Customers

Origo

Why Origo uses Snyk to identify open source vulnerabilities

Customer Spotlight

Dan Godley

Head of Development

Industry: Finserv
Location: Scotland

Products Featured

Snyk Open Source

Use Case

Identifying open source vulnerabilities

Highlights:

Reduced risk exposure of Origo’s service offerings

Snyk’s usability ensured developer adoption and consistent scaling

Mitigated third-party dependency issues with Snyk Open Source

Gained greater confidence in the overall security posture of the company

The Challenge: Securing open source dependencies

With eight different service offerings spread across various verticals, however, maintaining visibility into third-party security vulnerabilities is not easy. The company needed a solution that was not only highly usable (to guarantee developer adoption), but also provided sophisticated features for identifying critical vulnerabilities in open source code as it’s implemented and while running in production.

“Over the years, we’ve used more and more open source libraries and frameworks to build our products, but in doing so it’s become apparent that some of these libraries and frameworks have vulnerabilities,” explained Dan Godley, Head of Development at Origo. “We just didn’t have enough confidence we were including packages that were 100% secure.”

The Solution: Integrating Snyk within SDLC

Origo liked Snyk because of how easy it is to use and its ability to play well with current developer tooling. In particular, the company chose to integrate Snyk Open Source into multiple stages of its software development lifecycle (SDLC). Snyk Open Source detects vulnerabilities within third-party dependencies so that Origo can have confidence its services are up to the financial services industry’s security standards.

“What immediately struck me was how easy Snyk is to use, from logging in to setting up integrations with GitHub,” Godley said. “And then just having it scan and seeing the information that came out, bringing in Snyk was a pretty painless experience. It was as simple as a few clicks and keyboard strokes.”

The Impact: Fewer vulnerabilities = happy customers (and developers)

Introducing Snyk into Origo’s SDLC has dramatically improved the company’s security posture with its customers. Even better, developer adoption has been off the charts as teams have lowered the number of vulnerabilities across all of Origo’s service offerings. As a result, Origo can continue to safely deliver solutions that transform its customers.

“When we first started using Snyk, we found that there were a high number of vulnerabilities from third-party open source packages we had been using,” Godley stated. “Over a few weeks, we managed to get this number down to something more reasonable. But the sheer reduction in vulnerabilities we have now compared to only a few weeks or even a month ago is nothing short of incredible.”

About Origo

Origo is Scotland's longest-running FinTech provider dedicated to making financial services firms more performant. The company develops digital solutions to improve operational efficiencies, reduce costs, and accelerate time-to-value. With thousands of firms across the UK using their services, Origo's development teams continue to update them to support the latest versions of open source software packages and libraries.

Start securing AI-generated code

Create your free Snyk account to start securing AI-generated code in minutes. Or book an expert demo to see how Snyk can fit your developer security use cases.

No credit card required.

Start free with GithubStart free with Google

Or Sign up with

SSOBitbucketAzure ADDocker ID

By logging in or signing up, you agree to abide by our policies, including our Terms of Service and Privacy Policy

Patch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo Segment

Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer’s toolkit.

Start freeBook a live demo

Product

What is Snyk?Snyk Code (SAST)Snyk Open Source (SCA)Snyk ContainerSnyk Infrastructure as CodeSnyk AppRisk (ASPM)Developer Security PlatformApplication securitySoftware supply chain securitySecure AI-generated code DeepCode AIPricingDeployment optionsIntegrationsIDE pluginsGit SecurityCI/CD pipelines securitySnyk CLISnyk LearnSnyk for JavaScript

Resources

DocumentationSnyk API DocsAPI statusDisclosed vulnerabilitiesSupport portal & FAQ’sBlogSecurity fundamentalsResources for security leadersResources for ethical hackersVulnerability DatabaseSnyk OSS AdvisorSnyk Top 10VideosCustomer resources

Company

AboutCustomersCareersEventsSnyk for governmentPress kitSecurity & trustLegal termsPrivacyFor California residents: Do not sell my personal informationWebsite Terms of Use

Connect

Book a live demoContact usSupportReport a new vuln

Security

Application SecurityContainer SecuritySupply Chain SecurityJavaScript SecurityOpen Source SecurityAWS SecuritySecure SDLCSecurity postureSecure codingEthical HackingAI in cybersecurityCode CheckerPythonEnterprise CybersecurityJavaScriptSnyk With GitHubSnyk vs VeracodeSnyk vs Checkmarx

© 2024 Snyk Limited
Registered in England and Wales

logo-devseccon