Snyk Ltd., the maker of a popular code security tool used by more than 2 million developers, has landed a $300 million funding round at a $4.7 billion valuation.

Disclosed today, the funding included contributions from the venture arms of three major tech industry players: Alphabet Inc., Salesforce.com Inc. and Atlassian Corp. PLC. They were joined by more than a dozen investment firms, including Accel and Tiger Global, which co-led the round.

Snyk provides a tool that finds security issues in code files before they’re released to production. The tool embeds itself directly into the IDEs, or integrated development environments, in which software teams write code, removing the need for developers to juggle multiple tabs. 

Snyk can detect security issues in external open-source components that application teams incorporate into their projects. Additionally, it spots cases where a company’s infrastructure is configured with faulty settings that may render it more susceptible to attack. The software can find such configuration issues in, among other places, with Kubernetes clusters. 

In the five years since launching, Snyk has amassed a user base of about 2.2 million developers thanks partly to an open-source business model. The startup provides its core code vulnerability detection technology for free under an open-source license. It charges for more advanced capabilities such as its features for spotting infrastructure configuration issues.

Snyk’s paid offerings are used by more than 700 organizations, the startup disclosed today. The company has benefited from two concurrent trends currently unfolding in the enterprise.

For one, information technology departments are investing more in cybersecurity systems to reduce the risk of data breaches. At the same time, software teams are adopting a practice known as DevSecOps, wherein developers take on a bigger role in application security tasks historically relegated to the IT department. Thanks to the fact that it targets its vulnerability detection software specifically at developers, Snyk has found itself in a strong position to address the two trends.

The startup’s investors see a lot of room for growth. Snyk’s installed base of more than 2 million users represents only a small fraction of the estimated 27 million developers worldwide.

Snyk’s large installed base could potentially facilitate further market expansion for the startup. Enterprise software teams require more than just code vulnerability scanning tools to protect their applications.

They also require systems that can secure their workloads’ application programming interfaces and block malicious network requests, among other threats. Snyk’s user base gives the startup a large audience it could target with any new security capabilities it may introduce in the future.

Snyk has already expanded its market focus once before. The startup originally provided only features to detect security issues in application code before launching a product to help catch configuration-related vulnerabilities last August.

Of the $300 million funding round announced today, $175 million is working capital that will allow the startup to invest in growth initiatives. The transaction also included secondary offerings that enabled insiders to sell equity. 

“This latest investment allows us to accelerate our growth at every level – doubling down on our successful product led growth strategy, adding to our customer roster, recruiting talent to our team worldwide and expanding geographically,” said Snyk Chief Executive Peter McKay (pictured).

Snyk has raised more than $500 million in funding to date.

Photo: SiliconANGLE