- Aug. 7, 2018
-- Snyk (https://snyk.io/)
, the leading solution for addressing vulnerabilities in open source libraries, successfully integrated into UK-based charity Comic Relief's Concourse CI deployment pipeline. The integration allowed Comic Relief to use Snyk to remediate vulnerable libraries, capitalizing on the agility of using open source and remaining secure. The organization did not initially have the resources to research each package for security posture or vulnerabilities, nor a strong understanding of which libraries should be updated or patched.
"We want to do justice to our donors. We don't want their data to be lost, we don't want their transaction to be declined, we want to be worthy of their trust," said Peter Vanhee, Engineering Practice Lead for Comic Relief. "With the automation that Snyk provides, we have been able to divert headcount from mundane manual security work to highly productive feature development. Due to Snyk alerting us on new vulnerabilities in the form of a pull request (that already include the "fix"), we have shrunk what would otherwise be a lengthy triage and remediate manual flow to a simple "merge" we can do in minutes."
As part of the deployment pipeline, Snyk has the ability to check the dependencies in use for vulnerabilities. If a vulnerability is found, the deployment could be stopped, based on the customers' security policy. If a new vulnerability is discovered by Snyk, or a new fix is available, either via an upgrade or a patch, Snyk will not only send a notification via email or slack but will open a Pull Request with the needed fix to the customer's source code management system.
"Comic Relief has to be risk averse, taking security incredibly seriously. Since integrating Snyk, the Comic Relief dev team can focus on developing their code, and rely on Snyk to secure their open source libraries," said Guy Podjarny, CEO, Snyk Ltd.
Comic Relief puts significant emphasis on growing junior developers. A key advantage of Snyk for the organization was the ease of fixing vulnerabilities through seamless integration with the developer tools and workflows.
Snyk is a developer-first security solution that helps you use open source code and stay secure. Building on its unique vulnerability database, Snyk continuously finds and fixes known vulnerabilities and license violations in open source dependencies. Snyk integrates seamlessly into the developer workflow, tightly integrating with source control (e.g. GitHub, BitBucket, GitLab), hooking into your CI/CD pipelines and continuously monitoring PaaS and Serverless apps in production. To learn more, visit https://snyk.io/