Builders, safety professionals, and buyers all discover one thing to love about Snyk and its developer safety platform, which helps organizations mitigate their threat of publicity to software program provide chain assaults.
After closing $196.5 million in Collection G funding late final month, Snyk on Tuesday mentioned it secured an extra $25 million from ServiceNow. ServiceNow’s funding brings the full quantity Snyk has secured to $1.4 billion since 2020.
Throughout these three years, the corporate behind the developer safety platform has been including on prospects. Snyk claims its revenues final 12 months grew 100%, with web income retention rising 130%. Snyk stories that it closed out 2022 with over 2,300 prospects who remediated greater than 5.1 million vulnerabilities. Identification verification supplier Veriff ranked Snyk first in an evaluation of safety startups based mostly on funding quantities, variety of buyers, worker counts, Twitter following, and the individuality of the product portfolio.
Integrating Snyk With ServiceNow
Following this funding, ServiceNow will embed Snyk’s open supply software program element evaluation (SCA) and intelligence instruments into ServiceNow’s Vulnerability Response. Whereas Snyk can enhance ServiceNow’s vulnerability detection capabilities, its developer-focused instruments can convey Snyk to extra DevSecOps organizations.
“Snyk’s imaginative and prescient is all the way in which from code to cloud, and cloud is admittedly code,” Snyk chief product officer Manoj Nair says. “We get folks to construct safety in from the beginning, slightly than placing firewalls and scanners and all that after the very fact to catch what’s fallacious.”
ServiceNow VP and basic supervisor of safety merchandise Lou Fiorello envisions the Snyk platform extending his firm’s vulnerability detection capabilities. “This considerably furthers ServiceNow’s potential to supply a single view into vulnerabilities throughout the enterprise expertise surroundings, driving workflows to higher prioritize and expedite vulnerability administration,” Fiorello mentioned in a press release.
Interesting to Builders and Safety Professionals
Based in 2015, Snyk has stood out amid escalating progress in software program provide chain assaults. Snyk’s Developer Safety Platform helps organizations scale back the chance of an assault by letting those that construct container-based purposes generate software program payments of supplies (SBOMs) in the course of the improvement course of.
“Snyk has been profitable at constructing safety instruments that the builders like,” says Enterprise Technique Group senior analyst Melinda Marks. Marks emphasizes that builders discover particularly interesting Snyk’s instruments to check open supply code utilizing SCA and to scan infrastructure as code.
“Snyk was a pioneer within the developer-first safety class,” she provides. “It is very simple for builders to make use of whereas giving safety groups visibility and management for setting insurance policies and associated capabilities.”
The ServiceNow announcement is critical, Marks provides, given what number of giant enterprises use ServiceNow for IT service administration. ServiceNow says it serves 80% of Fortune 500 firms and roughly 7,400 enterprise prospects.
Current Safety Strikes
Organizations are more and more easy methods to effectively make SBOMs, particularly in gentle of software program provide chain assaults, vulnerabilities corresponding to Log4j, and authorities mandates. In November, Snyk launched an replace to make it simpler to robotically generate SBOMs in the course of the software program construct course of. Snyk added a “developer-first” API and command-line interface (CLI) to create SBOMs, which the corporate says supplies broader visibility into prospects’ full software program provide chains.
Snyk additionally launched an SBOM Checker, a free instrument that scans SBOMs for vulnerabilities. Snyk additionally has added Bomber Integration, which scans SBOMs with the open-source Bomber software, testing them towards its open supply Snyk Vulnerability Database.
In November, Snyk Cloud — the outgrowth of the firm’s acquisition of Fugue final 12 months — went reside. Snyk Cloud has a typical coverage engine designed to make sure organizations’ cloud purposes are safe earlier than deploying them.
“Snyk Cloud will provide help to safe your cloud surroundings with frequent insurance policies for infrastructure code and cloud deployments,” Nair mentioned in the course of the November launch occasion. “Taking a code-centric strategy to search out and repair cloud points is one thing that we have been essentially centered on.”