The Transform Technology Summits start October 13th with Low-Code/No Code: Enabling Enterprise Agility. Register now!


Let the OSS Enterprise newsletter guide your open source journey! Sign up here.

Snyk, a security scanning platform used by developers at companies like Google, Salesforce, Intuit, and Atlassian, today announced a $530 million series F investment round that values the company at $8.5 billion. The transaction included primary and secondary investments, meaning Snyk only raised around $300 million in fresh capital, with investors buying existing shares for the rest.

Snyk’s SaaS platform helps developers identify vulnerabilities and license violations in their open source codebases, containers, and Kubernetes applications. By connecting their code repository, be it GitHub, GitLab, or Bitbucket, Snyk customers gain access to a giant vulnerability database, which enables Snyk to describe the problem, point to where the flaw in the code lies, and even suggest a fix.

That Snyk targets its security smarts at developers rather than security teams is notable, as it means it’s looking to catch issues not only before they go into the live codebase, but in real time as the developer codes.

“Simply shifting left [testing early in the software development process] is no longer enough, and security now needs to be fully owned by developers so that they are equipped to address security issues in real time as they emerge,” Snyk cofounder and president Guy Podjarny said. “Our approach makes security easy so that modern developers are set up for true success, securing what they build without having to become a security expert or slow down.”

Snyk in action

Above: Snyk in action

The problem

Most modern software relies to some degree on open source components, saving businesses the considerable resources involved in building and maintaining everything in-house. But reports suggest 84% of the commercial codebases contain at least one open source vulnerability, leaving the software supply chain vulnerable to myriad external threats. Thus, the business of securing open source software is growing. Earlier this year, Snyk rival WhiteSource raised $75 million to bolster its open source security management and compliance platform, which is used by companies like Microsoft and IBM.

Snyk has had a busy 12 months too. The Boston-headquartered company, which was founded out of London and Tel Aviv back in 2015, has now raised $775 million since its inception. This includes a $150 million tranche last year, followed by a $300 million cash injection in March that valued the firm at $4.7 billion. This means Snyk’s perceived worth has almost doubled in the space of six months.

On top of that, Snyk has been on something of an acquisition spree, snapping up AI-powered semantic code analysis platform Deepcode; Manifold; and, more recently, FossID, a software composition analysis tool for open source code. And back in May, Snyk found a powerful ally in the form of cybersecurity giant Trend Micro, which launched a new product in conjunction with Snyk to offer security teams “continuous insight” into open source vulnerabilities and compliance risks.

Snyk’s latest funding round was co-led by Tiger Global and Sands Capital, with participation from a slew of high-profile investors, including BlackRock, Accel, Salesforce Ventures, Atlassian Ventures, and Coatue.

VentureBeat

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact. Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:
  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more
Become a member