Did you know?
Gartner predicts that by 2025, 45% of organizations worldwide will have experienced attacks on their software supply chains, a three-fold increase from 2021.
2022 Snyk Customer Value Study
Hear firsthand from Snyk customers on how implementing developer-first security helped them reduce risk and increase developer productivity in 2022.
Part One
Snyk helps customers reduce risk across the software supply chain
Share
Enterprise customers saw a 66% reduction in critical severity vulnerabilities
Snyk provides broad coverage across the software supply chain so you can scan more and do it faster — with customers reporting an average 249% increase in projects scanned with Snyk in 2022. As projects are scanned, Snyk assigns a Priority Score to each issue along with actionable fix advice for developers. These automations help teams respond quickly to critical vulnerabilities and dramatically improve risk posture.
Reduction in critical severity vulnerabilities
<500 employees
500 - 2,000 employees
>2,000 employees
0%
20%
40%
60%
80%
Share
Risk avoidance with Snyk saved customers an average of $2.1M in 2022
Supply chain attacks have increased in both volume and frequency in recent years, with organizations anticipating an average of ~3 security breaches each year. And with breaches costing an average of $4.55M, implementing a comprehensive framework for supply chain security is critical to protecting your bottom line.
ROI based on risk avoidance
$4,000,000
$3,000,000
$2,000,000
$1,000,000
$0
$0
$1,000,000
$2,000,000
$3,000,000
$4,000,000
<500 employees
500 - 2,000 employees
>2,000 employees
<500 employees
500 - 2,000 employees
>2,000 employees
Share
Snyk enables customers to respond rapidly to zero-day vulnerabilities like Log4Shell
When a zero-day vulnerability is detected, CISOs know there is nothing more important than acting quickly to protect your customers and your business. Snyk customers affected by the 2021 Log4Shell vulnerability were able to fix within an average of 3.82 days thanks to features including Snyk’s automatic Log4Shell fix PR and the Snyk API. This number includes both direct and indirect (transitive) instances of the vulnerable library.
Average time to fix Log4Shell vulns among all affected customers
Log4j-2314720 vuln
Log4j-2320014 vuln
0
1
2
3
4
5
"It was so easy to use Snyk to search issues by the CVE and quickly identify all the projects with the [Log4Shell] vulnerability. In addition to identifying all the application assets that needed to be fixed, it’s a simple way to watch the issues go down and ensure completeness.”
David Matousek
Director of Global Cybersecurity Services
"It’s hard to have good visibility into millions of lines of code. We knew we had potential vulnerabilities, but couldn’t quantify it. Snyk gave us the capability to see the numbers for the first time. At that point it was a slam dunk. We needed to use Snyk.”
Rob Hather
Security Product Manager
Part Two
Shifting left with Snyk increases developer productivity
Share
Enterprise Snyk customers reported an average annual ROI of $581K due to automation and developer efficiency gains
We asked CTOs what factors are most important when considering new tooling, and to no surprise, developer productivity came out on top. Unlike other application security tools, Snyk is built directly into developer workflows, helping businesses embrace the DevSecOps model and improve efficiency.
ROI based on developer efficiency gains
$600,000
$400,000
$200,000
$0
$0
$200,000
$400,000
$600,000
<500 employees
500 - 2,000 employees
>2,000 employees
<500 employees
500 - 2,000 employees
>2,000 employees
Did you know?
The average U.S. developer rate is $70/hour, according to a 2021 Developer Survey by Stack Overflow.
Share
Based on working hours in a calendar year, efficiency gains with Snyk equated to 2.2 development FTE per customer organization
The market for hiring talented developers is extremely competitive, with software engineering roles often sitting for months without being filled. With Snyk, security becomes a seamless part of your development teams’ workflows, saving time and enabling them to produce more secure code. Enterprise customers report saving an average of 8,300 developer hours
Developer efficiency gains (in hours)
10,000
7,500
5,000
2,500
0
0
2,500
5,000
7,500
10,000
<500 employees
500 - 2,000 employees
>2,000 employees
<500 employees
500 - 2,000 employees
>2,000 employees
Customers report driving substantial developer productivity by shifting left with Snyk
2.5
2
1.5
1
0.5
0
0
0.5
1
1.5
2
2.5
Researching & fixing a single issue
Committing a change with a fix
Analyzing a failed build
Triaging an issue
Completing a code review
Researching & fixing a single issue
Committing a change with a fix
Analyzing a failed build
Triaging an issue
Completing a code review
"Spotify has thousands of engineers, so we were very intentional when implementing security testing automation, keeping developer needs top of mind and freeing up developers to focus on their own priorities. For some languages and frameworks, we’ve automatically embedded vulnerability scanning in CI/CD pipelines, so the adoption has been seamless and hasn’t required any action from developers… Now the number of scanned projects continues to increase.”
Edina Muminovic
Engineering Manager
Security engineers have multiple responsibilities, and it becomes really difficult to perform numerous reviews each month, especially if the requests are time-constrained. We thought we could automate this process to potentially save some time for the engineers… I’m an advocate for automation and shifting left and I think Snyk is one of the most important tools to scale the security effort across an organization.”
Amol Deshpande
Product Security Engineer
Part Three
Developers love Snyk — and so do security teams
Share
Snyk helps developer and security teams work together to reduce mean time to fix by an average of 44%
The most effective security program is one in which developers and security engineers can solve problems together, quickly. Snyk provides a frictionless developer experience and enables security teams to build guardrails directly into developer workflows, helping break down silos between these two departments.
Decrease in mean time to fix by organization size
60%
40%
20%
0%
0%
20%
40%
60%
<500 employees
500 - 2,000 employees
>2,000 employees
<500 employees
500 - 2,000 employees
>2,000 employees
Did you know?
85% of developers that use Snyk would recommend it to others, citing considerable time savings and ease of use.
Average time to start using Snyk by organization size
<500 employees
10 days
500 - 2,000 employees
12 days
>2,000 employees
26 days
Did you know?
Snyk Code scans at a rate of 3.2x faster than other SAST tools, yet another time-saver that helps development teams meet sprint deadlines and security teams meet SLAs. That’s what we call a win-win.
"Snyk has really given developers the ability to start thinking about security as they’re developing code. It’s allowed [them] to be much more proactive in fixing vulnerabilities… Compared to our previous tooling, Snyk’s scanning is 2x faster and much more integrated to their tooling and processes. The developers are also quite happy that it’s a lot easier to navigate.”
Eric Cheng
Digital Solutions Architect
About this report
In 2022, Snyk set out to understand the value our customers have gained in the past year with the Snyk platform in our first annual Customer Value Study. Thank you to the hundreds of Snyk customers who participated in our survey and helped make this project possible.
Dive in deeper
Read Snyk’s full 2022 Customer Value Study report for a deeper dive into how Snyk customers think about the return on investment they’ve realized by leveraging the Snyk platform.
