Safeguard
Security

Snyk the Company: Who They Are, What They Build, and How to Weigh Them

Snyk is a developer-security company founded in 2015, best known for open-source dependency scanning. Here is an honest look at the company, its products, and how to evaluate whether it fits your stack.

Yukti Singhal
Security Analyst
6 min read

Snyk is a developer-first security company founded in 2015, headquartered in Boston, that built its reputation on making open-source dependency scanning something engineers would actually run. The Snyk company started with a simple, sharp insight: security tools failed not because they lacked findings but because they shipped those findings to the wrong people at the wrong time. Snyk's bet was to meet developers inside their own workflow — the IDE, the pull request, the CLI — instead of handing a PDF to a security team weeks after the code merged.

If you are evaluating vendors, understanding the company behind the product matters as much as the feature list. Funding trajectory, focus, and business model all shape how a tool will behave over the multi-year life of a contract.

The founding story

Snyk was founded in 2015 by Guy Podjarny, Assaf Hefetz, and Danny Grander, several of whom came out of Unit 8200, the signals-intelligence branch of the Israeli Defense Forces that has seeded a remarkable number of security startups. The company was built across Tel Aviv and London before settling its headquarters in Boston.

Podjarny led as CEO in the early years. In July 2019, Peter McKay — an early investor — became CEO while Podjarny moved to president and board chair. That transition is a common one for fast-scaling startups: founder-led product vision hands off to operator-led go-to-market as the company chases enterprise revenue.

The funding trajectory

Snyk raised aggressively through the 2020–2021 venture boom. Its September 2021 round valued the company at roughly $8.6 billion. The market turned, and the December 2022 Series G — a $196.5 million round led by the Qatar Investment Authority — priced the company at about $7.4 billion, a 14% markdown from the peak. In January 2023, ServiceNow made a strategic investment of $25 million.

Why should a buyer care about this? Because a company's funding stage tells you what pressure it is under. A late-stage, heavily funded company chasing an eventual IPO will optimize for enterprise expansion and net revenue retention, which shapes pricing, packaging, and where engineering effort goes. None of that is bad, but it is context.

What Snyk actually builds

The Snyk company's product line grew outward from its original open-source scanner into a broader developer-security platform:

  • Snyk Open Source (SCA). The flagship: scans your dependency tree for known vulnerabilities and suggests upgrade paths. This is what most people mean when they say "Snyk."
  • Snyk Code (SAST). Static analysis of your own first-party source code, added later to compete in the application-security-testing space.
  • Snyk Container. Scans container images and base layers for vulnerable OS and application packages.
  • Snyk IaC. Checks infrastructure-as-code (Terraform, CloudFormation, Kubernetes manifests) for misconfigurations before they ship.

The through-line is developer experience. Snyk consistently invested in IDE plugins, Git integrations, and CLI ergonomics, and that focus is genuinely the source of its adoption. It is a well-built product, and any fair comparison should start by acknowledging that.

The business model and its edges

Snyk sells a subscription, typically priced per contributing developer with tiers that gate features like Snyk Code, reporting, and higher scan volumes. The developer-count model is intuitive but has a well-known friction point: as your team grows, so does the bill, and the metering can catch teams off guard during a growth year. If you are budgeting, model the cost at your projected headcount, not today's.

The other consideration is that Snyk is a hosted, multi-tenant SaaS. That buys you zero-maintenance scanning and fast vulnerability-database updates, but it also means your scanning depends on Snyk's uptime and that your dependency metadata transits their platform. For some regulated environments that is a real consideration worth raising in procurement.

How to evaluate Snyk fairly

Do not evaluate a security company on its marketing. Evaluate it on your repositories. A grounded process:

  1. Run a trial against your real codebase. Vulnerability count on a demo repo tells you nothing. Point it at your monorepo and see the signal-to-noise.
  2. Measure false positives and reachability. A finding you can't act on is noise. Check whether the tool tells you if a vulnerable function is actually reachable in your code.
  3. Model the true cost at scale. Ask for per-developer pricing at your headcount plus one year of growth.
  4. Test the workflow you'll actually use. If your team lives in pull requests, evaluate the PR integration, not the dashboard.

When teams put Snyk side by side with other tools, the comparison usually comes down to reachability analysis, pricing model, and how much of the workflow lives on the vendor's servers versus in your own pipeline. We keep a factual Snyk comparison that walks through those trade-offs, and if you want to understand the underlying category before you shop, our SCA product page explains what dependency scanning does and does not catch.

The honest summary

Snyk is a serious company with a genuinely good product and a durable brand in developer security. It is not the only good option, and it is not automatically the right one for your stack — the pricing model rewards some team shapes and punishes others, and the hosted architecture is a fit question, not a universal answer. Evaluate it on your code, model the cost honestly, and it will earn its place or it won't, on the merits.

FAQ

When was Snyk founded and where is it based?

Snyk was founded in 2015 by Guy Podjarny, Assaf Hefetz, and Danny Grander, originally operating across Tel Aviv and London. It is now headquartered in Boston.

What is Snyk best known for?

Snyk is best known for software composition analysis — scanning open-source dependencies for known vulnerabilities and surfacing those findings inside developer workflows like the IDE, CLI, and pull requests. Its later products cover SAST, containers, and infrastructure as code.

How does Snyk price its product?

Snyk generally prices per contributing developer, with feature tiers that gate capabilities and scan volume. Because the bill scales with team size, buyers should model cost at projected headcount rather than current size.

Is Snyk the only option for dependency scanning?

No. Snyk is a strong option, but several tools cover the same category with different trade-offs around reachability analysis, pricing, and whether scanning runs in your own pipeline versus a hosted service. Evaluate against your own repositories before deciding.

Never miss an update

Weekly insights on software supply chain security, delivered to your inbox.