Skyscanner Implements Snyk to Reduce Security Exposure Within Days

LONDON - July 24, 2018 - PRLog -- Snyk (https://snyk.io/), the leading solution for addressing vulnerabilities in open source libraries, was successfully implemented with Skyscanner, a travel fare aggregator website, and by applying a Snyk patch was able to fix high severity issues that affected multiple projects.

Skyscanner delivers a high traffic website and app, develops rapidly and at scale, and all the while needs to maintain a secure platform.

Skyscanner's security team wanted to ensure that tracking down areas of exposure was efficient, as the company did not have a centralized inventory to monitor which projects used which dependencies. Integrating Snyk allowed Skyscanner consolidated visibility into which dependencies their projects were directly or transitively using.

"We liked the fact that there is a multiple, layered approach. Snyk works well with how we do security here at Skyscanner. Instead of the security team being the gatekeepers and reviewing every line of code and sign off everything, we can empower our developers," said Alex Harriss, Security Engineer at Skyscanner. "Snyk is one of the most important security tools we use at Skyscanner. You'll realize how important it is when you actually get it integrated. This layered approach allows engineering teams to make use of Snyk according to their needs and we [the security team] would know that we are able to catch vulnerabilities at some point along the way."

The Skyscanner security engineering team was able to empower the development team to take responsibility for the security of their open source dependencies.

"The Snyk vulnerability database shows exactly which versions of a dependency are vulnerable and how you can remediate it. By using the Snyk remediation tools, such as the integration with GitLab and opening a merge request, Skyscanner's developers were able to start fixing vulnerabilities in their code base by applying upgrades or Snyk patches," said Guy Podjarny, CEO, Snyk Ltd. "Integrating Snyk allowed Skyscanner consolidated visibility into which dependencies their projects were directly or transitively using."

Very early on in the rollout, Skyscanner was alerted to a severe vulnerability in QS (https://snyk.io/vuln/npm:qs:20170213) which was used in one of its base project templates. The base project template contained multiple libraries and acted as the basis of multiple projects. Skyscanner was able to use a Snyk patch to fix the vulnerability across all of the projects. This reduced their security exposure significantly as hundreds of projects that used the base template were then protected.

Today, Skyscanner monitors nearly 500 separate projects with Snyk, and is able to understand the state of their security and address both their vulnerability and licensing issues.

About Snyk

Snyk is a developer-first security solution that helps you use open source code and stay secure. Building on its unique vulnerability database, Snyk continuously finds and fixes known vulnerabilities and license violations in open source dependencies. Snyk integrates seamlessly into the developer workflow, tightly integrating with source control (e.g. GitHub, BitBucket, GitLab), hooking into your CI/CD pipelines and continuously monitoring PaaS and Serverless apps in production. To learn more, visithttps://snyk.io/