Customers

Australia Post

Why the Australia Post chose Snyk for greater AppSec visibility

Customer Spotlight

Evan Taylor

Cyber Defense Manager

Industry: Government
Location: Australia

Products Featured

Snyk Open Source Snyk Code Snyk Container Snyk IaC

Highlights:

Improved AppSec maturity with minimal disruption to over 200 developer workflows

Gained in-depth visibility into open source and container vulnerabilities

Increased scanning coverage using Snyk’s various integration points

Expanded Snyk implementation to cover proprietary code and infrastructure as code

The Challenge: Gaining greater visibility into potential vulnerabilities

With over 200 developers and a wide range of open source technologies in use at Australia Post, the company needed more visibility into potential vulnerabilities within its growing code base. After successfully implementing Snyk for open source dependencies, Australia Post has been expanding its capabilities to cover other aspects of its technology stack.

“As we looked at all the dependencies we have in our code base and the sheer number of technologies that we operate through the organization, we needed to really get a handle on the associated risks and vulnerabilities” stated Evan Taylor, Cyber Defense Manager at Australia Post.

The Solution: Simplifying application security with Snyk

After evaluating potential security tools, Australia Post chose to implement Snyk Open Source in large part because of its simplicity. The company wanted a solution that could operate with little to no manual interaction by developers, while also giving them the contextual information necessary to remediate vulnerabilities.

“The less impact we can have on a developer’s workflow the better, so the seamless integration aspect of Snyk was very important to us,” said Taylor. “The consumable data Snyk provides is actually what helps us turn the dial and uplift our security maturity”

Australia Post also recognized that the developer-friendly approach with Snyk Open Source made adoption easier for development teams, so rolling out Snyk’s additional products was the most seamless way forward. When Australia Post chose to begin a phased rollout of Snyk Container next, there was even less friction because developers were already familiar with the tool.

“As we had an existing integration with Snyk, it started to make sense to enable some of its other capabilities, such as Container, Code, or Infrastructure as Code, rather than implementing other tools,” Taylor explained.

The developer perspective was crucial

Taylor’s security team at Australia Post are well aware that the application security tools they choose aren’t consumed by them, but by the development teams. Because developers would be impacted by Snyk, it was crucial that they were part of the evaluation process from the start to get the most value out of the product.

“Our approach is to work directly with the development teams to understand the outcomes they’re looking for,” explained Taylor “and help them work security into the work that they’re doing rather than it being considered after the fact.”

The Impact: Improving maturity of application security practice

Snyk has enabled Australia Post to gain greater visibility into its code base by increasing scanning coverage using Snyk’s multiple integration options. In turn, this has helped the company reduce new and existing vulnerabilities.

“Our metric for success is less about the total amount of vulnerabilities, and more around the trends,” Taylor explained. “Over time, we’re starting to see the number of new vulnerabilities introduced into production environments reduce.”

In fact, Australia Post has been able to achieve an 84% reduction in critical vulnerabilities being merged from development into test over the past 6 months.  Besides reducing new vulnerabilities, Australia Post also cites developer engagement as an important success metric. It’s challenging for the security team to change the operational workflows of developers, so it’s been encouraging for the company to see development teams take the initiative to apply security principles and practices themselves using Snyk.

After the success of implementing security scanning for open source dependencies and containers, Australia Post is now focused on rolling out Snyk Code and is assessing Snyk Infrastructure as Code. This will enable the company to achieve comprehensive security for the modern application technology stack using one centralized solution.

“Snyk is an integral part of our developer workflow,” concluded Taylor. “The scans provide very valuable data when we’re doing security reviews and security testing, which helps teams prioritize remediation activities.”

About Australia Post

Australia Post is the largest transportation logistics organization in Australia, providing postal services to over 12.4 million delivery points across the country. In addition, the company offers banking services in post offices, identity verification for banking and firearm applications, and many other services.

Start securing AI-generated code

Create your free Snyk account to start securing AI-generated code in minutes. Or book an expert demo to see how Snyk can fit your developer security use cases.

No credit card required.

Start free with GithubStart free with Google

Or Sign up with

SSOBitbucketAzure ADDocker ID

By logging in or signing up, you agree to abide by our policies, including our Terms of Service and Privacy Policy

Patch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo Segment

Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer’s toolkit.

Start freeBook a live demo

Product

What is Snyk?Snyk Code (SAST)Snyk Open Source (SCA)Snyk ContainerSnyk Infrastructure as CodeSnyk AppRisk (ASPM)Developer Security PlatformApplication securitySoftware supply chain securitySecure AI-generated code DeepCode AIPricingDeployment optionsIntegrationsIDE pluginsGit SecurityCI/CD pipelines securitySnyk CLISnyk LearnSnyk for JavaScript

Resources

DocumentationSnyk API DocsAPI statusDisclosed vulnerabilitiesSupport portal & FAQ’sBlogSecurity fundamentalsResources for security leadersResources for ethical hackersVulnerability DatabaseSnyk OSS AdvisorSnyk Top 10VideosCustomer resources

Company

AboutCustomersCareersEventsSnyk for governmentPress kitSecurity & trustLegal termsPrivacyFor California residents: Do not sell my personal informationWebsite Terms of Use

Connect

Book a live demoContact usSupportReport a new vuln

Security

Application SecurityContainer SecuritySupply Chain SecurityJavaScript SecurityOpen Source SecurityAWS SecuritySecure SDLCSecurity postureSecure codingEthical HackingAI in cybersecurityCode CheckerPythonEnterprise CybersecurityJavaScriptSnyk With GitHubSnyk vs VeracodeSnyk vs Checkmarx

© 2024 Snyk Limited
Registered in England and Wales

logo-devseccon