Why Origo uses Snyk to identify open source vulnerabilities

The Challenge: Securing open source dependencies

With eight different service offerings spread across various verticals, however, maintaining visibility into third-party security vulnerabilities is not easy. The company needed a solution that was not only highly usable (to guarantee developer adoption), but also provided sophisticated features for identifying critical vulnerabilities in open source code as it’s implemented and while running in production.

“Over the years, we’ve used more and more open source libraries and frameworks to build our products, but in doing so it’s become apparent that some of these libraries and frameworks have vulnerabilities,” explained Dan Godley, Head of Development at Origo. “We just didn’t have enough confidence we were including packages that were 100% secure.”

The Solution: Integrating Snyk within SDLC

Origo liked Snyk because of how easy it is to use and its ability to play well with current developer tooling. In particular, the company chose to integrate Snyk Open Source into multiple stages of its software development lifecycle (SDLC). Snyk Open Source detects vulnerabilities within third-party dependencies so that Origo can have confidence its services are up to the financial services industry’s security standards.

“What immediately struck me was how easy Snyk is to use, from logging in to setting up integrations with GitHub,” Godley said. “And then just having it scan and seeing the information that came out, bringing in Snyk was a pretty painless experience. It was as simple as a few clicks and keyboard strokes.”

The Impact: Fewer vulnerabilities = happy customers (and developers)

Introducing Snyk into Origo’s SDLC has dramatically improved the company’s security posture with its customers. Even better, developer adoption has been off the charts as teams have lowered the number of vulnerabilities across all of Origo’s service offerings. As a result, Origo can continue to safely deliver solutions that transform its customers.

“When we first started using Snyk, we found that there were a high number of vulnerabilities from third-party open source packages we had been using,” Godley stated. “Over a few weeks, we managed to get this number down to something more reasonable. But the sheer reduction in vulnerabilities we have now compared to only a few weeks or even a month ago is nothing short of incredible.”

À propos Origo

Origo is Scotland's longest-running FinTech provider dedicated to making financial services firms more performant. The company develops digital solutions to improve operational efficiencies, reduce costs, and accelerate time-to-value. With thousands of firms across the UK using their services, Origo's development teams continue to update them to support the latest versions of open source software packages and libraries.

Sécurisez votre code généré par l’IA

Créez un compte Snyk gratuitement pour sécuriser votre code généré par l’IA en quelques minutes. Vous pouvez également demander une démonstration avec un expert pour déterminer comment Snyk peut répondre à vos besoins en matière de sécurité des développeurs.

Aucune carte de paiement n’est demandée.

En vous connectant ou en vous inscrivant, vous consentez à respecter nos politiques, y compris nos Conditions générales de service et notre Politique de confidentialité