Did you know?
Snyk enables license compliance and helps customers achieve compliance to 13 common industry standards across the globe, including PCI-DSS, SOC 2, and ISO 27001.
2023 Snyk Customer Value Study
Hear firsthand from Snyk customers on how implementing developer-first security helped them reduce risk and increase developer productivity in 2023.
Part one
Executive summary
Customers report that Snyk has helped drive substantial ROI in time savings and risk avoidance in the past year — a 2x increase in return-on-investment from 2022. On average, organizations gained an equivalent savings of 30 development FTEs from risk avoidance and developer productivity gains, reported by over 500 Snyk customers.
$5.08M
The average savings Snyk customers realized in the past year based on risk avoidance and dev efficiency gains.
70% increase
The average increase in automated remediation by customers using the Snyk platform.
13 common standards
Snyk enables license compliance and maps to compliance standards including ISO, PCI, and SOC 2.
2.4x faster
The average amount by which customers report Snyk’s scanning is faster than alternatives.
Snyk makes it easy for leaders to choose the right AppSec tooling
With a rapidly evolving technical landscape introducing more languages, ecosystems, and processes into your software development lifecycles, it’s more important than ever before to bring in the right AppSec tooling. We asked Snyk customer executives to identify their top considerations when evaluating security tooling, with risk reduction, compliance, and automation ranking as the most important factors.
Top considerations for CISOs
50%
40%
30%
20%
10%
0%
0%
10%
20%
30%
40%
50%
Risk reduction
Compliance
Automation
Accuracy
Security depth
Reporting
Risk reduction
Compliance
Automation
Accuracy
Security depth
Reporting
Top considerations for CTOs
40%
30%
20%
10%
0%
0%
10%
20%
30%
40%
Risk reduction
Automation
Developer productivity
Reliability
Compliance
Accuracy
Ease of Use
Risk reduction
Automation
Developer productivity
Reliability
Compliance
Accuracy
Ease of Use
“It’s really important to prevent security issues. They’re not just expensive to handle, they’re also a red mark on a project that developers don’t want to see… Tooling has a part to play in how developers find and fix security issues. Snyk was brought into Intuit through the development team bringing it to security as the tool they wanted to use.”
Vlad Nikolov
Principal Security Engineer, Intuit
Part two
Snyk helps customers reduce risk across the software supply chain
Risk avoidance with Snyk saved customers an average of $3.49M in 2023
Supply chain attacks have increased in both volume and frequency in recent years, making it more important than ever for businesses to have a comprehensive framework for supply chain security in place. Snyk’s industry-leading security intelligence combines public sources, data from the developer community, proprietary expert research, machine learning, and human-in-the-loop AI to help you detect early and resolve quickly to avoid expensive security events.
ROI based on risk avoidance
$5,000,000
$4,000,000
$3,000,000
$2,000,000
$1,000,000
$0
$0
$1,000,000
$2,000,000
$3,000,000
$4,000,000
$5,000,000
<750 employees
750 - 5,000 employees
>5,000 employees
Fortune 500
<750 employees
750 - 5,000 employees
>5,000 employees
Fortune 500
Enterprise customers fixed 162% more critical and high vulnerabilities with Snyk
Snyk is built for speed, with automatic issue prioritization and fix advice built into our platform. Our code-to-cloud application intelligence helps customers reduce noise in their backlogs and focus on the top risks to their business.
In 2023, Snyk customers fixed over 50 million vulnerabilities using the Snyk platform. Our broad coverage across 19 programming languages, 25+ package managers and frameworks, Terraform, and more, combined with 2.4x faster scan times than alternative solutions, means Snyk customers can scan more projects, faster.
Increase in fixed vulnerabilities YoY
<750 employees
750 - 5,000 employees
>5,000 employees
Fortune 500
0%
50%
100%
150%
200%
250%
Did you know?
Gartner predicts that by 2025, 45% of organizations worldwide will have experienced attacks on their software supply chains, a three-fold increase from 2021.
“I want everybody to see security as their partner and something that enables them. And having something early in the lifecycle truly does that. So we start with the IDE implementation and integrate with the repositories. This helps us understand the context around security vulnerabilities in our dependencies, helping us make informed decisions.”
Charlotte Townsley
Director, Security Engineering, Natera
Snyk enables customers to respond rapidly to zero-day vulnerabilities
When a zero-day vulnerability occurs, early detection and remediation are of paramount importance to CISOs and application security teams in order to reduce the impact to customers and the business. Through continuous monitoring, automatic fix advice, and industry-leading security intelligence, Snyk ensures your developers can detect and respond quickly to zero-day vulns, up to 2.4x faster than alternative solutions.
In September 2023, two critical vulnerabilities were found in the libwebp library. Using the Snyk CLI to test projects locally or using Snyk reports to quickly search libwebp across imported projects, Snyk allows customers to respond quickly to the vulns. In fact, 90% of Snyk customers who were exposed to cURL were able to fix the critical vulnerability within two days.
Average time to fix cURL vulns among affected customers
Days to fix
CVE-2023-5129 vuln
CVE-2023-4863 vuln
0
5
10
15
"The major differentiators [with Snyk] were easy integration with GitLab CI, and faster results. Snyk also has several features available within the CLI. For example, it can filter or target specific vulnerabilities by level, type, or location. Most other tools I’ve used don’t have this filtering mechanism [which is] much more cumbersome.
We’re glad to have a reliable source of information about all of our third-party software, so our developers can be the first to know about any critical vulnerabilities.
With the auto-fix feature, the developer doesn’t have to search around and wonder, ‘How do I fix this?’ Instead, they can click on a button, the right patch or upgrade is prepared, and then they just merge it."
Dipin Thomas
Engineering Manager, ShopBack
Part Three
Shifting left with Snyk increases developer productivity
Snyk customers reported an average annual ROI of $1.59M thanks to developer efficiency gains
Each year, Snyk asks executives which factors are most important when considering new security tooling. CTOs consistently rank developer productivity at the top of this list. With rising salaries and a competitive hiring market, it’s not always feasible to bring on additional headcount to your security teams. Therefore, it’s essential that your developers have tooling in place that enables them to move quickly, while ensuring application security.
Snyk is proud to report that in 2023, customers reported an average savings of $1.59M in developer efficiency gains, with Fortune 500 customers seeing an impressive $8M+ in savings. We’re thrilled to see our customers finding and fixing vulnerabilities faster than ever before thanks to their successful adoption of Snyk.
ROI based on developer efficiency gains
$10,000,000
$7,500,000
$5,000,000
$2,500,000
$0
$0
$2,500,000
$5,000,000
$7,500,000
$10,000,000
<750 employees
750 - 5,000 employees
>5,000 employees
Fortune 500
<750 employees
750 - 5,000 employees
>5,000 employees
Fortune 500
Did you know?
The average U.S. developer rate is $85/hour, according to a 2023 Developer Survey by Stack Overflow.
“Adopting Snyk allows Applied Systems to align our security and development goals to deliver more value to our customers. Snyk accelerates our development process and ensures our engineers have the best information possible to enhance the security of our product portfolio.”
Tanner Randolph
CISO, Applied Systems
Fortune 500 customers saved 100K+ hours in developer efficiency gains with Snyk
Helping customers embrace developer-first application security has always been at the heart of Snyk’s mission. We achieve this by providing faster scan times, risk-based prioritization, context-rich reporting, and automation — all of which help users find and fix vulnerabilities faster than alternative solutions.
In the last year, our customers reported an average time savings of 20,729 hours, with Fortune 500 customers seeing an impressive 3x increase in developer adoption with Snyk. Check out more statistics for developer adoption for Fortune 500 customers below.
Developer efficiency gains
Developer hours saved
<750 employees
750 - 5,000 employees
>5,000 employees
Fortune 500
0
25,000
50,000
75,000
100,000
125,000
Snyk makes it easy to shift left with dev-friendly tooling and processes
Developer adoption growth YoY in the Fortune 500
250%
200%
150%
100%
50%
0%
0%
50%
100%
150%
200%
250%
Private repos
CLI & CI scans
API usage
IDE usage
Private repos
CLI & CI scans
API usage
IDE usage
Snyk is scalable and API-ready, enabling customers to see value faster than alternative tools
The results above show us just how easy it is for developers to adopt Snyk into their daily workflows. We’re also excited to share that in 2023, customers reported an average time of 12 days from Snyk purchase to first scan — a six-day reduction from the previous year. Security and development teams continuously cite Snyk Learn, Snyk’s interactive developer security & product training platform, as a primary resource in achieving such quick success.
Average time to start using Snyk by organization size
Days to first scan
Days to full deployment
<750 employees
750 - 5,000 employees
>5,000 employees
Fortune 500
0
20
40
60
Did you know?
Customers who take advantage of interactive security and product lessons available on the Snyk Learn platform are 63.1% more likely to accelerate their shift left journey!
“Without Snyk… many security tasks would take a lot of time with Reddit’s scale, so automating some of these things has reduced the operational burden and lowered the total cost of ownership for adopting the Snyk platform."
Spencer Koch
Security Wizard, Reddit
About this report
In 2023, Snyk set out to understand the value our customers have gained in the past year with the Snyk platform in our second annual Customer Value Study. Thank you to the over five hundred Snyk customers who participated in our survey and helped make this project possible.
Dive in deeper
Read Snyk’s full 2023 Customer Value Study report for a deeper dive into how Snyk customers think about the return on investment they’ve realized by leveraging the Snyk platform.
