Carolina Code ConferenceDec 18
FYI: AppSec Tool: Speed, Accuracy, and False Positives! #shorts: What makes a good dev-centric AppSec tool? Speed is critical; aim for under 5 minutes. False positives erode trust, while false negatives are a problem too. Runtime security tools can offer rapid feedback. #AppSec #security #OWASP #Snyk #ContrastAssess https://www.youtube.com/shorts/oEIM1ckVpzE
 DevelopersIODec 2

ゲーム開発の安全性を高める第一歩〜Snyk導入のすすめ〜 #Snyk
https://dev.classmethod.jp/articles/snyk-snyk-game-2512-kdpn/

#dev_classmethod

ゲーム開発の安全性を高める第一歩〜Snyk導入のすすめ〜 #Snyk | DevelopersIO

Snykのキャラクターはパッチくん੯‧̀͡u\🐾

クラスメソッド発「やってみた」系技術メディア | DevelopersIO
Carolina Code ConferenceNov 19
ICYMI: AppSec Tool: Speed, Accuracy, and False Positives! #shorts: What makes a good dev-centric AppSec tool? Speed is critical; aim for under 5 minutes. False positives erode trust, while false negatives are a problem too. Runtime security tools can offer rapid feedback. #AppSec #security #OWASP #Snyk #ContrastAssess https://www.youtube.com/shorts/oEIM1ckVpzE
Carolina Code ConferenceNov 8
AppSec Tool: Speed, Accuracy, and False Positives! #shorts: What makes a good dev-centric AppSec tool? Speed is critical; aim for under 5 minutes. False positives erode trust, while false negatives are a problem too. Runtime security tools can offer rapid feedback. #AppSec #security #OWASP #Snyk #ContrastAssess https://www.youtube.com/shorts/oEIM1ckVpzE
 DevelopersIOOct 21

[アップデート] SnykでCLIのスキャン結果をWeb UIにアップロードできるようになりました #snyk
https://dev.classmethod.jp/articles/snyk-cli-web-ui-snyk-kdpn/

#dev_classmethod

[アップデート] SnykでCLIのスキャン結果をWeb UIにアップロードできるようになりました #snyk | DevelopersIO

Snykのキャラクターはドーベルマンモデルのパッチくんと言います(ᐡ • ̫ •`ᐡ)

[アップデート] SnykでCLIのスキャン結果をWeb UIにアップロードできるようになりました #snyk | DevelopersIO
 DevelopersIOSep 26

SnykでAWSをスキャンしていく #Snyk
https://dev.classmethod.jp/articles/snyk-aws-2509-kdpn/

#dev_classmethod

SnykでAWSをスキャンしていく #Snyk | DevelopersIO

秋の始まりを感じるこの頃・・・ 皆さん、食欲の秋を楽しんでますか?私は秋刀魚を食べました!美味しい! さて、秋なのでSnykも楽しんでいきましょうかね!

SnykでAWSをスキャンしていく #Snyk | DevelopersIO
 DevelopersIOAug 30, 2025

Probely CLIをインストールして脆弱性結果を確認してみた
https://dev.classmethod.jp/articles/probely-cli-kdpn-2508/

#dev_classmethod #Snyk #セキュリティ #CLI

Probely CLIをインストールして脆弱性結果を確認してみた | DevelopersIO

Probely CLIで脆弱性チェックや!

Probely CLIをインストールして脆弱性結果を確認してみた | DevelopersIO
 DevelopersIOAug 13, 2025

Probely入門!DASTツール「Probely」を試してみた。
https://dev.classmethod.jp/articles/probely-dast-kdpn-2508/

#dev_classmethod #Snyk #セキュリティ

Probely入門!DASTツール「Probely」を試してみた。 | DevelopersIO

Probelyでスキャンしてみた

Probely入門!DASTツール「Probely」を試してみた。 | DevelopersIO
pat-sAug 11, 2025

#cve #security

I need advice in how to act in the following case:

A medium-big software vendor using #golang claims that the reported CVEs by #trivy and MS defender on their statically linked binaries are false-positives.
Only #snyk would give a "correct" result.

They are not willing to share their go.mod file to verify they are not using package version XY in them.

I am somewhat skeptical about this argument. What are my best chances to find a verifiable proof to this (other than attempting to exploit the vuln?)

Are trivy and MS Defender known for false-positives in such cases?

I am in a weird spot where multiple scanners flag (multiple) binaries, the company says "all good, nothing there, error on your (scanner) side" and I need to report to the security team with 2:1 scanners in favor of the vuln being present.

JacketAug 7, 2025
Played around with #snyk, a static vulnerability analysis tool. It flagged so much vulnerabilities in my now old university final project on github.  most of it was in the dependencies but there was some interesting ones in code. I think I will clean that as a project.