Case Study: Salesforce achieves an automated, secure open source pipeline and saves 150 hours/year with Snyk

How Salesforce Secures Its Open Source Pipeline With Snyk Scanning

Salesforce, the global cloud-based CRM and enterprise software company, faced a slow, manual open source software (OSS) review process that created a bottleneck for roughly 20 OSS requests per month. To automate and scale reviews, Salesforce adopted Snyk’s Open Source security scanning to integrate automated vulnerability checks into their OSS release workflow.

Salesforce implemented a plug‑and‑play framework that uses Snyk’s API to pull queued review requests (via their ticketing system and RabbitMQ), scan code repositories, and automatically attach vulnerability reports to the original tickets so engineers can approve or remediate issues in minutes. The Snyk-powered solution eliminated manual scanning work, reduced the monthly review bottleneck, improved OSS security, and saved Salesforce about 150 hours of engineering effort per year while speeding up releases.

Salesforce

Amol Deshpande

Product Security Engineer