Snyk Security Review


The Qvault password manager is a deprecated project, this article remains alive for historical informational purposes only. Our new product can be found at Qvault.

We recently integrated Snyk into Qvault as a way to get more visibility into known vulnerabilities in Qvault’s codebase. Snyk has already patched a critical vulnerability in lodash for us. This allowed us to continue releasing new versions before the official fix for lodash was published a few days ago.

We can’t speak to whether Snyk is a cost-effective tool for commercial applications. However, their support for the open-source community by offering free integrations is worth the few minutes it takes to install.


Their quick start page allows developers to integrate their GitHub repository, then use the command-line tool to detect and apply any patches to their code.

Snyk Badge

Having trouble finding a coding job? Need collaborators for your next project? Want to try to convince us Python > Golang? Join us in our free community Discord server to hang out.

We added a badge to our github repo that shows in near real-time whether or not the Qvault code contains any known vulnerabilities according to Snyk. If you are into open source and are looking for a way to keep your code secure, Snyk is a tool you should look into.

Thanks For Reading!

If you’re interested in furthering your CS career, take our computer science courses

Follow and hit us up on Twitter @q_vault if you have any questions or comments, and if we’ve made a mistake be sure to let us know so we can get it corrected!

Subscribe to our newsletter for more programming articles

%d bloggers like this: