Builders, safety professionals, and buyers all discover one thing to love about Snyk and its developer safety platform, which helps organizations mitigate their danger of publicity to software program provide chain assaults.
After closing $196.5 million in Series G investment late final month, Snyk on Tuesday mentioned it secured an additional $25 million from ServiceNow. ServiceNow’s funding brings the full quantity Snyk has secured to $1.4 billion since 2020.
Throughout these three years, the corporate behind the developer safety platform has been including on prospects. Snyk claims its revenues final 12 months grew 100%, with internet income retention rising 130%. Snyk studies that it closed out 2022 with over 2,300 prospects who remediated greater than 5.1 million vulnerabilities. Identification verification supplier Veriff ranked Snyk first in an analysis of safety startups based mostly on funding quantities, variety of buyers, worker counts, Twitter following, and the distinctiveness of the product portfolio.
Integrating Snyk With ServiceNow
Following this funding, ServiceNow will embed Snyk’s open supply software program part evaluation (SCA) and intelligence instruments into ServiceNow’s Vulnerability Response. Whereas Snyk can enhance ServiceNow’s vulnerability detection capabilities, its developer-focused instruments can carry Snyk to extra DevSecOps organizations.
“Snyk’s imaginative and prescient is all the best way from code to cloud, and cloud is admittedly code,” Snyk chief product officer Manoj Nair says. “We get folks to construct safety in from the beginning, fairly than placing firewalls and scanners and all that after the very fact to catch what’s mistaken.”
ServiceNow VP and normal supervisor of safety merchandise Lou Fiorello envisions the Snyk platform extending his firm’s vulnerability detection capabilities. “This considerably furthers ServiceNow’s means to offer a single view into vulnerabilities throughout the enterprise know-how setting, driving workflows to raised prioritize and expedite vulnerability administration,” Fiorello mentioned in a press release.
Interesting to Builders and Safety Professionals
Based in 2015, Snyk has stood out amid escalating development in software supply chain attacks. Snyk’s Developer Security Platform helps organizations cut back the danger of an assault by letting those that construct container-based purposes generate software bills of materials (SBOMs) in the course of the improvement course of.
“Snyk has been profitable at constructing safety instruments that the builders like,” says Enterprise Technique Group senior analyst Melinda Marks. Marks emphasizes that builders discover particularly interesting Snyk’s instruments to check open supply code utilizing SCA and to scan infrastructure as code.
“Snyk was a pioneer within the developer-first safety class,” she provides. “It’s extremely straightforward for builders to make use of whereas giving safety groups visibility and management for setting insurance policies and associated capabilities.”
The ServiceNow announcement is critical, Marks provides, given what number of massive enterprises use ServiceNow for IT service administration. ServiceNow says it serves 80% of Fortune 500 corporations and roughly 7,400 enterprise prospects.
Current Safety Strikes
Organizations are more and more taking a look at easy methods to effectively make SBOMs, particularly in gentle of software supply chain attacks, vulnerabilities resembling Log4j, and government mandates. In November, Snyk launched an replace to make it simpler to robotically generate SBOMs in the course of the software program construct course of. Snyk added a “developer-first” API and command-line interface (CLI) to create SBOMs, which the corporate says supplies broader visibility into prospects’ full software program provide chains.
Snyk additionally launched an SBOM Checker, a free device that scans SBOMs for vulnerabilities. Snyk additionally has added Bomber Integration, which scans SBOMs with the open-source Bomber software, testing them in opposition to its open supply Snyk Vulnerability Database.
In November, Snyk Cloud — the outgrowth of the company’s acquisition of Fugue final 12 months — went dwell. Snyk Cloud has a typical coverage engine designed to make sure organizations’ cloud purposes are safe earlier than deploying them.
“Snyk Cloud will make it easier to safe your cloud setting with widespread insurance policies for infrastructure code and cloud deployments,” Nair mentioned in the course of the November launch occasion. “Taking a code-centric strategy to seek out and repair cloud points is one thing that we had been basically centered on.”