2022 Snyk Customer Value Study

Hear firsthand from Snyk customers on how implementing developer-first security helped them reduce risk and increase developer productivity in 2022.

Part One

Snyk helps customers reduce risk across the software supply chain

Share

Enterprise customers saw a 66% reduction in critical severity vulnerabilities

Snyk provides broad coverage across the software supply chain so you can scan more and do it faster — with customers reporting an average 249% increase in projects scanned with Snyk in 2022. As projects are scanned, Snyk assigns a Priority Score to each issue along with actionable fix advice for developers. These automations help teams respond quickly to critical vulnerabilities and dramatically improve risk posture.

Reduction in critical severity vulnerabilities

<500 employees

500 - 2,000 employees

>2,000 employees

0%

20%

40%

60%

80%

Share

Risk avoidance with Snyk saved customers an average of $2.1M in 2022

Supply chain attacks have increased in both volume and frequency in recent years, with organizations anticipating an average of ~3 security breaches each year. And with breaches costing an average of $4.55M, implementing a comprehensive framework for supply chain security is critical to protecting your bottom line.

ROI based on risk avoidance

$4,000,000

$3,000,000

$2,000,000

$1,000,000

$0

$0

$1,000,000

$2,000,000

$3,000,000

$4,000,000

<500 employees

500 - 2,000 employees

>2,000 employees

<500 employees

500 - 2,000 employees

>2,000 employees

Did you know?

Gartner predicts that by 2025, 45% of organizations worldwide will have experienced attacks on their software supply chains, a three-fold increase from 2021.

Share

Snyk enables customers to respond rapidly to zero-day vulnerabilities like Log4Shell

When a zero-day vulnerability is detected, CISOs know there is nothing more important than acting quickly to protect your customers and your business. Snyk customers affected by the 2021 Log4Shell vulnerability were able to fix within an average of 3.82 days thanks to features including Snyk’s automatic Log4Shell fix PR and the Snyk API. This number includes both direct and indirect (transitive) instances of the vulnerable library.

Average time to fix Log4Shell vulns among all affected customers

Log4j-2314720 vuln

Log4j-2320014 vuln

0

1

2

3

4

5

Manulife

"It was so easy to use Snyk to search issues by the CVE and quickly identify all the projects with the [Log4Shell] vulnerability. In addition to identifying all the application assets that needed to be fixed, it’s a simple way to watch the issues go down and ensure completeness.”

David Matousek

Director of Global Cybersecurity Services

Citrix

"It’s hard to have good visibility into millions of lines of code. We knew we had potential vulnerabilities, but couldn’t quantify it. Snyk gave us the capability to see the numbers for the first time. At that point it was a slam dunk. We needed to use Snyk.”

Rob Hather

Security Product Manager

Part Two

Shifting left with Snyk increases developer productivity

Share

Enterprise Snyk customers reported an average annual ROI of $581K due to automation and developer efficiency gains

We asked CTOs what factors are most important when considering new tooling, and to no surprise, developer productivity came out on top. Unlike other application security tools, Snyk is built directly into developer workflows, helping businesses embrace the DevSecOps model and improve efficiency.

ROI based on developer efficiency gains

$600,000

$400,000

$200,000

$0

$0

$200,000

$400,000

$600,000

<500 employees

500 - 2,000 employees

>2,000 employees

<500 employees

500 - 2,000 employees

>2,000 employees

Did you know?

The average U.S. developer rate is $70/hour, according to a 2021 Developer Survey by Stack Overflow.

Share

Based on working hours in a calendar year, efficiency gains with Snyk equated to 2.2 development FTE per customer organization

The market for hiring talented developers is extremely competitive, with software engineering roles often sitting for months without being filled. With Snyk, security becomes a seamless part of your development teams’ workflows, saving time and enabling them to produce more secure code. Enterprise customers report saving an average of 8,300 developer hours

Developer efficiency gains (in hours)

10,000

7,500

5,000

2,500

0

0

2,500

5,000

7,500

10,000

<500 employees

500 - 2,000 employees

>2,000 employees

<500 employees

500 - 2,000 employees

>2,000 employees

Share

Customers report driving substantial developer productivity by shifting left with Snyk

2.5

2

1.5

1

0.5

0

0

0.5

1

1.5

2

2.5

Researching & fixing a single issue

Committing a change with a fix

Analyzing a failed build

Triaging an issue

Completing a code review

Researching & fixing a single issue

Committing a change with a fix

Analyzing a failed build

Triaging an issue

Completing a code review

Spotify

"Spotify has thousands of engineers, so we were very intentional when implementing security testing automation, keeping developer needs top of mind and freeing up developers to focus on their own priorities. For some languages and frameworks, we’ve automatically embedded vulnerability scanning in CI/CD pipelines, so the adoption has been seamless and hasn’t required any action from developers… Now the number of scanned projects continues to increase.”

Edina Muminovic

Engineering Manager

Salesforce

Security engineers have multiple responsibilities, and it becomes really difficult to perform numerous reviews each month, especially if the requests are time-constrained. We thought we could automate this process to potentially save some time for the engineers… I’m an advocate for automation and shifting left and I think Snyk is one of the most important tools to scale the security effort across an organization.”

Amol Deshpande

Product Security Engineer

Part Three

Developers love Snyk — and so do security teams

Share

Snyk helps developer and security teams work together to reduce mean time to fix by an average of 44%

The most effective security program is one in which developers and security engineers can solve problems together, quickly. Snyk provides a frictionless developer experience and enables security teams to build guardrails directly into developer workflows, helping break down silos between these two departments. 

Decrease in mean time to fix by organization size

60%

40%

20%

0%

0%

20%

40%

60%

<500 employees

500 - 2,000 employees

>2,000 employees

<500 employees

500 - 2,000 employees

>2,000 employees

Did you know?

85% of developers that use Snyk would recommend it to others, citing considerable time savings and ease of use.

Share

Snyk is scalable and API ready, enabling customers to see value faster than alternative tools

It only takes customers an average of 18 days to implement Snyk — helping you go from procurement to value fast.

Average time to start using Snyk by organization size

<500 employees

10 days

500 - 2,000 employees

12 days

>2,000 employees

26 days

Share

What is the average scale of deployment at organizations of different size?

# Developers
# repositories

1,000

750

500

250

0

0

250

500

750

1,000

<500 employees

500 - 2,000 employees

>2,000 employees

<500 employees

500 - 2,000 employees

>2,000 employees

Did you know?

Snyk Code scans at a rate of 3.2x faster than other SAST tools, yet another time-saver that helps development teams meet sprint deadlines and security teams meet SLAs. That’s what we call a win-win.

Komatsu

"Snyk has really given developers the ability to start thinking about security as they’re developing code. It’s allowed [them] to be much more proactive in fixing vulnerabilities… Compared to our previous tooling, Snyk’s scanning is 2x faster and much more integrated to their tooling and processes. The developers are also quite happy that it’s a lot easier to navigate.”

Eric Cheng

Digital Solutions Architect

About this report

In 2022, Snyk set out to understand the value our customers have gained in the past year with the Snyk platform in our first annual Customer Value Study. Thank you to the hundreds of Snyk customers who participated in our survey and helped make this project possible.

Patch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo Segment

Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer’s toolkit.

Start freeBook a live demo