https://snyk.io/wp-content/uploads/blog-head-default.png

Snyk is available on the GOV.UK Digital Marketplace!

June 1, 2017 | in Product
| By Guy Podjarny

Snyk Enterprise is now available on the UK government G-Cloud digital marketplace! Government services can now easily use Snyk to protect their applications against known vulnerabilities in their dependencies—an increasingly important consideration.

The other week, ransomware infected roughly a quarter of a million systems in over 150 countries. The WannaCry attack, as it was dubbed, was yet another example in the recent flood of ransomware attacks where data is either removed or encrypted, replaced with a ransom note requiring payment. WannaCry took advantage of a vulnerability on certain versions of Windows that enabled it to gain control over a system and trigger the attack. Among the more notable targets was Britain’s National Health Service (NHS)—resulting in canceled surgeries and other disruptions.

Most of the attention has been given to the ransomware itself—where it came from and who conducted the attack. Why it worked is much less interesting, because it’s much more typical. The vulnerabilities had been patched and a good while earlier, but the infected systems had never applied the updates. For the NHS, it was a conscience decision not to pay for the necessary upgrades.

We’ve seen this in many forms over the years—unpatched and out-of-date software, on server or client machines, leaves companies and individuals exposed. As vulnerabilities are discovered and disclosed, they become a popular point of attack: they’re well documented and widely spread.

This issue isn’t resigned to operating systems. It also impacts any code you are pulling into your sites and applications. In May alone, we’ve added over 120 known vulnerabilities to our open-source database. Each one presents a potential chink in your digital armor—a potential path for attackers to exploit.

But unlike the software upgrades that would have protected services from the WannaCry attack, the updates that fix these vulnerabilities are freely available if you know where to look and how to apply them. That’s where Snyk comes in. Government services can now use Snyk to test and monitor their applications, alerting them to any known vulnerabilities, and even fixing the vulnerabilities with a GitHub pull request or terminal command.

To get started using Snyk for your government projects, check out the official listing on the GOV.UK Digital Marketplace, or simply go ahead and test your repos!