Developers, security professionals, and investors all love Snyk and its developer security platform. This helps organizations reduce their exposure to software supply chain attacks.
After closing a $196.5 million Series G investment late last month, Snyk announced Tuesday it has secured another $25 million from ServiceNow. ServiceNow’s investment brings the total amount Snyk has secured since 2020 to his $1.4 billion.
Over the past three years, the company behind the developer security platform has gained more customers. Snyk claims a 100% increase in revenue and a 130% increase in net revenue retention over the last year. Snyk reports that he closed out 2022 with over 2,300 customers fixing over 5.1 million vulnerabilities. His Veriff, an identity verification provider, ranked Snyk #1 in its analysis of security startups based on funding amount, number of investors, number of employees, number of Twitter followers, and uniqueness of product portfolio.
Snyk and ServiceNow integration
Following this investment, ServiceNow will incorporate Snyk’s open source software component analysis (SCA) and intelligence tools into ServiceNow’s vulnerability response. Snyk can power ServiceNow’s vulnerability detection capabilities, but its developer tools can bring Snyk to more DevSecOps organizations.
“Snyk’s vision is everything from code to the cloud, and the cloud is actually code,” said Manoj Nair, chief product officer at Snyk. “We ask people to build security in from the beginning, rather than putting firewalls, scanners, etc. after the fact to find problems.”
Lou Fiorello, vice president and general manager of security products at ServiceNow, envisions the Snyk platform extending his company’s vulnerability detection capabilities. “This greatly improves ServiceNow’s ability to have a single view of vulnerabilities across his enterprise technology environment, allowing him to prioritize workflows and expedite vulnerability management.” Fiorello said in a statement.
Appeal to developers and security professionals
Founded in 2015, Snyk stands out in a growing wave of attacks on the software supply chain. Snyk’s Developer Security Platform helps organizations reduce the risk of attacks by enabling those building container-based applications to generate a software bill of materials (SBOM) during the development process.
Melinda Marks, Senior Analyst at Enterprise Strategy Group, said: Marks uses SCA to test open source code and scan infrastructure as code, and she emphasizes that she finds Snyk’s tools particularly appealing to developers.
“Snyk was a pioneer in the developer-first security category,” she adds. “It’s very developer-friendly and gives security teams visibility and control to set policies and related features.”
Marks adds that ServiceNow’s announcement is important given that many large enterprises use ServiceNow for IT service management. According to ServiceNow, he serves 80% of Fortune 500 companies and about 7,400 enterprise customers.
Recent security trends
Organizations are increasingly looking at how to create SBOMs efficiently, especially in light of software supply chain attacks, vulnerabilities such as Log4j, and government mandates. In November, Snyk released an update that makes it easier to automatically generate her SBOM during the software build process. Snyk has added a “developer-first” API and Command Line Interface (CLI) to create SBOMs. The company says this will give it greater visibility into a customer’s complete software supply chain.
Snyk also released SBOM Checker, a free tool that scans for SBOM vulnerabilities. Snyk also added a Bomber Integration that scans his SBOM with the open source Bomber application and tests it against his open source Snyk Vulnerability Database.
In November, Snyk Cloud, which was born as a result of the company’s acquisition of Fugue last year, went live. Snyk Cloud has a common policy engine designed to secure an organization’s cloud applications before they are deployed.
“Snyk Cloud helps secure cloud environments with common policies for infrastructure code and cloud deployments,” said Nair at its November launch event. “Taking a code-centric approach to finding and fixing cloud issues is fundamentally our focus.”