Snyk bolsters open supply software program safety with FossID acquisition

Be a part of Rework 2021 this July 12-16. Register for the AI occasion of the 12 months.


Open supply software program vulnerability scanning platform Snyk has acquired FossID, a Swedish startup that develops a software program composition evaluation software for open supply code.

Although the 2 firms very a lot function in the identical house, bringing FossID below its wing will give Snyk larger protection for open supply license compliance points and extra intensive assist for software program written in C and C++.

Snyk, which was based out of London in 2015, helps developer groups discover and deal with vulnerabilities and license violations of their open supply code bases, containers, and Kubernetes purposes by tapping an enormous inner database it maintains internally. The corporate counts high-profile clients comparable to Google, Twilio, Atlassian, and Salesforce.

Above: Snyk: Code scan

Language assist

Snyk at the moment helps dozens of languages comparable to Java, Javascript, Golang, Python, Ruby, and Scala, and though it did have some assist for C/C++, FossID is the lacking piece of the puzzle that enables it to go deeper.

C and C++ is utilized by million of builders, and is used partly or wholly in main purposes from Amazon and YouTube to Photoshop, in addition to a variety of open supply software program comparable to database administration system MySQL, Firefox, Google’s Chromium browser, and myriad legacy purposes.

“It’s a broad ecosystem,” Snyk cofounder and president Man Podjarny advised VentureBeat. “This acquisition helps us attain all 6.3 million C/C++ builders, and produce them the mixed depth of study FossID affords with the nice developer expertise Snyk is thought for.”

Based out of Stockholm in 2016, FossID has amassed a good roster of shoppers together with Bosch, Ericsson, and corporations from throughout the automotive, finance, and manufacturing spheres.

Snippets

FossID claims to be adept at figuring out vulnerabilities in “all varieties” of open supply, together with small snippets which were copied from an open supply software program package deal. Historically, this has been troublesome to realize at scale.

“This acquisition will assist Snyk determine ‘messier’ makes use of of open supply,” Podjarny defined. “This contains binaries downloaded from the Web, snippets of code copy-pasted from StackOverflow right into a business code base, or supply code that was downloaded, modified after which used.”

FossID tracks two petabytes of open supply code from its inner information warehouse, and leverages AI to match code between that database and the shopper’s personal code base.

“This helps you discover these items of open supply, which in flip helps discover and deal with vulnerabilities in them and observe license points to remain compliant,” Podjarny added. “This might be particularly helpful when securing embedded, gaming, buying and selling, and legacy enterprise purposes.”

Put merely, bolstering its personal information pool and diving deeper into C and C++ broadens Snyk’s horizons considerably.

Because of the acquisition, FossID might be built-in into Snyk Open Supply, Snyk’s software program composition evaluation (SCA) product. It additionally comes sizzling on the heels of a flurry of exercise throughout the open supply safety and compliance panorama.

Simply final month, WhiteSource raised $75 million from outstanding buyers comparable to Microsoft’s M12, which adopted Snyk itself securing a contemporary $300 million money injection at a valuation of $4.7 billion. And earlier this week, cybersecurity big Development Micro introduced a brand new partnership with Snyk to supply its personal clients a brand new product that offers safety groups (reasonably than builders) insights into vulnerabilities and compliance dangers throughout their open supply code.

VentureBeat

VentureBeat’s mission is to be a digital city sq. for technical decision-makers to achieve data about transformative expertise and transact.

Our web site delivers important info on information applied sciences and methods to information you as you lead your organizations. We invite you to turn out to be a member of our neighborhood, to entry:

  • up-to-date info on the themes of curiosity to you
  • our newsletters
  • gated thought-leader content material and discounted entry to our prized occasions, comparable to Rework 2021: Study Extra
  • networking options, and extra

Change into a member

Source link