LONDON, Dec. 20, 2017 /PRNewswire/ -- Snyk, the leading solution for addressing vulnerabilities in open source libraries, successfully integrated with DigitalOcean, a cloud platform provider, to notify the company of two significant vulnerabilities in Nokogiri, allowing DigitalOcean to fix both in under 24 hours.
Prior to engaging with Snyk, keeping up to date with the latest dependencies and vulnerabilities was carried out by DigitalOcean's individual technical leads on each of their projects. DigitalOcean needed a timely and pragmatic response to vulnerabilities in their third-party dependencies.
"Supply-chain vulnerabilities constitute some of the most preventable vulnerabilities, and are also the most costly in terms of company reputation and blast radius of affected systems. You need to continuously scan for vulnerabilities, and mitigate found vulnerabilities, in your operating systems, applications and libraries," said Tom Czarniecki, Tech Lead and Architect of Application Security of DigitalOcean.
Following notification by Snyk and DigitalOcean's internal impact analysis, DigitalOcean found that the vulnerabilities exposed were in-line for most of their request processing so it became critical to upgrade the version of Nokogiri that was used in their front-door applications. "Such a quick turnaround could not have happened when monitoring for vulnerable dependencies without Snyk," Czarniecki added.
"Snyk simplified the non-trivial task of scanning for vulnerabilities in DigitalOcean's third-party libraries allowing the DigitalOcean application security team to focus their efforts on scanning for vulnerabilities in the code and applications that are continuously produced by their development teams," said Guy Podjarny, CEO, Snyk Ltd.
Over the course of a single work day, DigitalOcean was able to upgrade multiple services and internal libraries to a newer and safer Nokogiri version, rolling them out to its pre-production and, following verification, production environments. Prior to using Snyk, the process of finding and fixing vulnerabilities would have taken much longer, which meant DigitalOcean was previously susceptible to being exploited for greater lengths of time.
Snyk is a developer-first security solution that helps you use open source code and stay secure. Building on its unique vulnerability database, Snyk continuously finds and fixes known vulnerabilities and license violations in open source dependencies. Snyk integrates seamlessly into the developer workflow, tightly integrating with source control (e.g. GitHub, BitBucket, GitLab), hooking into your CI/CD pipelines and continuously monitoring PaaS and Serverless apps in production. To learn more, visit https://snyk.io/