Volt Bank evolves build pipeline with Snyk to enable
secure and compliant customer experience

Highlights

  • Ridiculously easy to work with – tremendous value in the Snyk relationship, with periodic touchpoints, feedback on how the solution is being used, helping derive more value from the solution
  • Integration – Snyk supported a small nimble team that needs to move fast with a lightweight SaaS implementation
  • Dev-First – ease of use within our devops and reporting systems provides the capabilities to support our security and compliance rules

The Challenge:

Banks in Australia need to comply with APRA banking act (Australian Prudential Regulation Authority). Volt needed to remove vulnerabilities in their digital presence. Part of this required segregation of duties between build and deploy operations, but with a seamless workflow via Git repository between the group that builds the code and the group that reviews it. For a tools and services team that is tasked with allowing devops to function quickly, allowing timely creation of new repositories with set rules, including security, presented complications.

One of the biggest challenges Volt had was visibility into security issues. While the devops group can have good tools available it’s up to the developer teams to use them, especially when the tools are set in silos. If a tool is difficult to use, or a developer isn’t strong in security, it’s difficult to know if the security weaknesses are getting addressed. The challenge is further complicated in a rapid development environment dependent on open source.

“We had an immature build pipeline. Collaborating with our security architect we needed a security solution that fit into the workflow test for vulnerabilities.”

The Solution:

Volt needed to close the developer feedback loop, and collecting metrics and building dashboards was necessary. Snyk was able to fit in and support this need by showing high, medium and low vulnerabilities back to developers which helped them understand the nature of the challenge and progress. Snyk’s ability to easily fit into the developer workstream was critical to project success. For example, Snyk’s integration with Jira allowed developers to create a ticket straight from Snyk.

“We have confidence our build pipelines are secure, as well as the deployment tools and processes enabling them.”

The Outcome:

Now Volt has Snyk implemented across development in container image workstreams. With Snyk installed on a docker image, third-party libraries are scanned once the image is created. Additionally, daily scans are performed by Snyk on the latest Docker images. This ensures any new vulnerabilities are flagged as soon as possible.

“Snyk’s ability to easily fit into the developer workstream was critical to project success.”