How Panther Labs Leverages Snyk for Comprehensive Security

Highlights

  • Gaining enterprise-level visibility into source code and open source dependencies
  • Delivering improved security posture to assure customer confidence 
  • Automating vulnerability scanning within GitHub pull requests
  • Saving developers time through automated SAST 
  • Ensuring compliance with SOC2 regulations

The Challenge: Outdated security practices were difficult to scale

Panther had multiple security practices in place, however the growing customer base made manual security practices difficult to maintain at scale. Additionally, the company needed to ensure their security program continued to meet SOC2 standards. To help the business scale and continue to meet compliance requirements, Panther sought to adopt new and improved security practices to automate application security in multiple languages and quality assurance throughout the software development life cycle (SDLC). This required new tooling that supported vulnerability detection in Go, Python, and Javascript, across both open source dependencies and custom code. With a small team of engineers, Panther needed a security solution that offered comprehensive protection that enabled rapid development practices at scale.  

“Our customers want to know what we’re doing to protect their data,” said Joren McReynolds, Director of Engineering at Panther Labs. “A core component of that protection is ensuring our product’s code is intelligently, and automatically, scrutinized for vulnerabilities, whether introduced via package dependencies or code we have written ourselves. We want to ensure that every piece of code that goes out our door keeps our customer’s information secure.”  

The Solution: Enabling fast decisions and automated remediation  

Panther considered multiple products when searching for an automated security scanning solution. After evaluating both open source and commercial solutions, Snyk Open Source and Snyk Code proved to offer the most developer-focused, context-aware, and actionable security outcomes. Additionally, by analyzing and validating code during pull requests, Snyk allowed engineers to catch issues early on in the development process, enabling Panther to quickly and efficiently remediate issues themselves. 

“We saw that Snyk really enables our engineers to make fast decisions,” McReynolds said. “It arms our engineers with knowledge to make safer decisions about upgrades or fixes to our own code, packages, or third party dependencies. They see that an upgrade is needed, but they also see details about the effort required to upgrade. In many cases, Snyk’s automation makes remediation possible by simply clicking a green button in GitHub to merge the automatically generated Pull Request.”

Snyk Code enables timely vulnerability fixes

Panther discovered that Snyk could enable their development team to begin applying security scanning early during the build phase with automated static application security testing (SAST). Panther adopted Snyk Code to enable vulnerability awareness as early as possible within developer workflows. During their evaluation period, Panther found that other SAST tools were limited by lengthy scan times, poor accuracy, and/or limited depth and breadth. Snyk Code, however, is designed to deliver efficient and actionable suggestions for vulnerability fixes immediately as developers write code prior to deployment. 

“Snyk Code gave us a net new capability to add to our arsenal,” said McReynolds. “It analyzes code we write, quickly, and provides legitimate, actionable information that engineers can use during development and within build workflows. The Snyk view lets engineers quickly see any code issues, other sources for that issue, as well as how other engineers in the industry have fixed the issue. It gives us meaningful static analysis results that we can take action on immediately.” 

Providing comprehensive open source code security

As a security provider, Panther works with large-scale customers for whom it’s imperative that code and open source libraries are actively monitored for vulnerabilities. Snyk Open Source monitors every dependency and allows Panther to identify and fix crucial issues as soon as they appear. Snyk provides actionable guidance to remediate any security issues discovered. Snyk also helps developers save time when fixing issues by prioritizing them by severity and potential impact.

“There’s no other product like Snyk from a comprehensive perspective,” said McReynolds. “Snyk consistently finds more vulnerable packages, more quickly, than any other product. Others are just languishing comparatively. ” 

The Impact: Delivering confidence with integrated security at scale 

Panther’s implementation of Snyk’s powerful SAST solution combined with open source dependency scanning ensures in-depth and actionable security tasks are delivered directly to engineers without complicating their workflows or requiring them to become security experts. Additionally, Snyk integrates into their build process and helps prioritize vulnerabilities to accelerate remediation. In this way, Snyk has allowed Panther to scale its business while providing complete visibility and improved software quality for the innovative features their customers want.

“Snyk really lets us scale our business quickly,” said McReynolds. “Snyk automatically integrates with GitHub. So we just click a few buttons and we’re off to the races. I don’t need to hire a full time person to focus on vulnerabilities or analyze our code every day. We can focus on development and still know that our applications are being analyzed for vulnerable package dependencies and our code base has been analyzed thoroughly. It’s a strong internal story and a story for our customers.” 

With Snyk, Panther has enabled an engineering-centric approach to security without slowing down deployment. Snyk’s automated solutions detect code issues and security vulnerabilities before code gets merged, so that Panther’s engineering teams know that security has been validated before the application ever gets to staging or production environments. Each of these actions also helps Panther maintain SOC2 compliance among other standards. 

“Ultimately, Snyk let’s us focus on growing our business rather than focusing on difficult security challenges we’re not uniquely positioned to solve ourselves,” said McReynolds. “We’re quite happy with the ROI we get with Snyk, it not only helps us meet compliance obligations, but actually delivers meaningful, actionable results that improve the security of our product. As a result, we have confidence in the code quality we’re delivering to our customers.”