Click here to access our Snyk dataset.

Sacra estimates that Snyk hit $250M annual recurring revenue (ARR) in 2023, up 25% from $200M in 2022.

At the end of 2022, Snyk had a net retention rate of 130%, a gross retention rate of 90%, and headcount of 1,135 full-time employees for average revenue per employee of $129,515.

Roughly 60% of Snyk's revenue comes from software and tech companies and 10% from fintechs. North America contributes to 70% of its revenue, followed by Europe at 17%.

Snyk was last valued at $7.4 billion during its Series G funding round. The company has raised a total of $1.2 billion in venture funding since its founding. Key investors include Qatar Investment Authority (QIA), which led the Series G round, along with prominent firms like Tiger Global and Salesforce Ventures. Additional institutional backers include Evolution Equity Partners, G Squared, and Irving Investors, who participated in the Series G financing.

Snyk was founded in 2015 by Guy Podjarny, Danny Grander, and Assaf Hefetz, leveraging their experience from the Israel Defence Force's cyber intelligence unit. The company's mission was to help developers easily identify and fix vulnerabilities in open-source code.

Snyk found initial product-market fit with Node.js developers seeking to secure open-source dependencies. In October 2015, they launched a free command-line tool that scanned GitHub repositories for vulnerabilities in Node.js projects. By December, 1,000 developers had downloaded the tool, and user registration was implemented in January 2016.

Today, Snyk plugs into the development workflow by integrating not just with code repositories like GitHub and GitLab but all CI/CD pipeline tools like Jenkins and Travis, scans the code against a repository of known vulnerabilities, lists them with severity scores, and suggests ways for developers to fix them.

Before Snyk, code was tested at later development stages by security teams with specialized software, causing deadlines to be pushed out to fix them. This created tensions between developers who wanted to ship the application at the earliest and security teams who wanted to ensure the application was secure. 

Snyk’s key products today include:

Snyk Open Source: Snyk’s first product that scans vulnerabilities and license compliance issues in open-source libraries.

Snyk Container: Scans container images and Kubernetes environments to identify security flaws.

Snyk Infrastructure as Code: Scans platforms like Terraform, AWS, Azure, and Google Cloud for misconfigurations.

Snyk Code: Similar to Snyk Open Source but for developer’s proprietary codebases.

Snyk Cloud: Detects security flaws in code post deployment in the cloud servers.

Snyk Vulnerability Database: A Stackoverflow-like searchable database of vulnerabilities in open-source libraries and ways to fix them.

Snyk is a subscription SaaS company that provides developer-first security solutions, focusing on helping companies use open source code securely. Their core revenue model is based on per-developer seat pricing, with tiered plans offering increasing levels of functionality and support.

The company's pricing strategy is built on a freemium model, allowing developers to start using basic features at no cost. This approach has been crucial in driving adoption, with over 2.5 million developers on the platform as of 2023.

As usage and team size grow, customers are encouraged to upgrade to paid plans, which offer more comprehensive security testing, integration capabilities, and governance features.

Initially, Snyk struggled with monetization, pivoting from a self-serve model to enterprise sales in 2017. This shift proved successful, with the company closing its first commercial contract in March 2017 and reaching $100,000 ARR by August 2017.

The pivot to enterprise sales, coupled with expanded language support and governance features, drove significant growth. ARR reached $4M by 2018, $19M by 2019, and an estimated $250M by 2023, representing 25% year-over-year growth.

A key element of Snyk's strategy has been its focus on integrating security seamlessly into the development workflow. By offering plugins and integrations with popular development tools and platforms, Snyk reduces friction for adoption and usage, further fueling its growth. This developer-centric approach sets Snyk apart from traditional security vendors that typically target security teams or upper management.

Snyk has also expanded its product offerings beyond open source security to include container security, infrastructure-as-code security, and cloud security. This expansion allows for significant cross-sell opportunities within their existing customer base, increasing the potential revenue per customer and strengthening their position as a comprehensive developer security platform.

Snyk competes in the rapidly evolving developer security tools market, facing competition across multiple segments as it expands its product offerings.

In its core application security testing business, Snyk faces competition from other cybersecurity companies, which like Snyk, offer a full suite of application security tools like Synopsys ($51.5B), Checkmarx ($1B), and Veracode ($2.5B). Unlike Snyk’s self-serve sales motion, these companies sell to the CIOs/CISOs in a top-down sales motion.

Snyk differentiates itself through its developer-first approach, integrating security scanning directly into the development workflow. This allows developers to catch and fix vulnerabilities earlier in the software development lifecycle, potentially reducing costs and improving efficiency compared to traditional "gate-keeper" security models.

Snyk's focus on open-source security gives it an edge in this space. Its vulnerability database, which covers multiple programming languages and frameworks, allows developers to proactively check for known issues in their dependencies. This is particularly valuable given that modern applications often consist of up to 80% third-party code.

As Snyk expanded into container and infrastructure-as-code (IaC) security, it began competing with specialized vendors like Aqua Security, Twistlock (now part of Palo Alto Networks), and Bridgecrew (also acquired by Palo Alto Networks).

In this segment, Snyk's advantage lies in its integrated platform approach, allowing customers to secure their entire software development pipeline - from code to cloud - within a single tool.

Snyk Container, for instance, not only scans for vulnerabilities in container images but also provides actionable remediation advice, leveraging Snyk's extensive vulnerability database. This integration with its core product allows Snyk to offer a more comprehensive security solution compared to point products.

With the launch of Snyk Cloud in 2022, the company entered the cloud security posture management (CSPM) market, competing against established players like Wiz, Orca Security, and Palo Alto Networks' Prisma Cloud.

This move expanded Snyk's total addressable market significantly but also placed it in competition with well-funded, fast-growing startups and large cybersecurity incumbents.

In this crowded field, Snyk aims to differentiate itself by leveraging its developer-centric approach and existing customer base. By integrating cloud security into its platform, Snyk can offer a unified solution that covers the entire software development and deployment process, potentially simplifying security management for its customers.

However, Snyk faces challenges in this space, as it lacks the deep expertise in cloud infrastructure that specialized CSPM vendors possess. Its success will depend on how effectively it can integrate its developer-focused strengths with robust cloud security capabilities.

Popular DevOps platforms like GitHub and GitLab have code scanning tools similar to Snyk’s Code and Open Source products, making them a viable alternative. With their existing relationships with millions of developers and developer-friendly tools, these can become key competitors to Snyk in the future.

Snyk has tailwinds from the growing importance of cybersecurity in software development and the shift towards DevSecOps practices. The company has the opportunity to grow and expand into adjacent markets like cloud security, API security, and enterprise-wide security platforms.

Snyk recently launched Snyk Cloud for cloud security, the fastest-growing cybersecurity segment, expected to be worth $77B by 2026. API security is another large segment, expected to cross $10B by 2032 at a CAGR of 28%. By taking verticals that are still top-down and making them developer-first through developer-friendly tooling and documentation, Snyk can meaningfully expand its market.

With 70% of Snyk’s revenue coming from North America, it can diversify to other countries. For instance, Asia Pacific and Japan contribute 10% to its revenue, and Snyk is doubling down on its presence there. It recently added more channel partners in Asia Pacific and Japan, growing its network 3x in 2022. 

Snyk increases its bundle's price by adding new tools to it. For instance, in 2020, when it sold Snyk Open Source and Snyk Container, it priced the Team subscription at $1319 (25 seats) and the Business subscription at $3298 (50 seats). When it added Snyk Code and Snyk IaC to the bundle, it doubled the subscription price, with the Team subscription costing $2675 and the Business subscription $6916. As it adds more verticals like cloud and API security, it can further increase prices to expand revenue.

1. Serving different personas: As Snyk expands beyond its core developer-focused products into areas like cloud security that target CISOs, it risks diluting its developer-centric brand and expertise. Managing products for different personas (developers vs. security teams) requires distinct go-to-market strategies and product philosophies. This expansion could lead to internal conflicts, confused messaging, and suboptimal products if not carefully managed. Snyk may mitigate this by maintaining separate product teams with clear mandates.

2. Platform integration challenges: Snyk's strategy of expanding its platform through both internal development and acquisitions creates integration complexity. Ensuring a seamless user experience across internally-built and acquired components is critical but challenging. Poor integration could frustrate users and create openings for more focused competitors. To address this, Snyk must prioritize platform cohesion and potentially slow its acquisition pace to focus on integration.

3. Competition from code hosting platforms: GitHub and GitLab pose a significant threat as they expand their security offerings. These platforms have massive developer user bases and could rapidly gain market share by deeply integrating security features. Their existing relationships with developers could make it difficult for Snyk to maintain its position. Snyk may need to double down on its security expertise and consider deeper integrations or partnerships with these platforms to stay competitive.