Builders, safety professionals, and traders all discover one thing to love about Snyk and its developer safety platform, which helps organizations mitigate their threat of publicity to software program provide chain assaults.
After closing $196.5 million in Collection G funding late final month, Snyk on Tuesday stated it secured a further $25 million from ServiceNow. ServiceNow’s funding brings the entire quantity Snyk has secured to $1.4 billion since 2020.
Throughout these three years, the corporate behind the developer safety platform has been including on prospects. Snyk claims its revenues final 12 months grew 100%, with internet income retention rising 130%. Snyk studies that it closed out 2022 with over 2,300 prospects who remediated greater than 5.1 million vulnerabilities. Id verification supplier Veriff ranked Snyk first in an evaluation of safety startups primarily based on funding quantities, variety of traders, worker counts, Twitter following, and the distinctiveness of the product portfolio.
Integrating Snyk With ServiceNow
Following this funding, ServiceNow will embed Snyk’s open supply software program element evaluation (SCA) and intelligence instruments into ServiceNow’s Vulnerability Response. Whereas Snyk can enhance ServiceNow’s vulnerability detection capabilities, its developer-focused instruments can convey Snyk to extra DevSecOps organizations.
“Snyk’s imaginative and prescient is all the best way from code to cloud, and cloud is absolutely code,” Snyk chief product officer Manoj Nair says. “We get individuals to construct safety in from the beginning, reasonably than placing firewalls and scanners and all that after the actual fact to catch what’s incorrect.”
ServiceNow VP and basic supervisor of safety merchandise Lou Fiorello envisions the Snyk platform extending his firm’s vulnerability detection capabilities. “This considerably furthers ServiceNow’s capability to supply a single view into vulnerabilities throughout the enterprise know-how atmosphere, driving workflows to raised prioritize and expedite vulnerability administration,” Fiorello stated in a press release.
Interesting to Builders and Safety Professionals
Based in 2015, Snyk has stood out amid escalating progress in software program provide chain assaults. Snyk’s Developer Safety Platform helps organizations scale back the chance of an assault by letting those that construct container-based functions generate software program payments of supplies (SBOMs) throughout the improvement course of.
“Snyk has been profitable at constructing safety instruments that the builders like,” says Enterprise Technique Group senior analyst Melinda Marks. Marks emphasizes that builders discover particularly interesting Snyk’s instruments to check open supply code utilizing SCA and to scan infrastructure as code.
“Snyk was a pioneer within the developer-first safety class,” she provides. “It’s extremely simple for builders to make use of whereas giving safety groups visibility and management for setting insurance policies and associated capabilities.”
The ServiceNow announcement is important, Marks provides, given what number of massive enterprises use ServiceNow for IT service administration. ServiceNow says it serves 80% of Fortune 500 firms and roughly 7,400 enterprise prospects.
Latest Safety Strikes
Organizations are more and more taking a look at easy methods to effectively make SBOMs, particularly in mild of software program provide chain assaults, vulnerabilities comparable to Log4j, and authorities mandates. In November, Snyk launched an replace to make it simpler to mechanically generate SBOMs throughout the software program construct course of. Snyk added a “developer-first” API and command-line interface (CLI) to create SBOMs, which the corporate says gives broader visibility into prospects’ full software program provide chains.
Snyk additionally launched an SBOM Checker, a free instrument that scans SBOMs for vulnerabilities. Snyk additionally has added Bomber Integration, which scans SBOMs with the open-source Bomber software, testing them in opposition to its open supply Snyk Vulnerability Database.
In November, Snyk Cloud — the outgrowth of the corporate’s acquisition of Fugue final 12 months — went stay. Snyk Cloud has a standard coverage engine designed to make sure organizations’ cloud functions are safe earlier than deploying them.
“Snyk Cloud will enable you safe your cloud atmosphere with widespread insurance policies for infrastructure code and cloud deployments,” Nair stated throughout the November launch occasion. “Taking a code-centric strategy to search out and repair cloud points is one thing that we had been basically targeted on.”