Australia Post

Why the Australia Post chose Snyk for greater AppSec visibility


Evan Taylor

Cyber Defense Manager

業種: 行政機関
Location: Australia


Improved AppSec maturity with minimal disruption to over 200 developer workflows

Gained in-depth visibility into open source and container vulnerabilities

Increased scanning coverage using Snyk’s various integration points

Expanded Snyk implementation to cover proprietary code and infrastructure as code

The Challenge: Gaining greater visibility into potential vulnerabilities

With over 200 developers and a wide range of open source technologies in use at Australia Post, the company needed more visibility into potential vulnerabilities within its growing code base. After successfully implementing Snyk for open source dependencies, Australia Post has been expanding its capabilities to cover other aspects of its technology stack.

“As we looked at all the dependencies we have in our code base and the sheer number of technologies that we operate through the organization, we needed to really get a handle on the associated risks and vulnerabilities” stated Evan Taylor, Cyber Defense Manager at Australia Post.

The Solution: Simplifying application security with Snyk

After evaluating potential security tools, Australia Post chose to implement Snyk Open Source in large part because of its simplicity. The company wanted a solution that could operate with little to no manual interaction by developers, while also giving them the contextual information necessary to remediate vulnerabilities.

“The less impact we can have on a developer’s workflow the better, so the seamless integration aspect of Snyk was very important to us,” said Taylor. “The consumable data Snyk provides is actually what helps us turn the dial and uplift our security maturity”

Australia Post also recognized that the developer-friendly approach with Snyk Open Source made adoption easier for development teams, so rolling out Snyk’s additional products was the most seamless way forward. When Australia Post chose to begin a phased rollout of Snyk Container next, there was even less friction because developers were already familiar with the tool.

“As we had an existing integration with Snyk, it started to make sense to enable some of its other capabilities, such as Container, Code, or Infrastructure as Code, rather than implementing other tools,” Taylor explained.

The developer perspective was crucial

Taylor’s security team at Australia Post are well aware that the application security tools they choose aren’t consumed by them, but by the development teams. Because developers would be impacted by Snyk, it was crucial that they were part of the evaluation process from the start to get the most value out of the product.

“Our approach is to work directly with the development teams to understand the outcomes they’re looking for,” explained Taylor “and help them work security into the work that they’re doing rather than it being considered after the fact.”

The Impact: Improving maturity of application security practice

Snyk has enabled Australia Post to gain greater visibility into its code base by increasing scanning coverage using Snyk’s multiple integration options. In turn, this has helped the company reduce new and existing vulnerabilities.

“Our metric for success is less about the total amount of vulnerabilities, and more around the trends,” Taylor explained. “Over time, we’re starting to see the number of new vulnerabilities introduced into production environments reduce.”

In fact, Australia Post has been able to achieve an 84% reduction in critical vulnerabilities being merged from development into test over the past 6 months.  Besides reducing new vulnerabilities, Australia Post also cites developer engagement as an important success metric. It’s challenging for the security team to change the operational workflows of developers, so it’s been encouraging for the company to see development teams take the initiative to apply security principles and practices themselves using Snyk.

After the success of implementing security scanning for open source dependencies and containers, Australia Post is now focused on rolling out Snyk Code and is assessing Snyk Infrastructure as Code. This will enable the company to achieve comprehensive security for the modern application technology stack using one centralized solution.

“Snyk is an integral part of our developer workflow,” concluded Taylor. “The scans provide very valuable data when we’re doing security reviews and security testing, which helps teams prioritize remediation activities.”

Snykについて Australia Post

Australia Post は、オーストラリア最大の輸送ロジスティクス組織で、全国 1,240 万か所以上の配達拠点に郵便サービスを提供しています。さらに、郵便局での銀行サービス、銀行や銃器の申請時の本人確認など、さまざまなサービスを提供しています。

Patch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo Segment

Snyk (スニーク) は、デベロッパーセキュリティプラットフォームです。Snyk は、コードやオープンソースとその依存関係、コンテナや IaC (Infrastructure as a Code) における脆弱性を見つけるだけでなく、優先順位をつけて修正するためのツールです。世界最高峰の脆弱性データベースを基盤に、Snyk の脆弱性に関する専門家としての知見が提供されます。


© 2024 Snyk Limited
Registered in England and Wales