeline to scan a React.js application.
Subscribe to the HashiCorp Live Twitch channel to watch future live streams!
Outline
0:00 — Introductions
02:00 — Getting Started with Web & JavaScript Security. Check out OWASP Top Ten, MyDevSecOps.
05:30 — Visualize Vulnerability Scanning Reports with pie-my-vulns
07:30 — Workflow for Vulnerability Management in Enterprise
12:00 — Assessing & Triaging Vulnerabilities
13:10 — Running pie-my-vulns on hashicorp-demoapp/frontend
26:30 — Vuln Cost - security scanner for VS Code
31:00 — Triaging Vulnerabilities
38:00 — Security Scanning of synk/goof, a vulnerable application
49:00 — Exploiting a vulnerability in the marked library
1:17:30 — Add Vulnerability Scanning to hashicorp-demoapp/frontend
1:26:00 — Import hashicorp-demoapp/frontend to Snyk (for vulnerability scanning on PRs)
1:31:00 — Add stage to CircleCI pipeline to run Synkf for vulnerability scanning
