Open source libraries provide a tremendously valuable resource for developers, but in today’s rapid fire application development environment, it’s not always a simple matter to make sure you’re using secure code. Snyk, a software service startup wants to help developers find and fix vulnerabilities in their open source code before it goes into production. The company announced a $7 million Series A round today led by Boldstart Ventures and Canaan Partners .
Heavybit, FundFire, Peter McKay (from Veeam) and other unnamed investors also participated. Today’s round comes on top of a $3 million seed round, also with help from Boldstart, in 2016.
The company is built on the premise that the development team is uniquely suited to deal with these security problems before their programs go out into the world, rather than a security team that tends to be removed from the development process, says Guy Podjarny, Snyk CEO and co-founder. When software was built over months and years, this approach worked, but at today’s development speed, having an outside security team checking the software no longer makes sense, he says.
“We integrate elegantly into the development process and find known vulnerabilities in your open source elements and fix them,” Podjarny explained. The company monitors the code right in your Github repository, but if you’re concerned about sharing your source code with a third-party company, you need not worry about that, he said. “You are only giving us access to manifest files that dictate the files you are going to use,” he said.
They collect information about known vulnerabilities across the internet for the open source projects they monitor. Simply knowing that you are using certain libraries and have developed in a certain language such as Javascript, Java or .net provides enough information to know that your version of the code might be out of date.
Once they find those vulnerabilities, they send a pull request with advice on the fastest and most efficient way to fix the issue without breaking other things that are dependent on it.
[gallery ids="1603927,1603928,1603929"]
Podjarny was a co-founder at Blaze.io, which was sold to Akamai in 2012. He became CTO for the company’s web experience business after the acquisition, where he remained until he helped launch Snyk in 2015.
That startup experience was something that caught the eye of Ed Sim, founder and managing partner at lead investor Boldstart Ventures, a NYC early-stage venture capital firm. “We backed Guy in his last venture which was sold to Akamai and he and [his co-founders] have deep security experience. In addition, [the company satisfies] a huge unmet need as enterprises deploy code continuously and Snyk makes it easy for developers to secure their open source code,” Sim said.
Snyk may be a Series A company, but it’s proven a market need with 350,000 downloads per month and 130 large commercial paying customers already in the fold. The company also wants to broaden the reach of the tool to cover other open source projects. They plan to double the 30 employees currently in the fold, who are spread across offices in Tel Aviv and London with a small sales and support office in Boston.