Happy 1st Birthday, Snyk Code!

Snyk Code is turning one! We’ve hit so many milestones in the last 12 months, and today we invite you to look back, celebrate, and peer into the future of code security with us.

From DeepCode to Snyk Code

Snyk Code is powered by its unique engine and industry-leading, research-driven processes. Its roots can be traced back to the “big code” movement in 2013.

Big code is a term used to describe the increasing availability of programs found in open source repositories. For example, GitHub hosted 30 million public repositories at the beginning of 2016. Four years later, in March 2020, this number had grown to over 128 million.

Discussions on the potential for big code to advance programming by leveraging the knowledge of the global development community have swirled in academic circles since 2007.

However, there were several obstacles. Big code inherits all the problems of big data plus others due to the nature of source code, such as infinite runtime behaviors and the need for approximation. Treating source code as simple text — as modern machine learning tools do — is far too simplistic.

The foundation for Snyk Code began in Professor Martin Vechev’s SRILab at the Swiss Federal Technical University (ETH) in Zürich. Beginning in 2013, doctoral student Veselin Raychev (now Head of Artificial Intelligence, Snyk), Professor Vechev, and others conducted research in machine learning and built prototypes for AI-based systems. These AIs learned from open source programs by combining static code analysis based on symbolic reasoning with data-driven machine learning methods.

Raychev received the ETH Zürich medal for outstanding PhD thesis as well as the prestigious ACM Doctoral Dissertation Award, Honorable Mention, for his doctoral thesis in big code machine learning. He was the third European (and the first Bulgarian) to be recognized in the 40 years for this award.

Taking the findings of his doctoral thesis, Raychev joined forces with Vechev and Boris Paskalev (now Head of Product, AI for Code, Snyk) to found DeepCode in 2016, with the goal of transforming the research into an accessible tool.

One hurdle to learning from big code is scaling. You must be able to process massive amounts of real world code quickly enough to run iterations. DeepCode contributed to several of the industry-shifting improvements we have today. Machine learning, for example, is powered by the ability to perform deep semantic analysis without sacrificing speed. These enhanced capabilities allowed DeepCode’s state-of-the-art engine to build and maintain the rule set to support its ever-growing and accurate knowledge base. For more details, check out our blog post on the technologies behind Snyk Code and review samples from publications and research systems.

The DeepCode founder (from the left) Veselin Raychev, Boris Paskalev and Martin Vechev.

DeepCode sought to simplify deep semantic analysis by hiding the complexities and providing an intuitive, accessible tool — and judging from the feedback of hundreds of thousands of developers, they achieved it. The scan speed and reliable rule sets were major elements in DeepCode’s success. The final pillar to a global user base was a developer-centric approach, which DeepCode’s AI-driven engine thoroughly satisfied. Machine learning allowed DeepCode to explain its findings to users and provide examples of recommended fixes, which helped developers understand why their code was vulnerable and how to fix it.

When Snyk and DeepCode began discussing joining forces in 2020, everything clicked. The DeepCode engine was a technical breakthrough that fundamentally changed the static analysis space. Snyk had a mature technical platform, security expertise, established sales and marketing departments, and an international network. Most importantly, both companies prioritized internal culture and a developer-first mentality. So, DeepCode became part of Snyk.

After a few months of rapid work, Snyk Code was built and implemented as part of the Snyk platform using the DeepCode engine and reviewing the existing rule set. The team — expanded with Snyk’s leading security researchers and platform developers — added elements like extensive curated content and the data flow visualization, and prepared the product to run on Snyk. Prior to its beta release, Snyk Code had a line of paying customers. Which proved that it was meeting vital needs in the market, while also displaying the deep trust Snyk is fortunate to receive from the community. Existing customers receive access to Snyk Code in early 2021, and in April, Snyk Code joined the freemium program. Choosing a birthday for Snyk Code was a little tricky at first. Though there were several good options — when Snyk and DeepCode joined forces, access for existing customers, etc — we decided on the day that Snyk Code became available to everyone, the 6th of May.

Snyk Code today!

Fast forward to today. Where does Snyk Code stand one year into its journey? Let’s review some statistics:

Snyk Code reported more than 2.5 million issues in more than a quarter of a million projects in the last month alone. Over a thousand global organizations trust Snyk Code to scan their projects today.

We started with three languages and have now expanded to support JavaScript, Typescript, Java, PHP, C#, Ruby, Python, Swift, Kotlin, and Go.

IDE integrations have been added for Visual Studio Code, IntelliJ, WebStorm, PyCharm, GoLand, and Visual Studio.

Continued innovation has produced deep, context-aware semantic code analysis at industry-leading speeds. Our versatile engine supports GraphQL security and can find and prevent Trojan Source attacks in any supported language. The logic of Snyk Code also gives developers the ability to ignore suggestions that aren’t applicable.

The team behind Snyk Code has grown enormously, with several engineering groups working on the rule set, engine, web, and IDE integrations. While it is fair to say Zürich still plays a major role, people all over North America, Asia, Australia, and Europe are now part of the Snyk Code team.

Snyk Code development is split into four major teams: engine development, building and maintaining the rule set for the knowledge base, front-end user experience, and IDE plugins. Each of these teams breaks down into sub-teams, making Snyk Code a major product for the platform.

In its first year, Snyk Code integrated itself into the Snyk platform, built a strong base of programming languages and IDEs, added new scanning functionality, and established itself as a major Snyk product. But we’re just getting started…

Outlook

Snyk Code is a pretty active 1-year-old, and the upcoming year will be another big leap forward. Some highlights that you can look forward to:

• Reporting: TopCoat recently joined Snyk and will push the reporting capabilities of the Snyk platform to whole new levels.

• Languages: While Snyk Code stacked up an impressive collection of supported languages within its first year, more languages like Swift and Apex will be added. We also added some capabilities to make rule development even faster across supported languages.

• Engine features: We’re currently in the final stages of adding new capabilities that will push the limit of what you can expect from your static application security testing (SAST).

• IDE integrations: Meeting developers where they are and offering results right from the workbench are top priorities for us. Over the next year, we plan to extend and strengthen our IDE footprint.

• Community growth: Snyk Code is free and available to try for all open source projects, but SAST scanning is still far from commonplace. We’ll continue working to offer the community the knowledge and products they need.

• Product capabilities: SAST is the middle ground between developers, security professionals, and management — and every role has specific needs. Our close user relationships have helped us identify specific pain points and develop a roadmap to address them with new product capabilities.

• Snyk’s vision: In his SnykCon 2021 keynote, Guy Podjarny (one of Snyk’s founders) laid out his vision for the future of Snyk. Snyk Code, and its powerful logic engine, will have a large part to play in bringing these ideas to fruition.

Snyk Code has been a positively hectic toddler and will only grow faster in its second year. With a lot of interesting plans on the horizon, there’s no better time to give it a try and join the developer-first family.