We recently integrated Snyk into boot.dev as a way to get more visibility into known vulnerabilities in boot.dev’s codebase. Snyk has already patched a critical vulnerability in lodash for us. This allowed us to continue releasing new versions before the official fix for lodash was published a few days ago.
We can’t speak to whether Snyk is a cost-effective tool for commercial applications. However, their support for the open-source community by offering free integrations is worth the few minutes it takes to install.
Their quick start page allows developers to integrate their GitHub repository, then use the command-line tool to detect and apply any patches to their code.
We added a badge to our github repo that shows in near real-time whether or not the boot.dev code contains any known vulnerabilities according to Snyk. If you are into open source and are looking for a way to keep your code secure, Snyk is a tool you should look into.