Snyk Security Review

DEPRECATION WARNING

The Qvault password manager is a deprecated project, this article remains alive for historical informational purposes only. Our new product can be found at Qvault.

We recently integrated Snyk into Qvault as a way to get more visibility into known vulnerabilities in Qvault’s codebase. Snyk has already patched a critical vulnerability in lodash for us. This allowed us to continue releasing new versions before the official fix for lodash was published a few days ago.

We can’t speak to whether Snyk is a cost-effective tool for commercial applications. However, their support for the open-source community by offering free integrations is worth the few minutes it takes to install.

snyk

Their quick start page allows developers to integrate their GitHub repository, then use the command-line tool to detect and apply any patches to their code.

qvault
Snyk Badge

Having trouble finding a coding job? Need collaborators for your next project? Want to try to convince us Python > Golang? Join us in our free community Discord server to hang out.


We added a badge to our github repo that shows in near real-time whether or not the Qvault code contains any known vulnerabilities according to Snyk. If you are into open source and are looking for a way to keep your code secure, Snyk is a tool you should look into.

Thanks For Reading!

If you’re interested in furthering your CS career, take our computer science courses

Follow and hit us up on Twitter @q_vault if you have any questions or comments, and if we’ve made a mistake be sure to let us know so we can get it corrected!

Subscribe to our newsletter for more programming articles

%d bloggers like this: