The Challenge: Inaccurate and time-consuming security scans with a lack of visibility
Mollie offers an all-in-one solution that simplifies payments and money management. Currently, the company serves more than 250,000 businesses across Europe.
Approximately 300 developers work diligently to build and maintain the payments platform. These developers are supported by a dedicated security engineering team tasked with addressing their security challenges.
The security engineering team encountered obstacles with their existing security scanning solution. Slow scan times, a cumbersome user interface, and a lack of a clear, actionable dashboard hindered efficient vulnerability management and prioritization.
"We had to dedicate significant time to resolving issues and maintaining custom scanning solutions. Furthermore, the high volume of false positives from these tools burdened developers with time-consuming triage processes, hindering the overall adoption of security vulnerability management."
The Solution: Snyk Enterprise with Code and Open Source
The Mollie team recognized the need for a more reliable and usable scanning solution. Using a comprehensive list of technical requirements, they conducted several proof-of-concept evaluations with different leading application security scanning tools. The team selected Snyk Enterprise with Code and Open Source as the best fit for their needs and technical requirements.
"Snyk emerged as a frontrunner due to several key differentiators: the high quality and speed of its SAST engine, enabling fast pipeline scans; its ability to prioritize production dependency vulnerabilities; and its robust vulnerability management dashboard capabilities."
They also appreciated its seamless integration with the developers’ IDEs, user-friendly interface, and extensive support with their program languages.
The Impact: New levels of efficiency, developer adoption, and visibility
Within a few months of Snyk’s implementation, Mollie’s security engineering team saw a much stronger security posture. A few of their most significant improvements include:
Improved performance and efficiency: The team spends a fraction of the time it used to take in order to find and fix vulnerabilities. Snyk’s fast pipeline scans minimize developers' wait times during the build process, especially for large codebases. Due to the 100% uptime of the scanner engine, they no longer waste time and resources fixing and maintaining the solution. The team also took advantage of Snyk’s triage feature based on score, exploitability and fix-availability to prioritize their actions.
Seamless integration into developer workflow: Snyk integrates seamlessly with the developers’ existing workflows, significantly increasing developer adoption and promoting a shift-left security strategy.
Enhanced developer efficiency: Snyk has dramatically reduced noise for Mollie's development teams by slashing false positive rates by over 50%. Additionally, Snyk's ability to focus scans on production dependencies minimizes distractions and boosts efficiency.
Improved visibility for the security team: Snyk’s reporting and dashboard features have increased the observability of security issues across all applications, including emerging CVEs on dependencies shipped to production.
"Snyk has helped us make significant strides in shifting security left and increasing developer adoption by integrating security testing directly into developers' IDEs and making security tasks less cumbersome and time-consuming."
Thanks to Snyk Enterprise, Mollie’s security team has exceeded their AppSec metrics for success. They have significantly increased scan coverage across the Supply Chain Management, improved mean time to fix for all vulnerability severity levels, and seen a significant improvement in efficiency through noise reduction and prioritization of vulnerabilities. Overall, the Mollie team has made significant progress shifting security left and looks forward to continued successes in the future.