Developers, safety professionals, and traders all discover one thing to love about Snyk and its developer safety platform, which helps organizations mitigate their danger of publicity to software program provide chain assaults.
After closing $196.5 million in Series G funding late final month, Snyk on Tuesday mentioned it secured an extra $25 million from ServiceNow. ServiceNow’s funding brings the whole quantity Snyk has secured to $1.4 billion since 2020.
During these three years, the corporate behind the developer safety platform has been including on prospects. Snyk claims its revenues final 12 months grew 100%, with internet income retention rising 130%. Snyk stories that it closed out 2022 with over 2,300 prospects who remediated greater than 5.1 million vulnerabilities. Identity verification supplier Veriff ranked Snyk first in an evaluation of safety startups primarily based on funding quantities, variety of traders, worker counts, Twitter following, and the distinctiveness of the product portfolio.
Integrating Snyk With ServiceNow
Following this funding, ServiceNow will embed Snyk’s open supply software program part evaluation (SCA) and intelligence instruments into ServiceNow’s Vulnerability Response. While Snyk can enhance ServiceNow’s vulnerability detection capabilities, its developer-focused instruments can carry Snyk to extra DevSecOps organizations.
“Snyk’s imaginative and prescient is all the way in which from code to cloud, and cloud is de facto code,” Snyk chief product officer Manoj Nair says. “We get folks to construct safety in from the beginning, somewhat than placing firewalls and scanners and all that after the very fact to catch what’s unsuitable.”
ServiceNow VP and normal supervisor of safety merchandise Lou Fiorello envisions the Snyk platform extending his firm’s vulnerability detection capabilities. “This considerably furthers ServiceNow’s capacity to supply a single view into vulnerabilities throughout the enterprise expertise surroundings, driving workflows to raised prioritize and expedite vulnerability administration,” Fiorello mentioned in an announcement.
Appealing to Developers and Security Professionals
Founded in 2015, Snyk has stood out amid escalating progress in software program provide chain assaults. Snyk’s Developer Security Platform helps organizations cut back the chance of an assault by letting those that construct container-based functions generate software program payments of supplies (SBOMs) through the growth course of.
“Snyk has been profitable at constructing safety instruments that the builders like,” says Enterprise Strategy Group senior analyst Melinda Marks. Marks emphasizes that builders discover particularly interesting Snyk’s instruments to check open supply code utilizing SCA and to scan infrastructure as code.
“Snyk was a pioneer within the developer-first safety class,” she provides. “It’s very straightforward for builders to make use of whereas giving safety groups visibility and management for setting insurance policies and associated features.”
The ServiceNow announcement is critical, Marks provides, given what number of giant enterprises use ServiceNow for IT service administration. ServiceNow says it serves 80% of Fortune 500 corporations and roughly 7,400 enterprise prospects.
Recent Security Moves
Organizations are more and more tips on how to effectively make SBOMs, particularly in gentle of software program provide chain assaults, vulnerabilities equivalent to Log4j, and authorities mandates. In November, Snyk launched an replace to make it simpler to robotically generate SBOMs through the software program construct course of. Snyk added a “developer-first” API and command-line interface (CLI) to create SBOMs, which the corporate says supplies broader visibility into prospects’ full software program provide chains.
Snyk additionally launched an SBOM Checker, a free instrument that scans SBOMs for vulnerabilities. Snyk additionally has added Bomber Integration, which scans SBOMs with the open-source Bomber utility, testing them towards its open supply Snyk Vulnerability Database.
In November, Snyk Cloud — the outgrowth of the firm’s acquisition of Fugue final 12 months — went stay. Snyk Cloud has a standard coverage engine designed to make sure organizations’ cloud functions are safe earlier than deploying them.
“Snyk Cloud will aid you safe your cloud surroundings with widespread insurance policies for infrastructure code and cloud deployments,” Nair mentioned through the November launch occasion. “Taking a code-centric strategy to search out and repair cloud points is one thing that we had been basically targeted on.”