The Qvault password manager is a deprecated project, this article remains alive for historical informational purposes only. Our new product can be found at Qvault.
We recently integrated Snyk into Qvault as a way to get more visibility into known vulnerabilities in Qvault’s codebase. Snyk has already patched a critical vulnerability in lodash for us. This allowed us to continue releasing new versions before the official fix for lodash was published a few days ago.
We can’t speak to whether Snyk is a cost-effective tool for commercial applications. However, their support for the open-source community by offering free integrations is worth the few minutes it takes to install.
Their quick start page allows developers to integrate their GitHub repository, then use the command-line tool to detect and apply any patches to their code.
We added a badge to our github repo that shows in near real-time whether or not the Qvault code contains any known vulnerabilities according to Snyk. If you are into open source and are looking for a way to keep your code secure, Snyk is a tool you should look into.