Product Updates

We’ve introduced an improved search and discovery experience on security.snyk.io, making it easier to explore open source packages, vulnerabilities, and security insights - all in one place.

Following the delivery of the improved package experience, this update introduces a refreshed homepage and unified search on security.snyk.io.

The updated experience features a cleaner interface, enhanced navigation, and expanded discovery options, providing a more seamless way to explore packages and vulnerabilities across security.snyk.io.

What’s new

• A redesigned homepage with clearer entry points into ecosystems, vulnerabilities, and package data.

• New unified search results for packages and vulnerabilities, offering faster and more intuitive discovery across supported ecosystems.

These updates deliver greater clarity and consistency in how security information is explored, supported by the same trusted data that powers security.snyk.io.

To explore the updated experience, visit security.snyk.io and try searching for any package or vulnerability.

Customize your dashboard with the new analytics experience. We’re launching the general availability of the redesigned Snyk Analytics experience. You now have access to a customizable tenant-level landing page featuring a widget inventory, allowing you to arrange widgets for a personalized dashboard. This update also includes Saved views, a centralized Report catalog for discovering reports, and enhanced drill-down capabilities for issues and assets.

We want to provide a more flexible way to visualize your security posture. These changes ensure you can surface the metrics most relevant to your organization and access critical data faster through a centralized view.

You can create a dashboard tailored to your specific monitoring needs by selecting widgets from the inventory. The new experience simplifies how you find pre-built reports and allows you to investigate specific security topics directly from your customized view.

To learn more, check out our Redesigned Analytics docs.

We have released a new CLI hotfix (v1.1301.2) to address a bug when using Snyk with agentic integrations such as Amazon Kiro:

• MCP: Ensure compliance with the model context protocol specification

Release notes can be found here.

If you have any questions, feel free to reach out to the Snyk Support team.

We've enhanced our Docker Hub integrations by adding GitHub App support. This update allows you to attach a Dockerfile to your Snyk Container images directly through your GitHub Cloud and GitHub Server App integrations.

Attaching a Dockerfile gives you more precise fix advice, including smarter base image recommendations for both major and minor upgrades, and a wider range of alternative upgrade paths. This new capability means Snyk gains deeper context about your image during scans, leading to more actionable and tailored recommendations.

No explicit action is required to enable this feature. To start, simply navigate to your Snyk Container image Project settings. There, you can use the Configure Dockerfile option to select the appropriate Dockerfile via your GitHub App integration.

To learn more, visit Detect Vulnerable Base Images from your Dockerfile.

We have been listening to your feedback regarding the upcoming improvements to Snyk Code analysis for the Java, Kotlin, and .NET ecosystems.

To ensure the best possible experience and minimize disruption during the busy end-of-year season, we have decided to reschedule this rollout. These updates, including support for the Netty framework and ASPX inline code expression blocks, will now go live on January 12.

Thank you for your feedback as we work to improve the accuracy of your scan results.

We’re releasing support for the Dart programming language in Snyk Code, now available in Snyk Preview. This update allows you to scan your Dart code, which is frequently used with the Flutter framework, for security vulnerabilities. We have added detection capabilities for a variety of issues, including insecure data handling, authentication flaws, and injection risks.

We added this language support to help you secure mobile and offline storage, ensure robust authentication flows, and harden network communications within your Dart applications. By expanding Snyk Code capabilities, we aim to provide better coverage for modern mobile development stacks and help you prevent critical risks like cleartext logging and SSL/TLS validation failures.

To start scanning Dart applications, you must enable the feature manually. Navigate to Settings > Snyk Preview and enable the Dart support option. Once enabled, we will include Dart files in any future tests and retests, identifying vulnerabilities such as SQL injection and path handling issues.

To learn more, visit Snyk Code language and framework support in our user documentation.

We have released a new version of Snyk’s JetBrains IDE plugin to address bugs and improve the overall user experience:

• Fixed a bug where Agent Fix would not apply edits for file paths containing spaces or special characters

This release can be found here.

If you have any questions, feel free to reach out to the Snyk Support team.

We have released a new CLI hotfix (v1.1301.1) to address bugs and improve the overall user experience:

• Reachability

  • Fixed an issue in test, when using reachability, that caused the fix advice to display incorrectly on certain occasions

  • Resolved a monitor bug with double-dashed arguments when using reachability

• General improvements

  • Improved scanning speed when running test/monitor with reachability

  • Improved SCA scanning through MCP with fewer I/O operations

  • Fixed multiple issues to make Snyk work more smoothly in your code editor

  • Updated dependencies to improve stability and security

Release notes can be found here.

If you have any questions, feel free to reach out to the Snyk Support team.

We are excited to share that Reachability for Python will gradually enter General Availability (GA) across all Snyk environments during the period of December 11th, 2025 to January 12th, 2026.

What is Reachability?

If enabled for your Group or Org, Reachability works by scanning your source code and determining whether the code (e.g. a specific function) that makes a vulnerability exploitable is actually reachable, either directly or transitively.

This contextual risk factor can help you prioritize which issues to prevent or fix first, based on the exploitability risk they pose to your applications.

What's changing with this release?

With the GA release of Reachability for Python, Snyk will automatically detect the reachability of issues across all pip, pipenv, and poetry projects.

If you use Reachability today but have not opted into the Snyk Preview of Reachability for Python, you may notice changes in the Risk Score for issues in these projects due to the inclusion of the reachability risk factor.

You can also expect ongoing Reachability improvements to be released twice monthly for all languages in General Availability, helping to regulate false positives and negatives across your projects.

How do I get started?

Not using Reachability yet at all? You can read our User Docs to learn more about how to get started.

We’re introducing Objective C support in preview to help you secure your iOS and macOS applications. This update allows you to identify vulnerabilities across industry-standard libraries like AFNetworking and Realm, as well as native frameworks including Core Data and Security. You can now enable this feature directly in your settings to start scanning your code immediately.

We built this to ensure you have comprehensive coverage for your Apple ecosystem development, particularly for critical use cases like encrypted offline-first storage and hardened credential management. By supporting common libraries such as OpenSSL and Couchbase Lite alongside native frameworks, we help you secure legacy and active projects against complex risks.

This update affects developers and security teams managing Objective C codebases. If you use libraries like SQLite, RNCryptor, or Foundation, you can now detect security issues within your existing workflows. To benefit from this new capability, you must manually enable Objective C support within Snyk Preview.

To learn more, visit our Snyk User Documentation.