Snyk innovation is to fit security in the development process.
In any development software company, during their development process, a separate security team takes the code offline and reviews it checking vulnerabilities in code (non necessarily aiming to find bugs). For example, they look into code and detect risks and recommends protecting against SQL injection, cross site scripting or other known weaknesses that developers are less focused on.
Snyk says this classic process can be speeded up, therefore they builds in security as part of the code commit.
Snyk offers an open-source tool to helps developers find open-source vulnerabilities when they commit their code to various open-source websites (GitHub, Bitbucket, GitLab) or any CI/CD (Continuous Integration / Continuous Development) tool.
There is a community of 400,000 developers that practice this approach.
Snyk sells a container security product.
Other income is generated from companies by taking advantage of a database with vulnerabilities they maintain. This is used in the open-source product.
The company claims revenue growth in 2019 (figures not public yet) four times than in 2018. Gaining in customer base are Google, Intuit, Nordstrom and Salesforce.
Previous financing: 2016 – 3millions $ (when started), then 2018 – 27 millions $ and latest 70 millions $
I see this as a cool idea, i.e. to automate building security into development. It seems Snyk are very good at this as long as they offer tools and a database with common vulnerabilities resulted out of the develpment process.