Case Study: Indeed secures its Node modules and automates vulnerability fixes with Snyk

Indeed - Customer Case Study

Doug Wade, a Senior Front-End Engineer at Indeed, was troubled by publishing npm-shrinkwrap.json files that effectively exposed known vulnerabilities and by the slow, ecosystem-wide wait for fixes to percolate. After seeing Snyk’s demo and learning about its "snyk protect" postinstall patching, he sought a way to both remove vulnerable dependencies from his manifests and integrate automated security checks into his Gulp-based workflows.

To solve this, Doug built and published gulp-snyk, a Gulp plugin that runs Snyk’s testing programmatically as part of the build, while relying on Snyk’s protect feature to patch applications at install time. The plugin is on npm and is used to protect projects like Clefs and name-suffix; Doug already uses Snyk for 17 Node modules with plans to expand to all 33, streamlining security into his build process and reducing the exposure of vulnerabilities in published manifests.

Indeed

Doug Wade

Senior Front-End Engineer