Why Visma chose Snyk when moving to the next generation of security testing tools

Industry: Tech
Location: Norway

Products Featured

Snyk Open Source

Highlights:

Implemented Snyk Open Source to modernize SCA vulnerability scanning efforts

Integrated Snyk platform across numerous technologies and over 20,000 projects

Onboarded over 140 development teams to Snyk without friction

Leveraged Snyk API to pull data for maturity index as part of internal governance

Reduced high and critical vulnerabilities by 65% and 39% respectively

The Challenge: Adopting modern security testing tools

The challenge that Visma faces is keeping secure across such a diverse set of technology stacks.

“We are one big company, but we consist of over 200 smaller companies or teams spread across many countries,” stated Per Olsson, Application Security Advisor at Visma. “This complicates things when running a large-scale, centralized security program.”

That’s why the company is always searching for the most cutting-edge security tools to continuously improve its security posture.

“We regularly investigate whether we’re using the best tools available to us, and we concluded that might no longer be true for our existing toolset,” stated Nicolai Brogaard, Service Owner of Software Composition Analysis (SCA) and Static Application Security Testing (SAST) at Visma. “We wanted to move into the next generation of security testing tools.”

The Solution: Choosing a developer-first solution

When Visma was evaluating security tools, the ability to automatically onboard developers and provide an intuitive interface was crucial. Snyk Open Source now enables over 140 development teams to detect and remediate vulnerabilities within the third-party dependencies they use. Snyk’s intuitive interface encouraged developers to adopt the tool and take ownership of security without friction.

“The key success metric is how simple a tool is to onboard,” explained Brogaard. “Introducing new tools, especially in the security world, is not easy to do. You have to prove that there’s significant advantages to the tool, and in the case of Snyk, everybody agreed there was.”

In addition, the Visma Cloud Delivery Model (VCDM) is the company’s internal governance structure, which includes the Visma Application Security Program (VASP). As part of this, Visma has a maturity index that measures each of its underlying companies using numerous metrics, including the level of onboarding of security tools and number of outstanding vulnerabilities. The Snyk API enables Visma to easily pull this data from across code projects.

Visma’s plug-and-play approach with Snyk

With the sheer size and diversity of Visma’s technology stacks, the integrations Snyk provides were also critical. There are no governance limitations for the tools that each development team can use, only that they should implement the security testing tools that the security team has chosen. That’s why Snyk’s strong ecosystem of plugins and integrations was a key deciding factor for enabling Visma’s developers to safely use the tools of their choice.

The problem with a lot of these security testing tools is that they require so much background knowledge, so you can’t really just plug-and-play them in your environment,” Brogaard said. “So one of the differentiating factors with Snyk is enabling developers to quickly get started and figure things out themselves.”

The Impact: Visibility into vulnerabilities across 20,000 projects

Since implementing Snyk, Visma has completed over 600,000 tests to date across over 20,000 code projects. The majority of these tests were initiated automatically during the development process. Through these efforts, Visma has been able to reduce high severity vulnerabilities by 65% and critical severity vulnerabilities by 39%.

Want to learn more about Visma’s journey? Watch the company’s presentation at SnykCon 2021: Lessons learned from building a developer-first AppSec program.

About Visma

Visma provides software and services that optimize business processes for companies across the entire Nordic region and other areas in Europe. Through numerous mergers and acquisitions, Visma has grown to become a large collection of companies with over 14,500 employees and 6,500 developers. Each new company added to the portfolio, however, has introduced new technologies as well.

Patch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo Segment

Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer’s toolkit.

Start freeBook a live demo