Secure by design

Serious about Security

We take security seriously here at Snyk, and we are proud to exceed the industry standard
when it comes to protecting your organization.

Trusted by the world’s leading organizations


Snyk is
SOC-2 Type 2

Snyk is SOC-2 Type 2 Compliant

Snyk is constantly advancing and improving its security programs, policies, and procedures. We are proud to announce that our SOC2 Type 2 Report is complete and available for customers and prospects. The assessment was conducted by independent auditors, Ernst & Young, who specialize in compliance across multiple industries. The SOC 2 report includes management’s description of Snyk’s trust services and controls as well as E&Y’s opinion of Snyk’s system design.

Snyk & the General
Data Protection

Snyk & the General Data Protection Regulation

Snyk takes your privacy very seriously. As a UK company with operations in Israel, Canada and the USA, Snyk is subject to the EU General Data Protection Regulation (GDPR) and is fully committed to be compliant with the GDPR as well as other laws to which it is subject. Our privacy policy gives you information on how we handle personal data, the way we use it, and your rights in respect of your data.

Learn more about Snyk & the General Data Protection Regulation

Disclosing Vulnerabilities

A bug bounty program

We at Snyk value the security community and believe that responsible disclosure of security vulnerabilities in open source packages helps us ensure the security and privacy of the users. ​ A responsible disclosure program includes a policy with clear and simple rules of engagement for security researchers to report vulnerabilities they discover. It protects both the developer and researcher, while allowing developers to safely benefit from vulnerabilities discovered by researchers.

Learn more about Snyk vulnerability disclosures