Case Study: U.S. Small Business Administration achieves 78% risk reduction and 52‑day average vulnerability fixes with Snyk

How the U.S. Small Business Administration Combined Security Scanning and Software Development with Snyk

The U.S. Small Business Administration faced the challenge of securing a largely outsourced software portfolio whose contractor teams used many languages and open source components. Their existing, customized monitoring couldn’t flexibly scan across disparate stacks or help prioritize real-world risk, so they partnered with Snyk and adopted Snyk Open Source to find and automatically remediate open source vulnerabilities.

Snyk was rolled out across diverse dev teams (and integrates with the SBA’s AWS Lambda workloads), surfacing exploit intelligence, sending Slack alerts and even creating pull requests with minimal upgrades to fix issues. Since implementing Snyk, the SBA runs 18.5 million SCA tests, monitors 75 projects, scans 70 repositories (with a 280-repo target), reduced its risk posture by 78%, and cut average time-to-fix to 52 days versus an industry average of 200 days—while also changing developer behavior to check Snyk scores before using packages.

U.S. Small Business Administration

Ryan Hillard

Systems Developer