Hear from CIOs, CTOs, and other senior executives and leaders on data and AI strategies at the Future of Work Summit on January 12, 2022. Learn more
Open source software vulnerability analysis platform Snyk has acquired FossID, a Swedish startup that develops a software composition analysis tool for open source code.
Although the two companies operate in the same space, putting FossID under its wing will give Snyk better coverage of open source license compliance issues and more support for software written in C and C ++.
Snyk, which was founded in London in 2015, helps developer teams find and resolve vulnerabilities and license violations in their open source code bases, containers and Kubernetes applications through a giant internal database. The company counts leading companies such as Google, Twilio, Atlassian and Salesforce among its customers.
C and C ++ are popular with millions of developers and used in part or in full in major applications ranging from Amazon and YouTube to Photoshop, as well as in a wide range of open source software, such as the Core Management System of data MySQL, Firefox, Google’s Chromium browser, and a myriad of legacy applications.
âIt’s a huge ecosystem,â Snyk co-founder and president Guy Podjarny told VentureBeat. “This acquisition helps us reach the 6.3 million C / C ++ developers and bring them the combined depth of analysis of FossID offerings with the excellent development experience Snyk is known for.”
Founded in Stockholm in 2016, FossID has amassed a decent list of clients, including Bosch, Ericsson, and companies in the automotive, finance, and manufacturing fields.
FossID claims to be adept at identifying vulnerabilities in “all forms” of open source, including small snippets that have been copied from an open source software package. Traditionally, this has been difficult to achieve on a large scale.
“This acquisition will help Snyk identify ‘more complicated’ uses of open source,” Podjarny said. âThis includes binaries downloaded from the Internet; copy-pasted code snippets from StackOverflow into a commercial codebase; or the source code that has been downloaded, modified, and then used.
FossID tracks 2 petabytes of open source code from its internal data warehouse and uses AI to match code between that database and the customer’s own code base.
âIt helps you find these open source pieces, which in turn helps find and fix vulnerabilities and track licensing issues to stay compliant,â Podjarny added. âThis will be particularly useful for securing integrated business, gaming, trading and legacy applications. “
Simply put, bolstering his own data pool and delving deeper into C and C ++ broadens Snyk’s horizons considerably.
Following the acquisition, FossID will be integrated with Snyk Open Source, Snyk’s software composition analysis (SCA) product. It also follows a wave of activity in the open source security and compliance landscape.
Last month, WhiteSource raised $ 75 million from top investors such as Microsoft’s M12, shortly after Snyk himself secured a further injection of $ 300 million for a valuation of 4.7. billions of dollars. Earlier this week, cybersecurity giant Trend Micro announced a new partnership with Snyk to offer its own customers a product that gives security teams (rather than developers) insight into vulnerabilities and compliance risks. in their open source code.
VentureBeat’s mission is to be a digital public place for technical decision-makers to learn about transformative technology and conduct transactions. Our site provides essential information on data technologies and strategies to guide you in managing your organizations. We invite you to become a member of our community, to access:
- up-to-date information on the topics that interest you
- our newsletters
- Closed thought leader content and discounted access to our popular events, such as Transform 2021: Learn more
- networking features, and more
Become a member