Developers, security professionals, and investors all find something to like about Snyk and its developer security platform, which helps organizations mitigate their risk of exposure to software supply chain attacks.
After closing $196.5 million in Series G investment late last month, Snyk on Tuesday said it secured an additional $25 million from ServiceNow. ServiceNow’s investment brings the total amount Snyk has secured to $1.4 billion since 2020.
During those three years, the company behind the developer security platform has been adding on customers. Snyk claims its revenues last year grew 100%, with net revenue retention growing 130%. Snyk reports that it closed out 2022 with over 2,300 customers who remediated more than 5.1 million vulnerabilities. Identity verification provider Veriff ranked Snyk first in an analysis of security startups based on funding amounts, number of investors, employee counts, Twitter following, and the uniqueness of the product portfolio.
Integrating Snyk With ServiceNow
Following this investment, ServiceNow will embed Snyk’s open source software component analysis (SCA) and intelligence tools into ServiceNow’s Vulnerability Response. While Snyk can boost ServiceNow’s vulnerability detection capabilities, its developer-focused tools can bring Snyk to more DevSecOps organizations.
“Snyk’s vision is all the way from code to cloud, and cloud is really code,” Snyk chief product officer Manoj Nair says. “We get people to build security in from the start, rather than putting firewalls and scanners and all that after the fact to catch what’s wrong.”
ServiceNow VP and general manager of security products Lou Fiorello envisions the Snyk platform extending his company’s vulnerability detection capabilities. “This significantly furthers ServiceNow’s ability to provide a single view into vulnerabilities across the enterprise technology environment, driving workflows to better prioritize and expedite vulnerability management,” Fiorello said in a statement.
Appealing to Developers and Security Professionals
Founded in 2015, Snyk has stood out amid escalating growth in software supply chain attacks. Snyk’s Developer Security Platform helps organizations reduce the risk of an attack by letting those who build container-based applications generate software bills of materials (SBOMs) during the development process.
“Snyk has been successful at building security tools that the developers like,” says Enterprise Strategy Group senior analyst Melinda Marks. Marks emphasizes that developers find especially appealing Snyk’s tools to test open source code using SCA and to scan infrastructure as code.
“Snyk was a pioneer in the developer-first security category,” she adds. “It’s very easy for developers to use while giving security teams visibility and control for setting policies and related functions.”
The ServiceNow announcement is significant, Marks adds, given how many large enterprises use ServiceNow for IT service management. ServiceNow says it serves 80% of Fortune 500 companies and approximately 7,400 enterprise customers.
Recent Security Moves
Organizations are increasingly looking at how to efficiently make SBOMs, especially in light of software supply chain attacks, vulnerabilities such as Log4j, and government mandates. In November, Snyk released an update to make it easier to automatically generate SBOMs during the software build process. Snyk added a “developer-first” API and command-line interface (CLI) to create SBOMs, which the company says provides broader visibility into customers’ complete software supply chains.
Snyk also released an SBOM Checker, a free tool that scans SBOMs for vulnerabilities. Snyk also has added Bomber Integration, which scans SBOMs with the open-source Bomber application, testing them against its open source Snyk Vulnerability Database.
In November, Snyk Cloud — the outgrowth of the company’s acquisition of Fugue last year — went live. Snyk Cloud has a common policy engine designed to ensure organizations’ cloud applications are secure before deploying them.
“Snyk Cloud will help you secure your cloud environment with common policies for infrastructure code and cloud deployments,” Nair said during the November launch event. “Taking a code-centric approach to find and fix cloud issues is something that we were fundamentally focused on.”