Accelerating our developer-first vision with DeepCode

As you may have read in the news, today Snyk announced an agreement to acquire DeepCode!  On behalf of the Snyk team, I wanted to share with you why we are excited to integrate DeepCode’s technology to the Snyk Cloud Native Application Security platform, and what it will mean for our customers and users.

Who is DeepCode?

First, let me tell you a little about this company and their amazing technology.  DeepCode is an ETH Zurich spin-off founded by leading researchers in machine learning and programming languages.  The company has been focused on applying AI to assist developers with application quality and security in real-time – as they code.  In particular, they developed two breakthrough innovations:

• Very sophisticated interpretable machine learning semantic code analysis. The technology scans code 10-50x faster than alternatives, which enables real-time workflows within the development process.  It also dramatically reduces both false negatives and false positives using a custom machine learning platform that is able to quickly learn from huge volumes of code.
• An exceptional developer UX unlocked via a custom, next-generation Datalog solver that, for the first time, allows for high precision semantic code analysis in real-time.  This technology enables code scanning at the IDE and git level so that developers can seamlessly integrate scanning into their development process in real-time rather than adding interruptive steps. 

How will this accelerate our vision for developer-first cloud native application security?

Snyk’s approach from day one has been to empower developers as the first step in application security, enabling the speed and scale required by technology-driven companies.  Security and operations teams are given the visibility and control to support developers and govern the process during development.  Snyk is already the most developer-friendly application security solution, used by more than 1.5 million developers worldwide to build software securely.  

Key to this vision is continuously integrating security into the development process, rather than add it as an additional step. DeepCode’s AI engine will help Snyk both increase speed and ensure a new level of accuracy in finding and fixing vulnerabilities, while constantly learning from the Snyk vulnerability database to become smarter.

This will enhance our solution in two ways.  It will enable an even faster integration for developers, testing for issues while they develop rather than as an additional step. And it will further increase the accuracy of our results, almost eliminating the need to waste time chasing down false positives.  Snyk was already the best in the industry in these two aspects, and this will set us even further apart.

What will this mean for our customers and users?

DeepCode’s industry-first technology will advance Snyk’s comprehensive security platform, which today supports open source security, container security, and infrastructure as code security, with integrated machine learning-based intelligence to more quickly identify vulnerabilities and ensure developers have a superior level of accuracy.  Additionally, we now can apply those capabilities to the proprietary code written by developers, extending the Snyk platform’s coverage for securing cloud native applications.

We’ll have a lot more to say about our plan to integrate DeepCode’s technology, and how our customers will experience that, at our upcoming free, virtual Snykcon conference on October 21-22, 2020.  Click the link below to reserve your spot, and we look forward to seeing you there!