Segment adopts Snyk to gain comprehensive open source security coverage

The Problem

Segment uses a wide variety of open source packages throughout its platform and wanted to maintain the highest security level possible. The solution used thus far, provided by Github, was not sufficient because it was not used by developers to actually fix vulnerabilities. In addition, the security coverage was lower than expected and not all languages were supported.

A stronger security coverage with Snyk

Snyk was able to meet these needs:

1. The security coverage is more comprehensive and Snyk reported vulnerabilities that were not picked up by other evaluated solutions.

2. It was quickly adopted by developers who enjoyed the fact that the platform offers easy to implement fixes for vulnerabilities.

3. The platform supports a wide range of languages, including Go, which is commonly used in Segment’s infrastructure.

“We didn’t trust the security coverage (provided by other evaluated solutions) was comprehensive enough, which later comparing to Snyk was indeed clear… When the eslint-scope vulnerability came out it was easy to find which repositories were vulnerable, allowing us to upgrade or remove the dependency.”

Other vendors were reviewed as well, but they offered a less comprehensive vulnerability coverage, and did not detect some of the vulnerabilities found by Snyk. Other vendors lacked an integration with Github, which was crucial.

"Snyk integration with Github allowed us to get up running with no work. 2 days after we purchased, we already had Snyk monitoring 1,200 repositories.”

Dev-first approach

As an example of the developer security ownership that Snyk enabled, one of Segment’s developers took it upon himself, without any request from the security team, to clean up all the vulnerabilities detected by Snyk. Removing or upgrading all vulnerable dependencies took less than a day.

The cleanup iterations are presented on Snyk’s UI, where each row presents the issues known at that time. All issues were quickly fixed and resolved within 19 hours.

Snyk API was used to easily integrate with key Segment internal monitoring tools

Snyk’s API was incorporated into Segment’s asset management tool, making it  easier to track the overall vulnerability status within the existing workflow of the company. Snyk maintains an API-first approach, according to which all new capabilities are introduced to the API even before they are added to the UI. Learn more here.

A screenshot of Directory, Segment’s internal monitoring tool. Segment created a dedicated tab for Snyk test results and recommendations using Snyk’s API.

The Snyk team open and agile approach makes a big difference

Snyk’s team offers an open and supportive approach, listens to requests raised by the customer and is eager to support them. The team is quick to introduce new features, with fast releases that answer its customers needs. Communication channels are open and engage Snyk’s team to interact with the customer, which offers quick solutions in return.

“One of the main things that were really important for me was getting along with the vendor team. If something wasn’t provided out of the box the team was eager to help make things work. It really seems like the team is listening and incorporating feedback into the product roadmap.”