DevSecOps vendor Snyk has acquired cloud security and compliance vendor Fugue for an undisclosed amount. Snyk is to add Fugue’s Cloud Security Posture Management (CSPM) tools to its Developer Security Platform. It claims that this will make it the “industry’s first CSPM designed by and for developers.”
Peter McKay, CEO, Snyk, said, “Welcoming the talented Fugue team as our newest Snykers is a fantastic way to kick off 2022.
“Together, we’ll collectively reimagine what cloud security can and should look like for today’s modern DevSecOps teams, ensuring more secure innovation can flourish worldwide.”
What does this deal mean for developers?
Snyk’s tools currently allow developers to scan and fix their code through its platform. It’s pretty much table stakes for any DevSecOps vendor. What it is doing with this acquisition is looking at deployment and particularly deployment to the cloud.
Fugue provides tools for infrastructure as code (IaC), especially for AWS, Azure and Google Cloud. IaC allows developers to manage and provision cloud infrastructure using code rather than manual processes. It brings consistency in both configuration and setup. It also allows developers to test multiple copies of configuration options while always having a trusted copy running in production.
Automation brings other benefits. The first is to improve developer productivity. The second is reducing security risk, especially misconfiguration. The third is the ability to scale quickly and reliably.
Once the Fugue solution is integrated into the Snyk platform, the company claims it will deliver the following benefits for DevSecOps teams:
- Developer First CSPM: effective detection of security vulnerabilities in modern cloud workloads; automated into developer workflows enabling an efficient process for capturing and testing issues early.
- Comprehensive Visualization of Cloud Landscape: interprets cloud resources, showing details as well as connections/relationships with other resources to provide the context that enables effective risk assessment, triaging and prioritization.
- Fully Integrated Insights: security insights in deployed apps are connected to developer security workflows, enabling improved vulnerability prioritization based on exploitability. This lowers signal to noise ratio by highlighting biggest risks while deprioritizing issues with a mitigation already in place.
Enterprise Times: What does this mean?
Adding IaC to its DevSecOps is a smart move by Snyk. It will appeal to developers and organisations who see themselves as cloud-native.
This is the fifth acquisition that Snyk has made in the last 18 months as it builds out its DevSecOps platform. In 2020 it acquired DeepCode. Since then it has added Manifold.co (Jan 2021), FossID (May 2021) and CloudSkiff (Oct 2021).
The company also raised US $600 million in September 2021 in a Series F funding. That funding valued the company at $1.4 billion. Having made two acquisitions since then, will we see it return to the market for more funding for future acquisitions?