Snyk, a provider of cloud native application security, announced its acquisition of FossID, a software composition analysis tool that scans code for open source licenses and vulnerabilities. Based in Sweden, FossID was founded with a mission to give developers a solution that detects all footprints of free and open-source software (FOSS) within codebases, from entire components to code snippets and including license obligations and compliance issues.
Founded in 2016, FossID was created based on the team’s experience working with FOSS since 2001, specifically with the complexities of open source software used within legacy as well as embedded modern applications. With strong customer adoption in Fortune 500 organisations across verticals like automotive, financial services, manufacturing, technology and telecommunications, FossID has earned a strong reputation with developers using C/C++.
By joining forces with Snyk, FossID’s capabilities will be integrated into Snyk’s Software Composition Analysis (SCA) product, Snyk Open Source, extending the developer-first security and license compliance mindset and experience to teams worldwide currently leveraging C/C++. With over six million developers using C/C++ to build their applications today, including teams both modernising legacy applications and building new embedded Internet of Things (IoT) applications, FossID’s technology allows Snyk to reach a significantly larger percentage of the current 27 million developers across the globe2 in 2021 and beyond.
Also Read: How to Position Your Organisation for Success With Cloud
This includes:
- Unmanaged code, inclusive of snippet detection: FossID’s solution identifies vulnerabilities in all forms of open source, including the detection of snippets (a few lines of code copied from the open-source software package). This has been historically difficult and is a critical problem to solve for developers looking to increasingly own security responsibilities within their organisations.
- 2 PBs of machine-harvested source code: FossID’s comprehensive knowledge base contains the equivalent of more than two petabytes (PBs) of machine-harvested source code from all of the world’s currently known open source repositories.
- AI-powered analysis: FossID’s AI technology automatically eliminates false positives, allowing development teams to save time and money and ultimately ship their applications faster and safer than their competition.
- Developer-friendly license compliance: FossID’s license compliance engine is able to automatically inspect applications with speed and accuracy to detect license and copyright information, thanks to its AI-powered patent-pending software solution that relies on an audit-grade database of over 1900 licenses.
‘With FossID’s powerful capabilities to find, fix and monitor vulnerabilities in all forms of open-source software, Snyk is now accelerating our vision to bring security to every developer in the world’, said Peter McKay, CEO, Snyk. ‘Together with this world-class team, we look forward to reaching millions more of the world’s developers, empowering them to build applications securely while also staying a step ahead of their competition.’
