Mitigate the hidden security risks of open source software libraries

Created: Jun 19, 2023

Check your source code for any vulnerable libraries and start mitigating these issues

Open source software libraries have become an integral part of modern software development. They are widely used by developers to accelerate the development process and reduce costs. On average, open source libraries make up 70-90% of an entire software application. However, the use of open source libraries also comes with hidden security risks that could potentially harm your organization’s reputation and financial well-being.

Level up your security skillset with New Relic

Created: May 15, 2023

Not every developer is a security expert, but use these tips to improve your skills

In today’s digital age, security is a major concern for individuals and organizations alike. With the increasing number of cyber-attacks and data breaches, it’s crucial for developers to have a thorough understanding of security best practices. The security of an application is of the utmost importance, as it can directly impact the safety and privacy of users’ data.

Updated Snyk Webhook Integration with New Relic

Created: Apr 12, 2023

In a recent post I wrote about the ability to send all your application security vulnerabilities found by Snyk directly to your New Relic observability platform.

Now, New Relic made it even easier to achieve that by providing a dedicated security ingest processor that ‘understands’ the payload from a Snyk webhook. All the details on how to get started, create and configure a Snyk webhook to send into your New Relic account is provided in this docs page: https://docs.newrelic.com/docs/vulnerability-management/integrations/snyk/

How to send Snyk vulnerability data to the New Relic observability platform

Created: Oct 21, 2022

Security and observability data go hand in hand when it comes to application health. If you can put those two sources of data behind a single pane of glass you can make your life a lot easier. By leveraging the different options that the Snyk platform provides, you can send all your application security vulnerabilities found by Snyk directly to your New Relic observability platform. Let’s see how!

Prerequisites

Here are all the necessary links to get started:

Snyk Integration Capabilities with WebHooks - some examples

Created: Sep 19, 2022

TL;DR

Integrate your Snyk application security platform by leveraging webhooks into various other external systems such as Microsoft Teams, Azure DevOps Boards, New Relic, DataDog and Splunk.

Here are all the necessary links to get started:

Background

In the past few weeks I have been quite busy in my spare time to think about new ways of integrating the Snyk application security platform with various other systems and especially also observability platforms. These ideas are typically triggered through customer interactions, their questions or requirements. Due to my nature and passion, I typically don’t just think about potential integrations and architectures, but really can’t help but also implement a quick prototype. That is what I am passionate about.

Forward Snyk Vulnerability data to Splunk Observability Cloud

Created: Sep 13, 2022

TL;DR

Leverage a Prometheus Exporter to send all your application security vulnerabilities from Snyk into Splunk.

Here are all the necessary links to get started:

Snyk Exporter: https://github.com/lunarway/snyk_exporter
Splunk OpenTelemetry Collector for Kubernetes: https://docs.splunk.com/Observability/gdi/opentelemetry/install-k8s.html#otel-install-k8s

Update (2022-09-22)

The option that I am describing here is just one way to achieve this. There might even be a more straight forward option available that I started to describe in a more recent post. Please find an additional approach in my post Snyk Integration Capabilities with WebHooks - some examples.

How to send Snyk Vulnerability data to New Relic using Prometheus?

Created: Jul 26, 2022

TL;DR

By leveraging a Prometheus Exporter you can send all your application security vulnerabilities from Snyk into New Relic.

Here are all the necessary links to get started:

Snyk Exporter: https://github.com/lunarway/snyk_exporter
New Relic Kubernetes integration: https://docs.newrelic.com/docs/infrastructure/prometheus-integrations/get-started/send-prometheus-metric-data-new-relic/
New Relic Instant Observability Quickstart: https://newrelic.com/instant-observability/?search=snyk

Update (2022-09-22)

Year 2021 Reflection - What's next in 2022?

Created: Jan 10, 2022

As I reflect on the past year 2021, I have to say that I am very thankful for all the nice and passionate people I met and opportunities I had to make connections – most virtually, but quite a few also in person. It is still a tough time for everyone to be in, but the most important thing is to stay positive and optimistic about the future.

As many of my close friends and connections on various social channels know, 2021 has also been a year of change for me personally. After a remarkably interesting and thriving time at New Relic where I met the most interesting people, I decided that it is time for me to focus on something I have been passionate about for all my professional career. And that is software! I wanted to get closer to where my heart and passion is.

Visual Studio Code REST Client Scripting

Created: Jan 04, 2022

Postman is a great tool to showcase how APIs work. The collections for commercetools are very sophisticated and provide all the details you need in order to demo their capabilities.

However, sometimes it is just great to know alternative ways to demo certain aspects. Especially from a developer perspective, Visual Studio Code seems to be the de-facto standard nowadays. VS Code has a huge ecosystem of extensions available … and one of these is REST Client created by Huachao Mao. Here is the link to the GitHub project also with documentation and additional examples. REST Client allows you to send HTTP request and view the response in Visual Studio Code directly.

New Relic Microsoft Teams App

Created: Feb 24, 2021

I am working with a global enterprise on rolling out the entire New Relic platform capabilities across their organization. The technical teams are happy and very confident in using the New Relic One platform. They have pretty much all the information they need and get all the way from high-level overviews of their entire stack down to code-level views.

However, for management and executive leadership it is hard to get an overview themselves. This is due to the fact that this user group typically does not have New Relic user accounts and can’t look at any dashboards, etc. The requirement is also that this user group does not need to log into “another tool” just to get an overview of how their business is performing. Their leadership team lives and breathes in Microsoft Teams.