Cloud platform provider DigitalOcean has entered into an agreement with open source security solution provider Snyk to counter open source library vulnerabilities in Nokogiri. Nokogiri is an open source software library that analyzes HTML and XML in programming language RUBY. By deploying Snyk’s solution, DigitalOcean says it will be able to fix issues within a span of 24 hours.
Before Snyk, DigitalOcean had to depend on their own resources to monitor the vulnerabilities. They further added that since this effort depleted their time-cost, they had to look for a solution that was more focused and time-bound.
According to DigitalOcean, it became imperative for them to upgrade Nokogiri to its latest version after finding vulnerabilities. Explaining this in detail, Tom Czarniecki, Tech Lead and Architect of Application Security of DigitalOcean commented:
You need to continuously scan for vulnerabilities, and mitigate found vulnerabilities, in your operating systems, applications and libraries. Such a quick turnaround could not have happened when monitoring for vulnerable dependencies without Snyk.
Snyk feel that they have merely diminished the number of tasks for DigitalOcean by stepping in. Emphasizing this point, Guy Podjarny, CEO of Snyk said:
Snyk simplified the non-trivial task of scanning for vulnerabilities in DigitalOcean’s third-party libraries allowing the DigitalOcean application security team to focus their efforts on scanning for vulnerabilities in the code and applications that are continuously produced by their development teams.
DigitalOcean say that with the help of Snyk’s security solution, they were able to tap into several attack prone instances which would not have been discovered otherwise. They also added that doing this has allowed them to develop a safer version of Nokogiri in the pre-production stage.