Snyk Integrated Into Google Chrome Lighthouse Auditing Tool

British software company Snyk on Thursday announced it's powering the audit meant to identify vulnerable JavaScript libraries in Google Chrome's Lighthouse, an open-source tool for reviewing and improving websites. The implementation of Snyk's solution supports the "Best Practices" audit feature that's live as of Chrome 63 and is meant to identify front-end JavaScript libraries with known security flaws. In practice, web developers should be able to leverage the highly automated tool to quickly discover critical information they need to address the most significant vulnerabilities in their website code, hence approaching the issue in a proactive manner.

The integration works regardless of whether you prefer Lighthouse as a node module or a browser extension, in addition to being featured as part of Chrome's own native developer tools. As a result of the new functionality, known JavaScript library vulnerabilities discovered as part of such inspections will result in a lower audit score and provide web developers with an in-depth report of every individual vulnerability identified following an examination of active libraries against Snyk's own database. Snyk Chief Executive Officer Guy Podjarny said recent research suggested approximately 37-percent of websites had at least one problematic client-side JavaScript library with a known security flaw as of early 2017, having noted how the London-based firm is hoping to significantly lower that figure with its newly announced Google partnership. As per the company's own study conducted more recently, 77-percent of the world's top 433,000 websites are using a JavaScript library with one or more known security vulnerabilities.

Companies like Snyk and the solutions they're providing to the community are some of the main arguments against the "security through obscurity" approach, having dedicated themselves to supporting and auditing open-source software with the goal of improving its overall resilience to being compromised. Snyk says its technologies allow developers to save time by being relatively automated and providing them with a reliable method of securing their dependencies in a swift manner.

Copyright ©2019 Android Headlines. All Rights Reserved
This post may contain affiliate links. See our privacy policy for more information.
You May Like These
More Like This:
About the Author
2018/10/2018-10-23.jpg

Dominik Bosnjak

Head Editor
Dominik started at AndroidHeadlines in 2016 and is the Head Editor of the site today. He’s approaching his first full decade in the media industry, with his background being primarily in technology, gaming, and entertainment. These days, his focus is more on the political side of the tech game, as well as data privacy issues, with him looking at both of those through the prism of Android. Contact him at [email protected]
Android Headlines We Are Hiring Apply Now