Join Transform 2021 this July 12-16. Register for the AI occasion of the year.
Open supply software program vulnerability scanning platform Snyk has acquired FossID, a Swedish startup that develops a software program composition evaluation tool for open supply code.
Though the two corporations incredibly considerably operate in the exact same space, bringing FossID below its wing will give Snyk higher coverage for open supply license compliance difficulties and more in depth assistance for software program written in C and C++.
Snyk, which was founded out of London in 2015, aids developer teams uncover and address vulnerabilities and license violations in their open supply code bases, containers, and Kubernetes applications by means of tapping a giant internal database it maintains internally. The organization counts higher-profile prospects such as Google, Twilio, Atlassian, and Salesforce.
Language assistance
Snyk at the moment supports dozens of languages such as Java, Javascript, Golang, Python, Ruby, and Scala, and despite the fact that it did have some assistance for C/C++, FossID is the missing piece of the puzzle that enables it to go deeper.
C and C++ is employed by million of developers, and is employed partly or wholly in significant applications from Amazon and YouTube to Photoshop, as nicely as a wide variety of open supply software program such as database management technique MySQL, Firefox, Google’s Chromium browser, and myriad legacy applications.
“It’s a broad ecosystem,” Snyk cofounder and president Guy Podjarny told VentureBeat. “This acquisition helps us reach all 6.3 million C/C++ developers, and bring them the combined depth of analysis FossID offers with the great developer experience Snyk is known for.”
Founded out of Stockholm in 2016, FossID has amassed a decent roster of prospects which includes Bosch, Ericsson, and corporations from across the automotive, finance, and manufacturing spheres.
Snippets
FossID claims to be adept at identifying vulnerabilities in “all forms” of open supply, which includes smaller snippets that have been copied from an open supply software program package. Traditionally, this has been challenging to reach at scale.
“This acquisition will help Snyk identify ‘messier’ uses of open source,” Podjarny explained. “This includes binaries downloaded from the Internet, snippets of code copy-pasted from StackOverflow into a commercial code base, or source code that was downloaded, modified and then used.”
FossID tracks two petabytes of open supply code from its internal information warehouse, and leverages AI to match code in between that database and the customer’s personal code base.
“This helps you find those pieces of open source, which in turn helps find and address vulnerabilities in them and track license issues to stay compliant,” Podjarny added. “This will be especially useful when securing embedded, gaming, trading, and legacy enterprise applications.”
Put basically, bolstering its personal information pool and diving deeper into C and C++ broadens Snyk’s horizons considerably.
As a outcome of the acquisition, FossID will be integrated into Snyk Open Source, Snyk’s software program composition evaluation (SCA) solution. It also comes hot on the heels of a flurry of activity across the open supply safety and compliance landscape.
Just last month, WhiteSource raised $75 million from prominent investors such as Microsoft’s M12, which followed Snyk itself securing a fresh $300 million money injection at a valuation of $4.7 billion. And earlier this week, cybersecurity giant Trend Micro announced a new partnership with Snyk to provide its personal prospects a new solution that provides safety teams (rather than developers) insights into vulnerabilities and compliance dangers across their open supply code.