BBVA uses GraphQL and Hasura to build an open source security product

The project saw significant reduction in build time, app extensibility and documentation requirements thanks to the adoption of Hasura and GraphQL

BBVA Innovation Labs is a multidisciplinary team within BBVA that was formed to provide advances in the technology area at BBVA. The team does not limit itself to a specific field - their scope spans everything from AI and infrastructure to big data and microservices.

One of their most recent projects is Deeptracy, an open source tool for analyzing security issues in third party libraries used in a project. It chooses the most suitable security tool for each language and notifies development teams of vulnerabilities spotted in the project dependencies.

Adopting GraphQL

DeepTracy originally started life as a research project, but had matured enough that the bank was considering integrating it with their software. Roberto Martinez, the project owner, wanted to rewrite the project to make the integration process easier. Apart from making it smaller and more manageable, there were a couple of key issues he wanted to address:

  • Since he was the sole project owner, he did not want to spend a lot of time on support activities such as documenting the API or communicating back and forth with a team that was going to use it.
  • He could not envision all the use cases where DeepTracy will be used in the future. He did not want to have to keep building REST APIs or have teams modify DeepTracy constantly for their specific requirements.

He felt that both these problems could be addressed by simply adopting GraphQL.

Adopting Hasura

Roberto was very impressed by Hasura’s quality of code, robustness, documentation and the community that had sprung up around it. He tried it out, felt it was very easy to get started, and decided to use it for his rewrite.


Hasura reduced Roberto’s development time from 2 months to about 3 weeks.

Thanks to the GraphQL API, his maintenance workload was much lesser:

  • It will be much easier to iterate on, as they do not need to write new APIs to fetch specific data.
  • Once BBVA integrates their other software with DeepTracy, their documentation and communication requirements will be significantly reduced.

Going forward, Roberto is interested in implementing remote schemas to further reduce the size of Deeptracy.

Want to know how Hasura can help your team? Schedule a demo.

This case study was prepared based on a discussion with Roberto Martinez, IT Project Manager at BBVA.  

22 Jul, 2019
Subscribe to stay up-to-date on all things Hasura. One newsletter, once a month.
Accelerate development and data access with radically reduced complexity.