Open-source software is widely used today, both by consumers and companies. The founder of the AES encryption algorithm Vincent Rijmen believed that Linux’s open-source nature makes it easy to spot vulnerabilities and fix them, thus making the model secure.
What is Snyk?
Assaf Hefetz, Danny Grander, and Guy Podjarny founded Snyk in 2015 to offers solutions that help developers. These solutions find and fix vulnerabilities and license violations in an open-source code at the developer level. That way, a software-based organization can reduce their cybersecurity risks at the earliest stage and make their solutions compliant by design. Rather than transferring the responsibility to IT security teams – the “editors” – Snyk allows the developers – the “authors” – to clean up their work at the creation stage.
Last month, Snyk received an investment of $150m, which has elevated its status to “Unicorn”. Stripes led the funding round. According to CEO Peter McKay, the round will help accelerate Snyk’s ability to transform the approach to application security and delivery to software-driven enterprises.
How Does Snyk Work?
The security team at Snyk maintains a database of vulnerabilities. The team monitors GitHub and other sources alongside manual research. Each found vulnerability is issued a severity score and Snyk updates the product to include it.
For instance, developers can find and fix vulnerabilities in their containers and Kubernetes application with the Snyk Container tool. Meanwhile, the Open Source Security Management tool detects the vulnerabilities in open-source projects automatically.
The solution includes an integrated development environment (IDE) check. This detects vulnerabilities at the coding stage, native Git scanning done directly at the repository, testing of CI/CD, and even testing the production environment. The testing and analysis allow users to trace the origins of vulnerability and help organizations make better security decisions in the future.
Snyk’s API tokens allow for compatibility with most platforms – GitHub, BitBucket, Google and Azure. Snyk also allows free testing of open-source projects.
Its license compliance tool allows developers to ensure they aren’t breaking any legal terms when using the licenses. They can do it at the very start of coding by verifying the packages, or at any stage of development.
These security audit solutions and database of vulnerabilities has helped Snyk achieve its current status. In the increasingly growing cybersecurity industry, the recent funding round shows that the demand for products that help achieve developer-first application security is higher than ever. Snyk CEO agrees with this as well.
Photo credits: The images used are owned by Snyk and were provided for press usage.
Sources: Crunchbase / Snyk Knowledge Base / Secure Programming for Linux and Unix / Ingrid Lunden (TechCrunch) / Ron Miller (TechCrunch) / Ionut Arghire (Security Week) / Mark Haranas (CRN)