Startup Snyk Aims to Lockdown Open Source Code in Real Time
Eight months ago, without a lot of fanfare, a startup company called Snyk, with roots in London and Israel, started talking about its unique focus on helping developers keep open source code secure. Specifically, Snyk monitors vulnerabilities and dependencies in open source code and integrates securing open source into common developer workflows. The bottom line is that code vulnerabilities get checked in real-time, rather than getting focused on during official audits.
Now, Snyk is coming out of beta with its tools, and releasing some metrics on how successful it has been at finding probems and patching them.
"It’s been nearly 8 months since we first launched Snyk at the Velocity Amsterdam conference. Since then, we’ve registered over 343,000 security tests, and 76% of users found vulnerabilities in their apps. Snyk patches were applied 71,000 times, closing security gaps that couldn’t be upgraded away, and over 4,500 email alerts were triggered by newly disclosed vulnerabilities.
Snyk’s product has matured and grown to match this activity and our users’ needs, and we are now ready to take off the beta tag! Alongside graduating out of Beta, I’m excited to announce Snyk’s premium plans, which let users choose the support and features that are right for them.
We’re also adding two long awaited features to Snyk - tight GitHub integration and Organization support."
Snyk now lets you test all your npm GitHub repositories with a single click. And, Organization Support is described as follows:
"Developing applications is a team sport, and so is securing them. To let the entire team work together, we’re also launching Snyk Organisations. Every Snyk user, old and new, has an organisation automatically created, and can invite others to see and act on vulnerabilities, as well as get notified about relevant new disclosures.
You can create any number of organisations and invite as many users as you’d like to each. Organisations start on the free plan, but higher tier plans let you separate Administrators from Collaborators, with more controls to come."
Snyk's business model is based on offering premium plans, but the company emphasizes this: "Snyk is committed to making Open Source secure, and so will always be free for Open Source projects. You can monitor an unlimited number of public GitHub repositories, finding, fixing and preventing security flaws."
Sounds like this one could be worth a look for open source developers who want hardened security.