Customers

Coveo

Coveo quickly and easily adopts Snyk for open source and container security

Industry: Tech
Location: Canada

Products Featured

Snyk Open Source Snyk Container

Highlights:

Unified solution for container security assessment, open source vulnerability reporting, and license management.

Easy-to-use API-driven solution into existing workflows, empowering Coveo’s developers to handle security themselves.

Fixing in an automated and process-driven manner gives Coveo peace of mind with open source and container image vulnerabilities

The Challenge: address license violations and security vulnerabilities as early as possible 

As a cloud-first company, the Coveo team is focused on microservices. While Coveo had a DevOps model in place, developers didn’t have the tooling they needed to perform regular vulnerability scans on their own, when needed. Coveo recognized that to fully embrace DevOps, the ability to scan each open source package and container image for vulnerabilities before moving to production was critical. Coveo also needed a new solution for license compliance when the company’s vendor partner abruptly dropped the offering.

The Solution: one service for license management and open source and container security

Coveo turned to Snyk initially for license management. When it came time to choose a new vulnerability management tool, the team considered Snyk.

After comparing Snyk to other options, Coveo ultimately chose Snyk to consolidate licence management and reporting on vulnerabilities on one platform. Snyk allows the DevOps teams to identify vulnerabilities and stay up-to-date with the latest security fixes. This is now the primary benefit Snyk offers Coveo developers.

“Snyk allows us to see vulnerabilities before releasing into production,” said Jean-Philippe Lachance, a security analyst at Coveo. “If we don’t, we might be out of business because of a vulnerability.”

Coveo finds Snyk’s ease of use its top technical benefit. Coveo also leverages the Snyk API, which its developers prefer to use over UIs for some specific use cases. Coveo recently built an alert system integrated into Slack with updates on the severity level and discovery date of vulnerabilities. This allows Coveo’s developers to react faster and fix their issues before being blocked by the deployment pipeline, which would prevent deployment due to new vulnerabilities based on severity level or longevity.

Continuously fix vulnerabilities in open source dependencies and containers

Snyk enables Coveo developers to own the security of the services they manage, combining license management and vulnerability scanning. When their original solution for container security became increasingly challenging to manage and upgrade, Coveo again turned to Snyk.  Using one simple, developer-friendly tool that would also secure container images appealed to Coveo. 

“Snyk offers an easy-to-use SaaS service," said Jean-Philippe. "We needed a reliable solution to validate container images before moving to production, and Snyk is helping us do this in a simple way."

The Impact: increased visibility and improved security 

With Snyk, Coveo has found one platform to handle both license and vulnerability management.

Snyk provides Coveo and its customers with peace of mind that they are aware of and prioritizing mitigation of open source vulnerabilities, as well as avoiding copyright infringement. Coveo is able to demonstrate to customers that they take security seriously and thus can be trusted as technology partner.

 "Snyk allowed us to more easily follow a process, looking at vulnerabilities and scan results. It was a big cultural change for us, but it has benefited Coveo greatly,” said Jean-Philippe.

Coveo developers are able to follow appropriate security processes because Snyk is integrated directly into their CI/CD pipeline.  The open source nature of Snyk also allows developers to adapt Snyk to their unique needs, fix bugs, and generally have a high degree of self-sufficiency with the tool.

Empowering developers to handle security

With Snyk in place, DevOps team members can manage vulnerabilities with much more autonomy and efficiency. Each team’s Security Champion are empowered to monitor vulnerabilities and determine for themselves how and the timeframe for addressing them.

Coveo’s DevOps teams are provided with oversight, but overall given the responsibility and power to prioritize their security actions. Snyk’s support of this “trust but verify” approach greatly facilitated adoption across the organization.

“Snyk’s hosted services are so simple for Coveo to manage. Now our developers are empowered to handle vulnerability and license management on their own,” said Jean-Philippe.

Coveo also finds Snyk’s customer satisfaction team is highly responsive to their needs, enabling them to customize the product to their use cases and changing needs over time. Coveo’s advice to other security teams is to embrace security and start using Snyk as possible in development.

About Coveo

Coveo uses artificial intelligence technology to personalize millions of digital experiences, providing an insight engine businesses can leverage to offer more relevant content to their employees, customers, dealers, and partners. As a constantly growing company, Coveo relies heavily on cloud services and leverages container technologies. Coveo chose Snyk to integrate security best practices directly into their DevOps workflows. By leveraging Snyk, Coveo empowers their DevOps teams to own security, ensuring license compliance and scanning of all open source dependencies and container images before they move to production.

Start securing AI-generated code

Create your free Snyk account to start securing AI-generated code in minutes. Or book an expert demo to see how Snyk can fit your developer security use cases.

No credit card required.

Start free with GithubStart free with Google

Or Sign up with

SSOBitbucketAzure ADDocker ID

By logging in or signing up, you agree to abide by our policies, including our Terms of Service and Privacy Policy

Patch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo Segment

Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer’s toolkit.

Start freeBook a live demo

Product

What is Snyk?Snyk Code (SAST)Snyk Open Source (SCA)Snyk ContainerSnyk Infrastructure as CodeSnyk AppRisk (ASPM)Developer Security PlatformApplication securitySoftware supply chain securitySecure AI-generated code DeepCode AIPricingDeployment optionsIntegrationsIDE pluginsGit SecurityCI/CD pipelines securitySnyk CLISnyk LearnSnyk for JavaScript

Resources

DocumentationSnyk API DocsAPI statusDisclosed vulnerabilitiesSupport portal & FAQ’sBlogSecurity fundamentalsResources for security leadersResources for ethical hackersVulnerability DatabaseSnyk OSS AdvisorSnyk Top 10VideosCustomer resources

Company

AboutCustomersCareersEventsSnyk for governmentPress kitSecurity & trustLegal termsPrivacyFor California residents: Do not sell my personal informationWebsite Terms of Use

Connect

Book a live demoContact usSupportReport a new vuln

Security

Application SecurityContainer SecuritySupply Chain SecurityJavaScript SecurityOpen Source SecurityAWS SecuritySecure SDLCSecurity postureSecure codingEthical HackingAI in cybersecurityCode CheckerPythonEnterprise CybersecurityJavaScriptSnyk With GitHubSnyk vs VeracodeSnyk vs Checkmarx

© 2024 Snyk Limited
Registered in England and Wales

logo-devseccon