The Challenge: Scaling application security
Blue Prism’s main challenge was around application security. As the company’s portfolio grew to 12 products, the number of developer projects grew with it. The security scanning tool they were using wasn’t scalable enough to handle increasing application work streams. As Blue Prism continues to scale, it is comfortable knowing the Snyk platform is giving them full scanning coverage on every single application.
“Adopting Snyk helped us turbo charge our application security,” explained Scott Mitchell, Application Security Manager at Blue Prism. “In a matter of weeks, we went from only being able to scan one application project to scanning many projects at once with the Snyk product.”
The Solution: Rolling out Snyk for full coverage
After maximizing accreditation with its previous tool and still not meeting its growing application security needs, Blue Prism evaluated multiple security solutions. It chose Snyk because of its scalability, the developer-friendly way it detects vulnerabilities during coding, its ability to run automatically behind the scenes, and its integration with Microsoft Azure services.
“Snyk is very developer-friendly and its level of integrations impressed us.” said Scott Mitchell of Blue Prism. “During demos we found it could give us full coverage. I’m sure other suppliers we evaluated could do that too but when we had the hands-on demonstrations, Snyk stood out to us."
Ensuring Open Source License Compliance
Another Snyk feature that appealed to Blue Prism is compliance management. Snyk integrates open source license compliance into development workflows. This was a huge help to Blue Prism as they were struggling to assure compliance with the open source licenses in their projects as they released new products in new markets.
“Because the Snyk tool identifies open source license issues, it allows our developers to generate a clean, manageable report that they can send off to the legal team, saving developers days and days of work.” said Scott Mitchell.
The Impact: Dramatically increasing security scanning
Prior to Snyk, Blue Prism’s coverage for app scanning was limited to its primary product, representing only five percent of its app portfolio. Its sub-products and new products were going mostly unscanned, leaving the company vulnerable. Using Snyk Container and Snyk Open Source, Blue Prism has reached 100% coverage across the organization.
“Coverage was definitely a big metric for us,” explained Scott Mitchell. “We’ve moved from scanning a single product to the whole portfolio with Snyk. With a single bit of code going into production we can scan everything.”
All these scans have not slowed down development. In fact, development has sped up. By doing hundreds of scans a day, security vulnerabilities are discovered and addressed immediately, allowing developers to keep building apps without being interrupted.
“We used to sift through 25 different results per day, but now we’re seeing one issue every other day, and we can jump on it straight away.” said Dan Fuller, Application Security Engineer. “Developers love Snyk because it’s fully automated. The scans are fast so developers know right away about vulnerabilities. All they ever see is its benefits.”
Improved Ratio of Found/Fixed Vulnerabilities
Over the past nine months, as Blue Prism ramped up with Snyk, the number of new vulnerabilities found were slowly eclipsed by the number of vulnerabilities fixed.
For instance, critical vulnerabilities found in June 2021 were double the number of fixed vulns. But those numbers flip-flopped in October 2021 with the aid of Snyk tools: Fixes to critical vulns nearly doubled the amount of found vulnerabilities as newly discovered issues as well as issues in the backlog were fixed.
