Snyk $7M Series A - and a huge thanks!

On Tuesday we announced our $7M series A! This funding is a great testament to the importance of having developers own security and the critical need to secure our use of open source code. It’s also a humbling show of faith in our product and team, who are trusted to deliver and help you — our beloved users — use open source code and stay secure.

This round is a good opportunity to reflect back on what we’ve accomplished together in just under 2.5 years, talk about what’s coming next, and say thanks to the many people who helped us get to this point.

What have we accomplished?

Over 120,000 developers use Snyk to find, fix and monitor for vulnerable libraries. These developers have downloaded Snyk’s CLI over 3.3M times since we started, recently reaching 350,000 downloads/month. Beyond those downloads, Snyk now protects over 100,000 repositories on source code management platforms such as GitHub, Bitbucket and GitLab. Combined, Snyk processes over 2 million vulnerability tests each month. More importantly, Snyk opened 10,000 fix pull requests and applied a staggering 300,000 patches in February alone!

This growth was made possible thanks to huge improvements in the product. We’ve expanded being JavaScript only to now supporting Java, .NET, Python, Ruby, Scala, PHP and Go. We’ve gone from CLI only to GitHub support to now supporting Bitbucket, GitLab and more. And we’ve introduced a unique ability to test Serverless and PaaS for vulnerable libraries, including tight integrations with AWS Lambda, Heroku and CloudFoundry. Beyond the broad platform support, we built top-tier enterprise and governance features, ranging from extensive reporting and policies to powerful user management to fully on-premises deployments for banks and similarly security conscious organizations.

All that said, our best achievement, hands down, is in helping developers embrace security. The vast majority of our users are developers who chose to use Snyk, without a security team or other forcing them to do so. This proves the core thesis that led us to found Snyk - that developers do care about security, and simply need the right tools to take it on. It also demonstrates that the same momentum that got us DevOps is ready to advance into its DevSecOps phase, where security is built in.

What’s next?

We’ve done a lot, but there’s even more left to do!

It’s too early to disclose most of what’s coming, but here are some sneak peeks into what we’ll be using the funds for:

• Even broader language support - we now support the vast majority of languages users need, but we plan to cover open source libraries for all the languages in your code base. We also intend to mature our support for the more recently added languages to match the level of subtle understanding and fix capabilities our veteran languages enjoy.

• Even broader platform support - when we integrate with a platform, we work hard to understand its workflows and fine points and design an integration that feels native. We plan to do so for more platforms.

• Beyond known vulnerabilities in app libraries - I’ll keep this one vague, but suffice to say that while known vulnerabilities in application dependencies are a major risk, open source security doesn’t end there. Expect to see more from us to help you broaden your protection, without slowing down.

• Extreme customer dedication, at scale - we care deeply about our users, and pride ourselves for being ridiculously easy to work with. We plan to keep up that level of dedication as we grow, which requires some scaling up of our customer success tooling and people.

These are just a few of many plans, but hopefully gives you a taste of what’s to come.

A huge thanks!

These events are also a great opportunity to say thanks to all those who helped us get to this point - and will hopefully help us go further.

First, I’d like to thank our investors, notably BOLDStart and Canaan. Having investors that believe in your vision and trust you and the team to deliver it is not trivial, and it’s an amazing show of faith for them to put more money behind us and help us run faster. Ed Sim at BOLDStart, who was and continues to be my first-pick investor, has written about this round, check out his blog here.

Second, I’d like to thank our amazing team. Personally, my job is to get great people, get them funded, and get out of the way. I may not always “get out of the way”, but I could not be more proud of the team we’ve assembled at Snyk, and am constantly amazed at what they have achieved. I am humbled and thankful that this great group of people joined the Snyk journey and are now leading it so well.

Last but not least, I’d like to thank our users! When we started Snyk, we were repeatedly told that developers don’t care about security, that large enterprises will never trust their developers to use DevOps, and that security conscious organizations don’t use open source anyway. All of you are proving each of these statement wrong, which makes me both happy and hopeful.

That’s all for now, onwards to more exciting years ahead!