IBM Bob Finds and Fixes Security Vulnerabilities Using Snyk: DevSecOps in Action

Description

Security shouldn't wait until after development is done. In this video, Alex Soto shows how IBM Bob integrates with the Snyk MCP server to scan a Java project for security vulnerabilities, identify critical issues, fix them automatically, and re-scan to verify the fixes — all within a single workflow. Bob runs both a SAST code analysis and an SCA dependency scan via Snyk, then goes further with its own analysis to catch issues Snyk missed, like a SQL injection vulnerability. After presenting the findings organized by severity, Bob fixes the critical issues — replacing plain text password storage with hashing and converting raw SQL statements to prepared statements to eliminate the injection risk. Then Bob re-runs the security scan to confirm the fixes are clean. 🔹 What Bob does in this video: — Runs Snyk code scan (SAST) and dependency scan (SCA) via the Snyk MCP server — Identifies additional vulnerabilities beyond what Snyk detected, including SQL injection — Categorizes findings by severity: critical, medium, and informational — Fixes critical issues automatically — password hashing and prepared statements — Improves Quarkus configuration for better security posture — Re-runs the full security scan against the updated code to verify no new issues were introduced 📌 Key takeaway: Bob combines external security tooling (Snyk via MCP) with its own code analysis to catch more issues than either would alone — then fixes what it finds and proves the fixes are clean. That's shift-left security with minimal friction. 🔗 Try IBM Bob: ibm.com/bob #IBMBob #DevSecOps #Snyk #SecurityScanning #Java #Quarkus #MCP #ShiftLeft #watsonx #IBM #SAST #SCA