DigitalOcean: Fixing a critical Ruby Gem vulnerability within a day of disclosure

After integrating Snyk into their development lifecycle, DigitalOcean was able to fix two vulnerabilities in Nokogiri within a day of being notified! Such a quick turnaround when monitoring for vulnerable dependencies would not have been possible without Snyk. 

DigitalOcean, a cloud platform provider with offices in New York, NY, and Cambridge, MA, makes it simple for developers to build great software by offering transparent and affordable pricing, a simple and elegant user experience, a highly engaged developer community, and one of the most comprehensive libraries of open source resources in the world. Its development team delivers rapid feature development on multiple Rails applications and single-page web applications.

Challenges

Before DigitalOcean integrated Snyk into their development lifecycle, keeping up to date with the latest dependencies and vulnerabilities was carried out by individual technical leads on each of their projects. DigitalOcean needed a timely and pragmatic response to vulnerabilities in their third-party dependencies.

How Snyk helped

Snyk simplified the non-trivial task of scanning for vulnerabilities in DigitalOcean’s third-party libraries. By using this system, the DigitalOcean Application Security team is able to focus their efforts on scanning for vulnerabilities in the code and applications that are continuously produced by their development teams. Snyk makes it easier for the AppSec team to keep up-to-date with newly discovered vulnerabilities, and then resolve most issues quickly – with one click – with Snyk’s automated remediation system.

User Experience Matters

Snyk’s tools are built with the developer in mind and are designed to work seamlessly with existing tools and workflows

The Results

In June 2017, DigitalOcean was notified by Snyk of two vulnerabilities in Nokogiri. Nokogiri is an HTML, XML, SAX, and Reader parser, which has the ability to search documents via XPath or CSS3 selectors.

Over the course of a single work day, DigitalOcean was able to upgrade multiple services and internal libraries to a newer and safer Nokogiri version and then, following verification, production environments, roll them out to its pre-production.

Prior to using Snyk, the process of finding and fixing this type of vulnerability would have taken much longer, which meant that DigitalOcean was previously at risk of vulnerabilities being exploited for greater lengths of time. This is no longer the case. Our mission is to help you use open source code and stay secure.

Run a free test with Snyk now on your codebase! For more information about how you can leverage Snyk for your protection, reach out at contact@snyk.io