September 25, 20180 mins read
Today we are delighted and honored to announce our $22M series B fundraising!
This milestone demonstrates a huge vote of confidence in Snyk’s developer-first approach, and in the belief that all of you - the amazing community of developers and forward looking security experts - are ready to own and fix open source security. Together, we’ve demonstrated what the future of application security looks like, and are ready to scale our DevSec community. So thank you :)
Our Series B fundraise was led by Accel, with participation from GV and our existing investors Boldstart Ventures, Heavybit and others. We thank them for their support.
This round comes less than 7 months after our previous one, in order to support our rapid growth and expand our developer-first offering. We’d love to take the opportunity to share what we’ve achieved, and what’s coming next.
Our Growing Community
Over 160,000 developers use Snyk to find, fix and monitor for vulnerable libraries. Snyk now protects over 140,000 repositories on source code management platforms such as GitHub, Bitbucket and GitLab. These developers are downloading Snyk’s CLI at a rate of 100,000 downloads/week, integrating into their CI and other processes.
Being an open platform that developers automate and integrate with, over 5,000,000 calls to Snyk’s API were made in the last month!
Snyk’s goal is to automate vulnerability remediation so that issues are actually fixed on an ongoing basis — Snyk opens 10,000 fix pull requests and applies over 580,000 patches each month!
We’re also happy that enterprises choose to deploy Snyk throughout their organizations, most of which had their developers advocate doing so after seeing the value provided by using Snyk on various projects. We now have over 200 large enterprise customers on board, and our revenue has grown 5x in the last 9 months. The trend of enterprises appreciating Snyk’s unique approach has been recognised by Gartner naming Snyk as a 2018 Cool Vendor in Application and Data Security.
On the security front, Snyk’s in-house security team responsibly disclosed over 1,000 uncovered vulnerabilities to open source library maintainers in 2018 alone, many of which were reported to us by researchers in the open source community. A notable disclosure was Zip Slip, a widespread critical archive extraction vulnerability that can often times lead to remote command execution. This vulnerability affected thousands of open source projects, and was discovered and responsibly disclosed by the Snyk Security team.
We have achieved a lot already, but there’s much more to be done to accomplish our mission, so here’s a “Snyk peek” of what we’ll use today’s investment for:
Further scale our business across ecosystems while keeping our users happy. This includes deepening support for our current languages and adding new ones. The recent addition of support for container vulnerability management is one area where we’ll further invest to match the scanning and fixing capabilities that developers get from Snyk today for application dependencies. Contact us for access.
Extreme customer dedication – at scale.We care deeply about our users, and pride ourselves on being ridiculously easy to work with. We plan to keep up that level of dedication as we grow, which requires some scaling up of both our customer success tooling and our team (we will be looking to 2-3x the size of the company with more amazing people – if you are interested in joining, let us know!).
Define and grow the new category of runtime open source security. Snyk will expand from fixing vulnerable OSS components to protecting them in runtime. Today’s applications run these components blindly, implicitly trusting the thousands of authors maintaining them. While most maintainers mean well, recent news clearly demonstrates that some may be compromised, insecure, or outright malicious. Snyk’s upcoming offerings will go beyond known vulnerabilities to help organisations regain control & visibility when running these open source libraries. Contact us to be among the first to try it.
Grow the Secure Developer community. We’ll continue to grow the community and invest in it. The only scalable way to fix open source security is through the community of developers who care about security and want to be part of making open source secure. We started with the Secure Developer podcast, but much more is planned to expand this initiative!
Again, a huge thanks!
At this moment in our journey, we want to thank our users and all others in the community who have helped us get to this point. You’re all living proof that we can and should empower developers to own security. We’ll need your support to take us to the next phases as well!