Snyk buys DeepCode to inject AI into DevSecOps mix

Snyk buys DeepCode to inject AI into DevSecOps mix

Open source security platform provider Snyk has announced the acquisition of AI-powered code analysis company DeepCode. Financial details of the deal haven’t been disclosed, but with a recently closed $200m funding round to “modernise the security industry” in the bag, it surely had a bit to spend.

DeepCode is a spinoff company of Swiss university ETH Zürich, which advertises real-time semantic code analysis using AI technology to help developers to become aware of critical issues and security vulnerabilities while they write code. The model used to help devs supposedly learns from open source commits and is therefore able to show what’s wrong and provide pointers as to how others have fixed the problem at hand.

McCay believes the inclusion of the company’s AI engine “will help Snyk both increase speed and ensure a new level of accuracy in finding and fixing vulnerabilities, while constantly learning from the Snyk vulnerability database to become smarter”. This is meant to “ensure developers have a superior level of accuracy”, while “extending the Snyk platform’s coverage for securing cloud native applications” by applying the new capabilities to proprietary code.

Currently DeepCode is able to check source code written in Java, JavaScript, Python, TypeScript, and C/C++, and integrates with services such as GitHub, Bitbucket, and GitLab. The service can either be incorporated into Git workflows, or used via IDE extensions, thanks to a datalog solver. 

Developers are free to choose between a free – as long as your team includes less than 30 devs – cloud flavour which can be used for public and private repositories, and a self-managed version. The latter will set organisation back by at least $1699 per month.

According to the DeepCode team, there won’t be any changes for now, so users should be able to work with the service as they usually would. However, it is meant to be integrated into the Snyk platform at some point, so teams should watch their inbox for additional announcements. It also remains to be seen how DeepCode can keep its promise to offer its services to open source for free “forever” once that has happened, although the company doesn’t see that as a problem yet, given Snyk’s similar values regarding the cause.