Krungsri Accelerates Modernization and Open Source Governance at Scale

Bank of Ayudhya PCL, also known as Krungsri, is the fifth largest and one of Thailand’s Domestic Systemically Important Banks (D-SIBs). With a broad range of services, customers include a diverse clientele ranging from retail and small businesses to large corporate enterprises. 

To support this strategy, Krungsri prioritized in-house application development over commercial off-the-shelf solutions. This approach gives the bank greater flexibility and control, while enabling faster delivery of new capabilities. As its software portfolio expanded, Krungsri recognized the need for a modern approach to open source governance, ecosystem management, and risk-aware development across its application lifecycle.

From False Positives to Full Confidence and Efficient Development

The organization’s Enterprise DevSecOps team is responsible for all custom software development, and the team was facing challenges with a high rate of false positives from their existing open source tooling solution. Krungsri needed to gain clear, actionable insights, automate vulnerability management, and strengthen reporting capability across development projects.

As Krungsri expanded development, software composition analysis (SCA) became crucial. The existing solution generated an overwhelming number of false positives, which consumed valuable developer time and slowed innovation. Krungsri needed a solution that could provide accurate, contextual insights, integrate seamlessly into modern CI/CD workflows, and support informed decision-making.

Enabling Modern, Risk-Aware Development at Scale 

Krungsri selected Sonatype Lifecycle to support its open source governance, with its simple user interface and Advanced Legal Pack (ALP), which provided the depth of insight needed to address complex open source licensing, being key factors in their decision. 

Deployment was systematic and collaborative. Sonatype Lifecycle was tightly integrated into every project's CI/CD pipeline, turning SCA into a non-negotiable milestone for every release. The bank worked with MFEC, a local service provider, to oversee the technical setup, and they continue to provide ongoing health checks. The Sonatype team worked closely with Krungsri to embed best practices across the SCA program with an emphasis on efficiency.

From the start, every build underwent automated scanning, delivering instant, actionable feedback to developers. The ALP enabled detailed identification and analysis of problematic libraries, empowering legal and engineering teams to make informed, risk-aware decisions. Continuous monitoring brought a new level of control: IT security and DevSecOps teams now receive immediate notifications of any issues across all deployed components without manual intervention. Sonatype Lifecycle’s advanced reporting and dashboard features were integrated directly with Krungsri’s main dashboard tool, providing enterprise-wide visibility into critical metrics, including deployment frequency.

By reimagining its processes, Krungsri not only gained unparalleled accuracy in vulnerability detection and license management but also achieved centralized, data-driven oversight to empower its teams to respond faster, collaborate better, and innovate with confidence.