Snyk - Digital Audit
Enterprise Technology Stack & Vendor Relationships
Snyk operates as a developer-focused application-security vendor providing static analysis (SAST), software composition analysis (SCA), container, and infrastructure-as-code (IaC) scanning1. The company maintains a confirmed technology-alliance partnership with SentinelOne, an Israeli-founded but US-headquartered cybersecurity firm, integrating Snyk Container’s build-time vulnerability scanning with SentinelOne’s Singularity Cloud Workload Security (CWPP) runtime-protection product so that runtime threat detections can be correlated back to the source-code vulnerability in a container image for incident triage23. No start date for this integration is documented in available sources. No public evidence identified of a Snyk licensing, subscription, or integration relationship with Check Point, Wiz, CyberArk, Nice, Verint, or Claroty; Wiz surfaces in search results only as a market competitor with its own separate, unrelated integration to Check Point. For U.S. public-sector distribution, Snyk uses Carahsoft as its authorized reseller, distributing the product via the SEWP V, NASPO ValuePoint, and OMNIA Partners government contract vehicles; the partnership announcement contains no reference to Israeli technology mandates, integrators, or defense agencies4. No public evidence identified of any systems integrator mandating or bundling Israeli-origin security technology as part of a Snyk deployment engagement.
Surveillance, Biometrics & Retail Technology
Snyk’s product portfolio is limited to developer and application-security tooling (SAST/SCA/container/IaC scanning); No public evidence identified of Snyk using, reselling, or providing facial-recognition, biometric-identification, gait-analysis, or behavioural-analytics technology of Israeli origin (e.g., of the type associated with Trigo, BriefCam, AnyVision/Oosto, or Trax)1. No public evidence identified of Snyk using or providing Israeli-origin predictive-policing, sentiment-analysis, social-media-monitoring, or workforce-surveillance tools. No public evidence identified of indirect exposure to such technologies through bundled Snyk platform features, based on review of Snyk’s product documentation, published case studies, and partner listings5.
Cloud Infrastructure, Data Residency & Sovereign Cloud Participation
Snyk’s own data-governance documentation lists its regional hosting options as SNYK-US-01 and SNYK-US-02 (United States), SNYK-EU-01 (Frankfurt, Germany, hosted on AWS), and SNYK-AU-01 (Australia)67; no Israel-based data-hosting region is offered or referenced anywhere in that documentation6. Snyk achieved FedRAMP Moderate Authorization on April 24, 2025, enabling U.S. federal agencies to adopt “Snyk for Government”89, and it maintains a documented public-sector customer relationship with the U.S. Small Business Administration, with a published case study citing a 52-day average vulnerability-remediation time5; distribution to U.S. federal agencies additionally runs through the Carahsoft reseller partnership4. No public evidence identified of Snyk participation in Project Nimbus or any other Israeli state-backed cloud or digital-infrastructure programme, and No public evidence identified of equivalent government contracts between Snyk and Israeli ministry or state bodies. No public evidence identified of Snyk marketing or contracting data-sovereignty, data-residency, or infrastructure-resilience services explicitly to Israeli state institutions or military bodies.
Defence, Intelligence & Security Sector Technology Relationships
No public evidence identified of any contract, partnership, or service agreement between Snyk and the Israeli Ministry of Defence, the IDF, or Israeli intelligence agencies; targeted searches combining “Snyk” with the Ministry of Defense, Elbit, Rafael, and IAI returned no matching vendor or customer relationship. No public evidence identified of Snyk’s commercial product being reported, confirmed, or documented by researchers as deployed for military, intelligence, or law-enforcement surveillance applications within Israel or the occupied territories. Snyk’s own vulnerability database exists to identify and remediate vulnerabilities in third-party open-source packages - a defensive security-research function1 - and No public evidence identified of Snyk developing, selling, licensing, or maintaining offensive cyber capabilities, zero-day exploit tooling, or digital-weapons systems, nor of any Israeli state-actor deployment of Snyk tools for such purposes. Searches for Snyk in connection with NSO Group, Cellebrite, or Verint returned no relationship of any kind; these firms appear in background material on the Israeli spyware and surveillance industry only, with no connection to Snyk.
AI, Algorithmic & Autonomous Systems
Snyk’s AI-related product work - including “DeepCode,” an AI-based code-analysis capability acquired in 2020, and an ongoing 2026 “AI security” research and development reorganization prompted by competitive pressure from AI-native code-scanning tools - is marketed toward general developer and enterprise customers rather than government- or military-specific deployment1011. No public evidence identified of Snyk providing AI/ML, computer-vision, or autonomous decision-support systems to Israeli state, military, or security bodies. No public evidence identified that Snyk’s AI models have been trained on, or given access to, civilian population data, intercepted communications, or surveillance-derived datasets originating from Israel or the occupied territories. No public evidence identified of Snyk providing autonomous target-generation, automated threat-detection-for-kinetic-use, or autonomous tracking systems to Israeli military or security forces.
Technology Ecosystem & R&D Footprint
Snyk was founded in 2015 by Guy Podjarny, Assaf Hefetz, and Danny Grander, all veterans of Israel Defense Forces Unit 8200 (the IDF’s signals-intelligence unit), with engineering originally split between a Tel Aviv hub and a London hub; Podjarny has stated that investors told him “it is impossible to set up a cyber company without a branch in Israel”112. The company’s Series G round of $196.5 million, closed in December 2022 at a $7.4 billion valuation, was led by Qatar Investment Authority (QIA)13141516. Snyk acquired Tel Aviv-based Enso Security, an application-security posture-management (ASPM) startup, for approximately $32.7 million in a deal announced in June 2023171819, and separately acquired Helios, an observability and runtime-security startup with roughly 11 employees, for approximately $2.9 million20. Board composition includes Tamar Yehoshua, who joined in 2021 and holds an MS in Computer Science from Hebrew University of Jerusalem - an educational tie only, not an institutional patent or R&D collaboration2122. In approximately June 24–25, 2026, Snyk laid off its entire roughly 90-person Israel development-centre staff as part of a fourth global round of layoffs, effectively discontinuing its Israel R&D operation; reporting attributes this to competitive displacement by AI-native code-scanning tools - explicitly naming “Claude Code” as damaging incumbents’ business models - and to investor preference for AI-native companies2324252610. This is dated, current evidence indicating the Israel R&D footprint has been discontinued rather than ongoing, following earlier reported reductions of 30, 198, and 128 employees since 2022242510. Related leadership context: CEO Peter McKay announced his departure in February 2026 to move into an advisory role, with CFO Kenneth MacAskill installed as interim CEO and founder Guy Podjarny returning as Board Chairman explicitly to reposition Snyk around AI112728; separately, Snyk’s revenue growth is reported to have slowed sharply in 2024, reaching $278 million29. Co-founder Danny Grander is reported to be an active Israeli angel investor with a portfolio said to include Aim Security, Qodo, deepdub, Komodor, and Permit.io303132 - none of which match the rubric’s named list of Israeli surveillance/military-technology firms (NSO, Cellebrite, Carbyne, AnyVision/Oosto, Wiz, Palantir, Check Point, SentinelOne, Verint, Nice). Co-founder Assaf Hefetz is reported to serve as Managing Partner at Horizon Ventures, an AI/fintech/SaaS-focused fund3334. No public evidence identified of any of Snyk’s three founders or its independent board members holding equity stakes or board roles in NSO Group, Cellebrite, Carbyne, AnyVision/Oosto, Wiz, Palantir, Check Point, SentinelOne, Verint, or Nice. No public evidence identified of patent, licensing, or co-development agreements between Snyk and Technion, Hebrew University, or the Weizmann Institute - a Google Patents assignee search for “Snyk” did not return usable results in this session and should be treated as a methodology gap rather than a negative finding in itself. No public evidence identified specifically confirming Snyk’s receipt of Israel Innovation Authority grants or Israeli high-tech tax incentives, despite the company’s historical Tel Aviv R&D presence.
Civil Society Scrutiny & Regulatory History
Live review of the OHCHR Database of Business Enterprises pursuant to Human Rights Council resolutions 31/36 and 53/25, including its September 2025 update, did not surface any mention of Snyk; the visible business list is dominated by banks, telecoms, real-estate, and construction firms (e.g., Bank Hapoalim, Bezeq, Israel Railways), with no developer-security software firms identified3536. Direct query of the Who Profits company database returned no Snyk entry on the visible listing pages, though a full 24-page manual traversal was not completed and should be treated as partial coverage37. No search result connects Snyk to UN Special Rapporteur Francesca Albanese’s A/HRC/59/23 report (“From economy of occupation to economy of genocide,” July 2, 2025) or its discussion of Project Nimbus, surveillance, and AI, nor to the “Don’t Buy Into Occupation” 2022–2025 company lists. One informal, self-published Medium listicle (“Consequences for Genocide: A List of Israel Tech Companies Facing Global Boycott”) includes Snyk in a broad catalog of “Israeli tech companies” for boycott, citing only Snyk’s Israeli origin and open-source security product with no specific allegation, campaign detail, or documented Snyk response, and it does not constitute a Tier-1 NGO or UN source38. No public evidence identified of any regulatory inquiry, legal challenge, export-control action, or sanctions-related investigation involving Snyk’s technology sales or services to Israeli state entities. No public evidence identified of any NGO investigation (Who Profits, AFSC, Amnesty International, Human Rights Watch, Access Now, Citizen Lab, B’Tselem, Al-Haq, SOMO), academic study, or UN report specifically addressing Snyk’s technology relationship with the Israeli state or occupied-territories operations, nor of any organized, named BDS Movement or comparable campaign specifically targeting Snyk.
End Notes
Footnotes
-
https://www.sentinelone.com/blog/announcing-the-integration-of-sentinelone-cwpp-with-snyk-container/ ↩
-
https://www.carahsoft.com/news/snyk-and-carahsoft-partner-to-provide-comprehensive-application-security-to-government-agencies-2025 ↩ ↩2
-
https://docs.snyk.io/snyk-data-and-governance/regional-hosting-and-data-residency ↩ ↩2
-
https://snyk.io/news/snyk-achieves-fedramp-moderate-authorization/ ↩
-
https://www.globenewswire.com/news-release/2025/04/24/3067357/0/en/Snyk-Achieves-FedRAMP-Moderate-Authorization.html ↩
-
https://cybernews.com/security/snyk-cuts-jobs-focus-on-ai-security/ ↩ ↩2 ↩3
-
https://www.calcalistech.com/ctechnews/article/s11opqo00zx ↩ ↩2
-
https://www.timesofisrael.com/israeli-founded-cybersecurity-startup-snyk-raises-196-5-million-in-fresh-funds/ ↩
-
https://www.zawya.com/en/wealth/funds/qatars-qia-leads-1965mln-funding-round-of-cybersecurity-start-up-snyk-dff14gys ↩
-
https://www.cooley.com/news/coverage/2022/2022-12-16-snyk-closes-196-million-series-g-funding-at-7-billion-valuation ↩
-
https://www.qia.qa/en/Newsroom/Pages/QIA-leads-$196-5-million-Series-G-funding-round-in-Snyk,-the-leader-in-developer-security.aspx ↩
-
https://www.timesofisrael.com/israeli-founded-cyber-unicorn-snyk-buys-local-application-security-startup/ ↩
-
https://herzoglaw.co.il/en/news-and-insights/our-client-snyk-acquires-israeli-start-up-enso-security/ ↩
-
https://snyk.io/blog/welcoming-tamar-yehoshua-to-the-snyk-board-of-directors/ ↩
-
https://www.jpost.com/business-and-innovation/article-900466 ↩
-
https://en.globes.co.il/en/article-snyk-to-lay-off-90-employees-1001546903 ↩ ↩2
-
https://www.theregister.com/2026/02/20/snyk_ceo_stands_down/ ↩
-
https://www.thestack.technology/snyk-ceo-steps-down-better-ai-knowledge/ ↩
-
https://finder.startupnationcentral.org/investor_page/danny-grander ↩
-
https://www.datagravity.dev/p/start-up-nation-an-incomplete-history ↩
-
https://www.ohchr.org/en/press-releases/2025/09/un-human-rights-office-updates-database-businesses-involved-israeli ↩
-
https://medium.com/@ahmed.soliman/consequences-for-genocide-a-list-of-israel-tech-companies-facing-global-boycott-b33ba8412ee6 ↩