BOSTON – May 12, 2021 – Snyk, the leader in cloud native application security, today announced its acquisition of FossID, a software composition analysis tool that scans code for open source licenses and vulnerabilities. Based in Sweden, FossID was founded with a mission to give developers a solution that detects all footprints of free and open source software (FOSS) within code bases, from entire components to code snippets and including license obligations and compliance issues.

Founded in 2016, FossID was created based on the team's experience working with FOSS since 2001, specifically with the complexities of open source software used within legacy as well as embedded modern applications. With strong customer adoption in Fortune 500 organizations across verticals like automotive, financial services, manufacturing, technology and telecommunications, FossID has earned a strong reputation with developers using C/C++.

By joining forces with Snyk, FossID's capabilities will be integrated into Snyk's Software Composition Analysis (SCA) product, Snyk Open Source, extending the developer-first security and license compliance mindset and experience to teams worldwide currently leveraging C/C++. With over six million developers using C/C++ to build their applications today[1], including teams both modernizing legacy applications and building new embedded Internet of Things (IoT) applications, FossID's technology allows Snyk to reach a significantly larger percentage of the current 27 million developers across the globe[2] in 2021 and beyond. 

This includes:

• Unmanaged code, inclusive of snippet detection: FossID's solution identifies vulnerabilities in all forms of open source, including the detection of snippets (a few lines of code copied from the open source software package). This has been historically difficult and is a critical problem to solve for developers looking to increasingly own security responsibilities within their organizations. 

• 2 PBs of machine harvested source code: FossID's comprehensive knowledge base contains the equivalent of more than two petabytes (PBs) of machine harvested source code from all of the world's currently known open source repositories.

• AI-powered analysis: FossID's AI technology automatically eliminates false-positives, allowing development teams to save time and money and ultimately ship their applications faster and safer than their competition.

• Developer-friendly license compliance: FossID's license compliance engine is able to automatically inspect applications with speed and accuracy to detect license and copyright information, thanks to its AI-powered patent-pending software solution that relies on an audit-grade database of over 1900 licenses.

"With FossID's powerful capabilities to find, fix and monitor vulnerabilities in all forms of open source software, Snyk is now accelerating our vision to bring security to every developer in the world," said Peter McKay, CEO, Snyk. "Together with this world class team, we look forward to reaching millions more of the world's developers, empowering them to build applications securely while also staying a step ahead of their competition."

"As FossID's employees today become Snykers, I believe our founding mission – to help companies to achieve maximum open source adoption efficiency – evolves and expands with the scope of the opportunity now in front of us," said Oskar Swirtun, Co-Founder and CEO, FossID. "This is a perfect fit for both the Snyk and FossID teams, and we're proud to play a crucial role in this next phase of the Snyk journey."

The acquisition of FossID is Snyk's third within the last six months, following the successful purchases of Manifold in January 2021 and DeepCode in October 2020. This latest corporate development comes on the heels of the company's March 2021 announcement of $300 million in Series E investment and its resulting expansion into Asia Pacific Japan (APJ). Due in part to several key automotive and semiconductor customers, FossID additionally brings to Snyk a strong customer base both in Europe as well as across APJ.

To learn more about how cloud native adoption has both transformed the way organizations build modern applications and resulted in increased security threats and concerns, explore Snyk's recently released State of Cloud Native Application Security Report here. 

Supporting Resources

• Background: FossID website
• Product information: Snyk Open Source
• Snyk Blog: Joining forces with FossID to extend developer-first security to C/C++ applications by Guy Podjarny, Founder/President, Snyk
• FossID Blog: FossID Joins Forces with Snyk to Bring Security to Every Developer in the World by Oskar Swirtun, CEO and Co-Founder, FossID

About Snyk

Snyk, the cloud native application security leader, today enables 2.2 million developers to build securely, with a vision to empower every modern developer in the world to develop fast and stay secure. Only Snyk provides a platform to secure all of the critical components of today's cloud native application development including the code, open source libraries, container infrastructure and infrastructure as code. Snyk's developer-first approach enables technology-driven companies to scale security in today's fast-paced digitally transforming world. Snyk's security platform is powered by its industry-leading proprietary vulnerability database, maintained by the expert Snyk security research team, that also powers security solutions from strategic partners such as Atlassian, Datadog, Docker, IBM Cloud, Rapid7, Red Hat and Trend Micro. The company works with global customers of all sizes to empower developers to automatically integrate security throughout their existing workflows.

Named to the2020 Forbes Cloud 100, the definitive ranking of the top 100 private cloud companies in the world, Snyk was also recently recognized by Comparably as the #3 small-to-medium businesses for Happiest Employees in 2020.

[1] State of the Developer Nation, 19th Edition, October 2020 by SlashData

[2] The Global Developer Population and Demographic Study 2019 by EDC