Customers

Breathe Life

How Breathe Life established a developer-first security culture with Snyk and StackHawk

Customer Spotlight

Francois Allard

Director of Engineering

Industry: Non-profit
Location: Canada

Products Featured

Snyk Open Source Snyk Container Snyk Code

Highlights:

Leverage Snyk and StackHawk for visibility into their environment - increased security posture visibility by 41% in past 3 months

Achieved 400% increase in developer adoption in 3 months

These tools allowed all engineering teams to be involved in software security

Engineering teams are able to drill down and see which specific transitive dependency created a vulnerability

Snyk and StackHawk showed Breathe Life that their platform is free of major vulnerabilities

The Challenge

Francois Allard spearheads this mission as Director of Engineering. His Developer Experience team has the two-fold task of enabling engineering teams to build and operate scalable, secure and resilient apps with high velocity, while empowering customer development teams to seamlessly integrate their systems with our platform through self-service. These industry leading goals require cutting edge tooling that supports a developer-centric approach to security — making Snyk and StackHawk the perfect partners.

Privacy and compliance

Working in the insurance industry makes highly sensitive data and strict regulations a daily concern for Breathe Life. When security is crucial, having a robust vulnerability management program is paramount and this means we need to invest in the best tooling available.

“We need tools that will be able to follow our pace: we know the value of quick and small iterations on our platform, and we can’t be slowed down by lengthy processes or clunky tools.”  said Francois Allard.

While navigating privacy laws was a driving factor in seeking a security solution, the team “didn’t put in place these solutions with the goal of only ‘checking the box’ of those compliance requirements. We understand the value that these solutions are providing us and would have [gone] forward with these even without the compliance need” (Allard).

Demands of modern development

Like many web teams, Breathe Life utilizes open source components to form the framework of their applications running on Google Kubernetes Engine (GKE). Monitoring the countless dependencies themselves is an impossible task. So, the team needed a platform that increased visibility within the software and scanned open source dependencies and containers at depth.

The Solution: Developer-centric tooling

Since Allard runs a developer-centric team, choosing a solution designed by and for developers was the logical next step. Many security tools are built to target large organization’s centralized security teams — which opposed Breathe Life’s mission of having all engineering teams involved in the security aspect of our software.

Breathe Life was already using the freemium version of Snyk Open Source, so evaluating the paid plan was a natural progression. The combination of Snyk Open Source and Snyk Codeallowed them to easily identify the minimum version they needed to upgrade vulnerabilities to. Additionally, the team could see which specific transitive dependency is incorporating the vulnerability and if we can update those by removing the version pinning on those transitive dependencies so we can get the most updated version while respecting the SemVer of parent packages.

After seeing StackHawk in action at a DevOps conference, Allard and team were interested in seeing if it would be a fit. The fact that StackHawk and Snyk were already partners sweetened the deal by displaying the synergistic approach of our tools. StackHawk’s ability to identify all the relevant APIs to scan using the OpenAPI spec within an application made it easy to incorporate into Breathe Life’s CI/CD stack and manage findings in the platform.

The Impact: Growing with confidence and peace of mind

The increased visibility provided by Snyk and StackHawk have been impactful for the Breathe Life team. Snyk Open Source’s scanning gave developers additional details that made fixes more efficient and ensured all transitive dependencies were secure. In fact the team has increased visibility into their security posture by 41% in past 3 months.  StackHawk’s ability to leverage the open API let them scan the real application and test the parts that mattered most (without the limitations of other products).

Though Allard and his team are still working out some automation kinks, they were able to address a big portion of the vulnerable transitive packages.

“Snyk Code and Stackhawk have shown us that, from an automated scan perspective, our platform is solid and does not contain obvious important vulnerabilities." stated Allard. "As we grow, those tools will give us some confidence that it remains this way.”

Whether you’re a young company just starting to incorporate security or an established organization navigating the shift toward decentralization, Snyk and StackHawk can help. Experience modern dynamic application security testing with a free StackHawk account, and let Snyk help you find and fix vulnerabilities across your entire development life cycle with a free trial.

About Breathe Life

As a young insurtech company aiming to revolutionize the life insurance industry, Breathe Life has begun to rewrite industry traditions. Their modern life insurance distribution platform breaks the legacy software mold that prevents insurers from reaching the masses in order to make financial security accessible to everyone.

Start securing AI-generated code

Create your free Snyk account to start securing AI-generated code in minutes. Or book an expert demo to see how Snyk can fit your developer security use cases.

No credit card required.

Start free with GithubStart free with Google

Or Sign up with

SSOBitbucketAzure ADDocker ID

By logging in or signing up, you agree to abide by our policies, including our Terms of Service and Privacy Policy

Patch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo Segment

Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer’s toolkit.

Start freeBook a live demo

Product

What is Snyk?Snyk Code (SAST)Snyk Open Source (SCA)Snyk ContainerSnyk Infrastructure as CodeSnyk AppRisk (ASPM)Developer Security PlatformApplication securitySoftware supply chain securitySecure AI-generated code DeepCode AIPricingDeployment optionsIntegrationsIDE pluginsGit SecurityCI/CD pipelines securitySnyk CLISnyk LearnSnyk for JavaScript

Resources

DocumentationSnyk API DocsAPI statusDisclosed vulnerabilitiesSupport portal & FAQ’sBlogSecurity fundamentalsResources for security leadersResources for ethical hackersVulnerability DatabaseSnyk OSS AdvisorSnyk Top 10VideosCustomer resources

Company

AboutCustomersCareersEventsSnyk for governmentPress kitSecurity & trustLegal termsPrivacyFor California residents: Do not sell my personal informationWebsite Terms of Use

Connect

Book a live demoContact usSupportReport a new vuln

Security

Application SecurityContainer SecuritySupply Chain SecurityJavaScript SecurityOpen Source SecurityAWS SecuritySecure SDLCSecurity postureSecure codingEthical HackingAI in cybersecurityCode CheckerPythonEnterprise CybersecurityJavaScriptSnyk With GitHubSnyk vs VeracodeSnyk vs Checkmarx

© 2024 Snyk Limited
Registered in England and Wales

logo-devseccon