Director of Technology Incubation

Director of Engineering

Snyk AI-BOM is now available for Snyk users to try! It features a Python script that uses the Snyk AI-BOM API - check it out now.

Find Shadow AI Usage with Snyk AI-BOM Scanner: Try it Now

What is the “Cursor + Jira MCP 0-Click” vulnerability?

What’s in Your AI? Probably Something You Can’t Explain. Meet Snyk AI-BOM.

See Your MCPs in Snyk’s AI Bill of Materials (AI-BOM)

Unmasking the Toxic Flow Analysis: A Principled Approach to Hardening AI Agent Security

Red Team Your LLM Agents Before Attackers Do

What’s Your Model Hiding? Preview the Snyk GenAI Model Risk Registry

Step into the Lab

Snyk Contributes New MCP Security Controls to the OWASP LLM Security Verification Standard

In Localhost We Trust: Exploring Vulnerabilities in Cortex.cpp, Jan’s AI Engine

Vibe Coding with Claude Agentic AI Tool

Multi-Agentic System Threat Modelling Guide

AWS Whitepaper: Navigating the Security Landscape of Generative AI

Announcing the CoSAI Principles for Secure-by-Design Agentic Systems

Partner Research

Where security meets curiosity

Explore Snyk Labs for cutting-edge AI security research, LLM insights, and innovative AI in security experiments to secure your AI-native applications. 

AI Security Research & Experiments for AI-Native Apps | Snyk Labs

Bear is a tool that generates a compilation database for clang tooling.

This repo is to demonstrate the file traversal hack which uses a vulnerability in the Instant Markdown VSCode extension 

A set of custom GitHub actions providing additional functionality when integrating Snyk into your Actions CI/CD pipeline.

A tool to scan Snyk AI-BOMs for specific components in Snyk organizations

Open source chat kit engineered for seamless interaction with AI models.

A simple web application that makes it easy for employees at your company to see and promote content you're creating! 

Apply Custom Role to a list of users in each Org of a Group

An Awesome List of Log4Shell resources to help you stay informed and secure! 🔒

Count the number of contributing developers to an Azure Repos organization in the last 90 days

test and monitor bazel targets for vulnerabilities in external open source dependencies, uses bazel query output

Migrate Snyk v1 Code Ignores to Snyk Code Consistent Ignores

npx command for updating users Snyk CLI for @snyk/protect

Docker goof version of breaking into a container

This project aims to aggregate information about various events happening in the tech space by pulling down relevant information from a variety of external sources.

A demo repo showcasing Snyk's Docker offering

A ESLint configuration package for React developers who want to avoid security mistakes.

ESLint plugin with rules for finding security issues in React projects.

A step by step workshop to exploit various vulnerabilities in Node.js and Java applications

This is a demo of how to get started with Snyk's Snowflake integration. More info on this integration can be found in Snyk docs.

Scans your Github Actions for security issues

Check images in your charts for vulnerabilities

Some basic Infrastructure-as-Code examples to accompany blogs

Snyk IaC to Cloud Custom Rules is in beta. This repository contains example custom rules to help you get started.

This repository goes with the Snyk Blog post on Writing Unit Tests in Java

Approximate call graph builder for JavaScript

An experimental tool for working with Snyk and Kubernetes

Lint an npm or yarn lockfile to analyze and detect security issues

A modern JavaScript utility library delivering modularity, performance, & extras.

MCP Server for the Node.js API documentation

An MCP server for NPM JavaScript Package Management tools

A Node.js tracing and instrumentation utility

Best practices to containerize Node.js web applications with Docker

Tiny helper to protect against Prototype Pollution vulnerabilities in your application regardless if they introduced in your own code or in 3rd-party code

safely install packages with npm or yarn by auditing them as part of your install process

repository of images that define OSS project type and support level to be included in the README of Snyk open source projects

This project is intended to serve as a proof of concept to demonstrate exploiting the vulnerability in the PDF.js (pdfjs-dist) library reported in CVE-2024-4367

Snyk PHP Goof - A vulnerable PHP demo application

Python script to query SBOM Test API and keep track of changes in vulnerabilities

bazel (starlark) rules to test and monitor targets for vulnerabilities in external open source dependencies

convert cyclone dx sbom to snyk depgraph and test or monitor it for open source issues

Snyk CLI extension for example List Projects command

A vulnerable Serverless application deployed on GCF

Demonstrates and visualizes adversarial attacks against image classification models. The project implements several popular attack methods and provides detailed visualizations of the perturbations and their effects.

Snyk API Typescript client generated from API Blueprints

Collection of docker entrypoints that facilitate snyk '--all-projects'-style bulk scanning

Python scripts for bulk modification of Organization settings

Examples of integrating the Snyk CLI into a CI/CD system

A wrapper for Snyk CLI that transforms security scan results into grumpy, sarcastic commentary from an experienced security "greybeard" using OpenAI.

Tool to automate the importing of an AWS Organization in to Snyk Cloud

monitor your on-premise Artifactory container images for vulnerabilities in Snyk

Inputs a Snyk Report style CSV and ignores everything

retrieve all dependencies for all orgs in a group

A POC showing how to use Snyk IaC product in PR checks

Project to provide a high level summary of projects in an organization in a single CSV

Simple tool to generate a list of repositories that aren't in Snyk

Queue based request manager to throttle and retry interaction with Snyk API endpoints

A way to ensure your GitHub Repos are monitored by Snyk

Keeps Snyk projects in sync with their associated Github repos

A Go CLI tool to synchronize a Snyk SSO user memberships to Group and Orgs across 2 domains

CLI tool designed to manage tags and attributes at scale

Show open source vulnerabilities from Snyk in ThreadFix

For Snyk CLI, ignore all issues introduced through a given set of dependencies

sync user org memberships from an external source into Snyk

Mitigate security concerns of Dependency Confusion supply chain security risks

A demo repo showcasing Snyk's IAC offering for terraform

TEMPORARY: Super vulnerable todo list application

Dependency Frost game version for Snyk embed

Find Shadow AI Usage with Snyk AI-BOM Scanner: Try it Now

Latest Demos and Research

Step into the Lab

Vibe Coding with Claude Agentic AI Tool

Partner Research

Where security meets curiosity

Explore projects from Snyk Labs