Click here to access our Snyk dataset.

Sacra estimates that Snyk hit $343M in annual recurring revenue (ARR) in 2025, up 12% YoY from $305M at the end of 2024.

Snyk’s public filings put 2024 revenue at $278M, up 26% YoY, with Snyk generating $76M of revenue in the quarter ending June 2025, up 12% YoY.

Snyk itself described 2015 through 2023 as a period of "hypergrowth at high cost", followed by a 2023 through 2025 transitory period marked by decelerating growth and elective churn. Customer churn was reportedly elevated around the start of 2025, even as the company ended 2024 with just under 4,500 customers, up 14% year over year.

Roughly 60% of Snyk’s revenue comes from software and technology companies and another 10% from fintechs. North America contributes about 70% of revenue, followed by Europe at 17%.

Snyk has also said it still has nearly $400M in cash and reportedly burned about $30M in the first half of 2025, after staff cuts in 2022 and 2023.

Snyk was valued at $7.4 billion as of December 2022, following their latest funding round.

Based on 2022 ARR of $180M and that $7.4B valuation, Snyk traded at a 41x forward revenue multiple.

The company has raised $1.247 billion across 16 funding rounds, with backing from prominent investors including Tiger Global Management, Qatar Investment Authority, and Sands Capital. Notable participants in their funding include BOLDstart Ventures and Evolution Equity Partners.

Snyk was founded in 2015 by Guy Podjarny, Danny Grander, and Assaf Hefetz, leveraging their experience from the Israel Defence Force's cyber intelligence unit. The company's mission was to help developers easily identify and fix vulnerabilities in open-source code.

Snyk found initial product-market fit with Node.js developers seeking to secure open-source dependencies. In October 2015, they launched a free command-line tool that scanned GitHub repositories for vulnerabilities in Node.js projects. By December, 1,000 developers had downloaded the tool, and user registration was implemented in January 2016.

Today, Snyk plugs into the development workflow by integrating not just with code repositories like GitHub and GitLab but all CI/CD pipeline tools like Jenkins and Travis, scans the code against a repository of known vulnerabilities, lists them with severity scores, and suggests ways for developers to fix them.

Before Snyk, code was tested at later development stages by security teams with specialized software, causing deadlines to be pushed out to fix them. This created tensions between developers who wanted to ship the application at the earliest and security teams who wanted to ensure the application was secure. 

Snyk’s key products today include:

Snyk Open Source: Snyk’s first product that scans vulnerabilities and license compliance issues in open-source libraries.

Snyk Container: Scans container images and Kubernetes environments to identify security flaws.

Snyk Infrastructure as Code: Scans platforms like Terraform, AWS, Azure, and Google Cloud for misconfigurations.

Snyk Code: Similar to Snyk Open Source but for developer’s proprietary codebases.

Snyk Cloud: Detects security flaws in code post deployment in the cloud servers.

Snyk Vulnerability Database: A Stackoverflow-like searchable database of vulnerabilities in open-source libraries and ways to fix them.

Snyk is a subscription SaaS company that provides developer-first security solutions, focusing on helping companies use open source code securely. Their core revenue model is based on per-developer seat pricing, with tiered plans offering increasing levels of functionality and support.

The company's pricing strategy is built on a freemium model, allowing developers to start using basic features at no cost. This approach has been crucial in driving adoption, with over 2.5 million developers on the platform as of 2023.

As usage and team size grow, customers are encouraged to upgrade to paid plans, which offer more comprehensive security testing, integration capabilities, and governance features.

Initially, Snyk struggled with monetization, pivoting from a self-serve model to enterprise sales in 2017. This shift proved successful, with the company closing its first commercial contract in March 2017 and reaching $100,000 ARR by August 2017.

The pivot to enterprise sales, coupled with expanded language support and governance features, drove significant growth. ARR reached $4M by 2018, $19M by 2019, and an estimated $250M by 2023, representing 25% year-over-year growth.

A key element of Snyk's strategy has been its focus on integrating security seamlessly into the development workflow. By offering plugins and integrations with popular development tools and platforms, Snyk reduces friction for adoption and usage, further fueling its growth. This developer-centric approach sets Snyk apart from traditional security vendors that typically target security teams or upper management.

Snyk has also expanded its product offerings beyond open source security to include container security, infrastructure-as-code security, and cloud security. This expansion allows for significant cross-sell opportunities within their existing customer base, increasing the potential revenue per customer and strengthening their position as a comprehensive developer security platform.

Snyk competes in the rapidly evolving developer security tools market, facing competition across multiple segments as it expands its product offerings.

In its core application security testing business, Snyk faces competition from other cybersecurity companies, which like Snyk, offer a full suite of application security tools like Synopsys ($51.5B), Checkmarx ($1B), and Veracode ($2.5B). Unlike Snyk’s self-serve sales motion, these companies sell to the CIOs/CISOs in a top-down sales motion.

Snyk differentiates itself through its developer-first approach, integrating security scanning directly into the development workflow. This allows developers to catch and fix vulnerabilities earlier in the software development lifecycle, potentially reducing costs and improving efficiency compared to traditional "gate-keeper" security models.

Snyk's focus on open-source security gives it an edge in this space. Its vulnerability database, which covers multiple programming languages and frameworks, allows developers to proactively check for known issues in their dependencies. This is particularly valuable given that modern applications often consist of up to 80% third-party code.

As Snyk expanded into container and infrastructure-as-code (IaC) security, it began competing with specialized vendors like Aqua Security, Twistlock (now part of Palo Alto Networks), and Bridgecrew (also acquired by Palo Alto Networks).

In this segment, Snyk's advantage lies in its integrated platform approach, allowing customers to secure their entire software development pipeline - from code to cloud - within a single tool.

Snyk Container, for instance, not only scans for vulnerabilities in container images but also provides actionable remediation advice, leveraging Snyk's extensive vulnerability database. This integration with its core product allows Snyk to offer a more comprehensive security solution compared to point products.

With the launch of Snyk Cloud in 2022, the company entered the cloud security posture management (CSPM) market, competing against established players like Wiz, Orca Security, and Palo Alto Networks' Prisma Cloud.

This move expanded Snyk's total addressable market significantly but also placed it in competition with well-funded, fast-growing startups and large cybersecurity incumbents.

In this crowded field, Snyk aims to differentiate itself by leveraging its developer-centric approach and existing customer base. By integrating cloud security into its platform, Snyk can offer a unified solution that covers the entire software development and deployment process, potentially simplifying security management for its customers.

However, Snyk faces challenges in this space, as it lacks the deep expertise in cloud infrastructure that specialized CSPM vendors possess. Its success will depend on how effectively it can integrate its developer-focused strengths with robust cloud security capabilities.

Popular DevOps platforms like GitHub and GitLab have code scanning tools similar to Snyk’s Code and Open Source products, making them a viable alternative. With their existing relationships with millions of developers and developer-friendly tools, these can become key competitors to Snyk in the future.

Snyk’s long term growth opportunity lies in expanding the definition of developer security. The company started with open source dependency risk, but the modern software supply chain includes containers, infrastructure definitions, cloud configuration, and now AI assisted development and AI native applications. Each step outward increases TAM and moves Snyk closer to being a platform that the engineering organization relies on daily.

The company’s recent strategy suggests an effort to attach itself to bigger and more durable pools of spend, including cloud security and the emerging security budgets that sit with AI engineering. That push is visible in product moves like the AI Trust Platform and the Invariant Labs acquisition, and in go to market moves like targeting AI engineers and shifting toward usage based pricing.

Snyk already launched Snyk Cloud, which takes it into cloud security, one of the fastest growing segments. The company also has room to move into adjacent categories like API security and broader software supply chain governance. The report’s earlier framing still applies. Cloud security is expected to reach $77B by 2026, and API security is expected to cross $10B by 2032 at a 28% CAGR.

The real opportunity is not just adding modules, it is reframing these top down categories into developer first workflows. If Snyk can make cloud, API, and AI security tasks feel like extensions of pull request driven development, it can win spend that otherwise goes to governance heavy security suites.

AI is creating a new persona that looks like a developer but behaves differently, with bursts of experimentation, rapid iteration, and new attack surfaces. Snyk has been pitching itself as a way to prevent hacks when teams adopt AI coding tools, and it has suggested that the next growth wave will come from targeting AI engineers rather than traditional developers.

This is where prioritization becomes critical. AI can increase code output and security noise at the same time. By ranking weaknesses through the AI Trust Platform and adding capabilities via Invariant Labs for security in AI models and agents, Snyk is trying to become the default guardrail layer for AI assisted software production. If that works, it expands TAM into AI infrastructure budgets that are being formed right now.

With 70% of revenue coming from North America, Snyk has room to diversify. Asia Pacific and Japan contribute about 10% of revenue, and the company has been investing there, including expanding its channel partner network threefold in 2022. In markets where channel partners and integrators play a larger role, this can be a meaningful distribution lever, especially for security tooling that benefits from implementation support.

Over time, a stronger channel presence can also help Snyk penetrate larger enterprises and regulated industries outside North America, where procurement norms favor established partner ecosystems.

Snyk has historically increased pricing by expanding what is included in the bundle. In 2020, when it sold open source and container security, it priced the Team subscription at $1319 for 25 seats and the Business subscription at $3298 for 50 seats. After adding code analysis and infrastructure as code, it roughly doubled those prices, with Team at $2675 and Business at $6916.

The next phase of pricing leverage likely combines bundling with a shift toward usage based pricing. Bundling lets Snyk attach cloud and AI features to the core platform. Usage based pricing aligns with how scanning and AI security work in practice, since consumption rises naturally with more builds, more repos, and more AI experimentation. If executed well, this can turn adoption and expansion into a more automatic revenue flywheel.

1. Serving different personas: As Snyk expands beyond its core developer-focused products into areas like cloud security that target CISOs, it risks diluting its developer-centric brand and expertise. Managing products for different personas (developers vs. security teams) requires distinct go-to-market strategies and product philosophies. This expansion could lead to internal conflicts, confused messaging, and suboptimal products if not carefully managed. Snyk may mitigate this by maintaining separate product teams with clear mandates.

2. Platform integration challenges: Snyk's strategy of expanding its platform through both internal development and acquisitions creates integration complexity. Ensuring a seamless user experience across internally-built and acquired components is critical but challenging. Poor integration could frustrate users and create openings for more focused competitors. To address this, Snyk must prioritize platform cohesion and potentially slow its acquisition pace to focus on integration.

3. Competition from code hosting platforms: GitHub and GitLab pose a significant threat as they expand their security offerings. These platforms have massive developer user bases and could rapidly gain market share by deeply integrating security features. Their existing relationships with developers could make it difficult for Snyk to maintain its position. Snyk may need to double down on its security expertise and consider deeper integrations or partnerships with these platforms to stay competitive.