Open source software vulnerability scanning platform Snyk has acquired FossID, a Swedish startup that develops a software composition analysis tool for open source code.
Though the two companies operate in the same space, bringing FossID under its wing will give Snyk greater coverage for open source license compliance issues and more extensive support for software written in C and C++.
Snyk, which was founded out of London in 2015, helps developer teams find and address vulnerabilities and license violations in their open source codebases, containers, and Kubernetes applications via a giant internal database. The company counts high-profile companies such as Google, Twilio, Atlassian, and Salesforce among its customer base.
C and C++ are popular with millions of developers and used partly or wholly in major applications ranging from Amazon and YouTube to Photoshop, as well as in a wide range of open source software, such as database management system MySQL, Firefox, Google’s Chromium browser, and myriad legacy applications.
“It’s a broad ecosystem,” Snyk cofounder and president Guy Podjarny told VentureBeat. “This acquisition helps us reach all 6.3 million C/C++ developers and bring them the combined depth of analysis FossID offers with the great developer experience Snyk is known for.”
Founded out of Stockholm in 2016, FossID has amassed a decent roster of customers, including Bosch, Ericsson, and companies from across the automotive, finance, and manufacturing spheres.
FossID claims to be adept at identifying vulnerabilities in “all forms” of open source, including small snippets that have been copied from an open source software package. Traditionally, this has been difficult to achieve at scale.
“This acquisition will help Snyk identify ‘messier’ uses of open source,” Podjarny explained. “This includes binaries downloaded from the internet; snippets of code copy-pasted from StackOverflow into a commercial code base; or source code that was downloaded, modified, and then used.”
FossID tracks 2 petabytes of open source code from its internal data warehouse and leverages AI to match code between that database and the customer’s own codebase.
“This helps you find those pieces of open source, which in turn helps find and address vulnerabilities in them and track license issues to stay compliant,” Podjarny added. “This will be especially useful when securing embedded, gaming, trading, and legacy enterprise applications.”
Put simply, bolstering its own data pool and diving deeper into C and C++ broadens Snyk’s horizons significantly.
As a result of the acquisition, FossID will be integrated into Snyk Open Source, Snyk’s software composition analysis (SCA) product. It also follows a flurry of activity across the open source security and compliance landscape.
Just last month, WhiteSource raised $75 million from prominent investors such as Microsoft’s M12, shortly after Snyk itself secured a fresh $300 million cash injection at a valuation of $4.7 billion. Earlier this week, cybersecurity giant Trend Micro announced a new partnership with Snyk to offer its own customers a product that gives security teams (rather than developers) insights into vulnerabilities and compliance risks across their open source code.
VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact. Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:
- up-to-date information on the subjects of interest to you
- our newsletters
- gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
- networking features, and more