Why Origo uses Snyk to identify open source vulnerabilities

お客様の声

Dan Godley

Head of Development

業種: Finserv
Location: Scotland

Products Featured

Snyk Open Source

Use Case

Identifying open source vulnerabilities

ハイライト:

Reduced risk exposure of Origo’s service offerings

Snyk’s usability ensured developer adoption and consistent scaling

Mitigated third-party dependency issues with Snyk Open Source

Gained greater confidence in the overall security posture of the company

The Challenge: Securing open source dependencies

With eight different service offerings spread across various verticals, however, maintaining visibility into third-party security vulnerabilities is not easy. The company needed a solution that was not only highly usable (to guarantee developer adoption), but also provided sophisticated features for identifying critical vulnerabilities in open source code as it’s implemented and while running in production.

“Over the years, we’ve used more and more open source libraries and frameworks to build our products, but in doing so it’s become apparent that some of these libraries and frameworks have vulnerabilities,” explained Dan Godley, Head of Development at Origo. “We just didn’t have enough confidence we were including packages that were 100% secure.”

The Solution: Integrating Snyk within SDLC

Origo liked Snyk because of how easy it is to use and its ability to play well with current developer tooling. In particular, the company chose to integrate Snyk Open Source into multiple stages of its software development lifecycle (SDLC). Snyk Open Source detects vulnerabilities within third-party dependencies so that Origo can have confidence its services are up to the financial services industry’s security standards.

“What immediately struck me was how easy Snyk is to use, from logging in to setting up integrations with GitHub,” Godley said. “And then just having it scan and seeing the information that came out, bringing in Snyk was a pretty painless experience. It was as simple as a few clicks and keyboard strokes.”

The Impact: Fewer vulnerabilities = happy customers (and developers)

Introducing Snyk into Origo’s SDLC has dramatically improved the company’s security posture with its customers. Even better, developer adoption has been off the charts as teams have lowered the number of vulnerabilities across all of Origo’s service offerings. As a result, Origo can continue to safely deliver solutions that transform its customers.

“When we first started using Snyk, we found that there were a high number of vulnerabilities from third-party open source packages we had been using,” Godley stated. “Over a few weeks, we managed to get this number down to something more reasonable. But the sheer reduction in vulnerabilities we have now compared to only a few weeks or even a month ago is nothing short of incredible.”

Snyk について Origo

Origo is Scotland's longest-running FinTech provider dedicated to making financial services firms more performant. The company develops digital solutions to improve operational efficiencies, reduce costs, and accelerate time-to-value. With thousands of firms across the UK using their services, Origo's development teams continue to update them to support the latest versions of open source software packages and libraries.

Patch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo Segment

Snyk (スニーク) は、デベロッパーセキュリティプラットフォームです。Snyk は、コードやオープンソースとその依存関係、コンテナや IaC (Infrastructure as a Code) における脆弱性を見つけるだけでなく、優先順位をつけて修正するためのツールです。世界最高峰の脆弱性データベースを基盤に、Snyk の脆弱性に関する専門家としての知見が提供されます。

無料で始める資料請求

© 2024 Snyk Limited
Registered in England and Wales

logo-devseccon