Open source security scanning platform Snyk raises $300M

Let the OSS Enterprise newsletter guide your open source journey! Sign up here.

Snyk, a security scanning platform used by developers at companies including Google, Salesforce, Intuit, and Atlassian, today announced a $530 million series F investment round, valuing the company at $8.5 billion. The transaction included primary and secondary investments, meaning that Snyk only raised around $300 million in fresh capital, with the remainder involving investors buying existing shares.

Snyk’s SaaS platform helps developers identify vulnerabilities and license violations in their open source codebases, containers, and Kubernetes applications. By connecting their code repository, be it GitHub, GitLab, or Bitbucket, Snyk customers gain access to a giant vulnerability database, which enables Snyk to serve a description of the problem, point to where the flaw in the code lies, and even suggests a fix.

That Snyk targets its security smarts at developers rather than security teams is notable, as it means that it’s looking to catch issues not only before they goes into the live codebase, but in real time as the developer codes.

“Simply shifting left [testing early in the software development process] is no longer enough, and security now needs to be fully-owned by developers so that they are equipped to address security issues in real time as they emerge,” Snyk cofounder and president Guy Podjarny said. “Our approach makes security easy, so that modern developers are set up for true success, securing what they build without having to become a security expert or slow down.”

Above: Snyk in action

The problem

Most modern software relies to some degree on open source components, saving businesses considerable resources in terms of having to build and and maintain everything in-house. But reports suggest that 84% of the commercial codebases contain at least one open source vulnerability, opening the software supply chain to myriad external threats. Thus, the business of securing open source software is getting big. Earlier this year, Snyk rival WhiteSource raised $75 million to bolster its open source security management and compliance platform, which is used by companies like Microsoft and IBM.

For Snyk, it’s been a busy twelve months too. The Boston-headquartered company, which was founded initially out of London and Tel Aviv back in 2015, has now raised $775 million since its inception — this includes a $150 million tranche last year which was followed by a $300 million cash injection back in March which valued the firm at $4.7 billion. This means that Snyk’s perceived worth has almost doubled in the space of six months.

On top of that, Snyk has been on something of an acquisition spree, snapping up AI-powered semantic code analysis platform Deepcode; Manifold; and, more recently, FossID, a software composition analysis tool for open source code. And back in May, Snyk found a powerful ally in the form of cybersecurity giant Trend Micro, which launched a new product in conjunction with Snyk to offer security teams “continuous insight” into open source vulnerabilities and compliance risks.

Snyk’s latest funding round was co-led by Tiger Global and Sands Capital, with participation from a slew of high-profile investors, including BlackRock, Accel, Salesforce Ventures, Atlassian Ventures, and Coatue.