Snyk acquires FossID software composition analysis tool
Snyk announced its acquisition of FossID, a software composition analysis tool that scans code for open source licenses and vulnerabilities.
Based in Sweden, FossID was founded with a mission to give developers a solution that detects all footprints of free and open source software (FOSS) within code bases, from entire components to code snippets and including license obligations and compliance issues.
Founded in 2016, FossID was created based on the team’s experience working with FOSS since 2001, specifically with the complexities of open source software used within legacy as well as embedded modern applications.
With strong customer adoption in Fortune 500 organizations across verticals like automotive, financial services, manufacturing, technology and telecommunications, FossID has earned a strong reputation with developers using C/C++.
By joining forces with Snyk, FossID’s capabilities will be integrated into Snyk’s Software Composition Analysis (SCA) product, Snyk Open Source, extending the developer-first security and license compliance mindset and experience to teams worldwide currently leveraging C/C++.
With over six million developers using C/C++ to build their applications today1, including teams both modernizing legacy applications and building new embedded Internet of Things (IoT) applications, FossID’s technology allows Snyk to reach a significantly larger percentage of the current 27 million developers across the globe2 in 2021 and beyond.
This includes:
- Unmanaged code, inclusive of snippet detection: FossID’s solution identifies vulnerabilities in all forms of open source, including the detection of snippets (a few lines of code copied from the open source software package). This has been historically difficult and is a critical problem to solve for developers looking to increasingly own security responsibilities within their organizations.
- 2 PBs of machine harvested source code: FossID’s comprehensive knowledge base contains the equivalent of more than two petabytes (PBs) of machine harvested source code from all of the world’s currently known open source repositories.
- AI-powered analysis: FossID’s AI technology automatically eliminates false-positives, allowing development teams to save time and money and ultimately ship their applications faster and safer than their competition.
- Developer-friendly license compliance: FossID’s license compliance engine is able to automatically inspect applications with speed and accuracy to detect license and copyright information, thanks to its AI-powered patent-pending software solution that relies on an audit-grade database of over 1900 licenses.
“With FossID’s powerful capabilities to find, fix and monitor vulnerabilities in all forms of open source software, Snyk is now accelerating our vision to bring security to every developer in the world,” said Peter McKay, CEO, Snyk.
“Together with this world class team, we look forward to reaching millions more of the world’s developers, empowering them to build applications securely while also staying a step ahead of their competition.”
“As FossID’s employees today become Snykers, I believe our founding mission – to help companies to achieve maximum open source adoption efficiency – evolves and expands with the scope of the opportunity now in front of us,” said Oskar Swirtun, Co-Founder and CEO, FossID.
“This is a perfect fit for both the Snyk and FossID teams, and we’re proud to play a crucial role in this next phase of the Snyk journey.”
The acquisition of FossID is Snyk’s third within the last six months, following the successful purchases of Manifold in January 2021 and DeepCode in October 2020. This latest corporate development comes on the heels of the company’s March 2021 announcement of $300 million in Series E investment and its resulting expansion into Asia Pacific Japan (APJ).
Due in part to several key automotive and semiconductor customers, FossID additionally brings to Snyk a strong customer base both in Europe as well as across APJ.