Policygenius: Shifting left with Semgrep

  • Semgrep scans their entire repository in seconds.
  • With Semgrep, Policygenius has nearly zero false positives per scan.
  • Policygenius’ security team appreciates easy-to-create rulesets.
Share

About Policygenius

Policygenius transforms the insurance journey for today’s consumer, providing a one-stop platform where customers can compare options from top insurance carriers, get unbiased expert advice, buy policies, and manage their insurance portfolio, in one seamless, integrated experience. Our proprietary technology platform integrates with the leading life, disability, and home and auto insurance carriers and delivers an exceptional digital experience for both consumers and insurance carriers. Since 2014, our content, digital tools, and experts have served as a resource for millions of people on their insurance journey, and we have sold more than $160 billion in coverage.

The software security team at Policygenius is responsible for making sure that their software is as secure as possible without unnecessarily slowing down software developers.

The Policygenius technology stack consists of:

- Languages: Ruby, Java, Golang, Python

- Frameworks: Terraform, Github

As in just about all technology companies, there were more developers than security engineers, which posed the challenge of how to create a not only scalable and effective but also efficient and developer-friendly secure SDLC. Due to this, Jessica Grider, Senior DevSecOps Engineer, wanted to make sure that the security shifts left and the security infrastructure is automated as much as possible. Shifting left is crucial because it detects vulnerabilities before they reach production, thus allowing developers and security teams to be proactive rather than reactive.

With this in mind, Jessica was looking for a security solution that was fast, reliable, and had very few false positives.

The Semgrep App makes policy enforcement easy. Policygenius has been able to add specific rulesets for specific repositories, add new rules, and change rules easily with the Rule Board.

Conclusion

Jessica and her team are highly appreciative of the support from Semgrep to help boost their security posture. Policygenius is excited to utilize the power of Semgrep fully.

About

Semgrep lets security teams partner with developers and shift left organically, without introducing friction. Semgrep gives security teams confidence that they are only surfacing true, actionable issues to developers, and makes it easy for developers to fix these issues in their existing environments.