Snyk, a company that helps organisations use open source code securely, has closed a USD22 million Series B investment round led by Accel, with participation from GV and existing investors Boldstart Ventures, Heavybit and others.
Open source software (OSS) is embraced by over 95 per cent of enterprises, which dramatically accelerates software development but also introduces substantial risk. Developers draw vast quantities of OSS components into their apps, unaware that many carry known vulnerabilities, or are outright malicious. In fact, 77 per cent of applications carry such known vulnerabilities, and only one in four OSS maintainers audit their code regularly. Developers need tools to manage these large volumes of third-party software.
Snyk helps organisations use open source code and stay secure. Developers use Snyk to find and block vulnerable and malicious OSS components, building on a comprehensive database maintained by Snyk’s security research team. Snyk’s solution goes further and automatically fixes the discovered issues, patching over 580,000 vulnerabilities each month, and continuously protecting over 140,000 projects.
Founded by serial entrepreneur Guy Podjarny and security experts Assaf Hefetz and Danny Grander, Snyk was built on the belief that developers will embrace security if given the right tools. With 150,000 users, over 200 paying customers including New Relic, ASOS, Auth0, and Skyscanner, and revenue growing 5x in nine months, this is proving to be the case.
With this funding, Snyk will expand from fixing vulnerable OSS components to protecting them in runtime. Today’s applications run these components blindly, implicitly trusting the thousands of authors maintaining them. While most maintainers mean well, recent news clearly demonstrates that some may be compromised, insecure, or outright malicious. Snyk’s upcoming offerings will help organisations regain control and visibility when running these open source libraries.
“Our mission is to fix open source security, and that can only be done from within the open source community,” says Guy Podjarny, CEO and co-founder of Snyk. “This investment is a humbling validation of the impact that security-conscious developers have, and lets us expand open source security into runtime while continuing to serve these amazing users.”
Snyk will use today’s investment to further scale its business across ecosystems while keeping users happy; define and grow the new category of runtime open source security; and continue investing in the secure developer community and leading the DevSecOps movement.
Philippe Botteri, Partner at Accel, will be joining the Board as part of the round. He says: “Some of the largest data breaches in recent years were the result of unfixed vulnerabilities in open source dependencies; as a result, we’ve seen the adoption of tools to monitor and remediate such vulnerabilities grow exponentially. We’ve also seen the ownership of application security shifting towards developers. We feel that Snyk is uniquely positioned in the market given the team’s deep security domain knowledge and developer-centric mindset, and are thrilled to join them on this mission of bringing security tools to developers.”
