Frontend security — thoughts on Snyk

I can’t remember why but few months ago I started looking into keeping my various React projects secure. Here’s some of what I discovered (more to come). I hope some will be valuable to you.

A while ago I discovered Snyk and I hooked it up my various projects with it. Snyk sends me a weekly security summary with the breakdown of various security issues across all of my projects.

This is part of Snyk’s weekly report I receive in my inbox

Snyk also gives me context about the particular security issues found:

This is extremely useful if you want to understand the security issue

It also analyzes my dependencies on a per-PR level:

Safey? Check! — This is a GitHub PR check (like Travis)

Other features that I’ve tried from Snyk:

This is a summary for your project — it shows that a PR can be opened

The above features I have tried and I decided not to use them for the following reasons (listed in the same order as above):

Overall I’m very satisfied with Snyk and I highly recommend using it.

In the following posts I’m thinking of speaking on:

  • How Renovate can help reduce the burden of keeping your projects up-to-date (reducing security work later on)
  • Differences between GitHub’s security tab (DependaBot) and Snyk
  • npm audit, yarn audit & snyk test

NOTE: This post is not sponsored by Snyk. I love what they do, I root for them and I hope they soon fix the issues I mention above.

Follower of Christ writing web fullstack & automation solutions for Mozilla

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store