snyk.io updates app.snyk.io/projects

New

Improved

Snyk Learn has become a valuable resource for developers to learn about application security. Today we are incredibly happy to announce the release of our new Homepage & Lessons Library.

Now it is even easier to navigate across various security lessons or categories. The new homepage showcases all the benefits Snyk Learn brings to the teams, in particular in combination with other Snyk products and just-in-time integration into the developers’ workflow.

Check it out today, we are eager to hear your feedback: https://learn.snyk.io

New homepage

Lessons library

New

Users with ‘Collaborator’ permissions can now view and make changes to IaC settings in the Snyk app Infrastructure as Code setting sidebar.

This includes:

• Enabling config file detection.
• Customizing rule severity settings.

Improved

What's Changing?

We are changing the behaviour of snyk iac test to only scan files within your current working directory.

Currently when a user runs snyk iac test ../my-folder the command will be executed. However after the change if you try to run snyk iac test ../my-folder it will return an error.

We are making this change to create a more consistent and predictable way of how we group and display findings from scanning your directories and files.

Please see documentation for more information.

When is this happening?

We will change this behaviour on 11th July 2022.

Fix

In certain situations (Why does my Maven package show Unknown version), Maven, Gradle and SBT projects imported via Git can contain dependencies where Snyk is unable to determine the version.

On Feb 17th, 2022, a change was released to label these versions as unknown. This caused Snyk to report such dependencies as being affected by all the vulnerabilities for that package, and may have led to false positives for issues not relevant to the actual version used.

On June 17th, 2022, we will roll out a fix with the following changes:

1. Stop reporting vulnerabilities for dependencies with unknown versions
2. Add a UI component to project pages to make it clear when they contain dependencies with unknown versions

When this change is deployed, you may see the number of vulnerabilities in your projects go down.

Note: you can see dependencies with unknown versions in Reports. While it is not currently possible to filter dependencies by version in the Reports UI, you can export as CSV for analysis.

Improved

What's changing?

Currently, the Snyk CLI excludes Gradle configurations set as isResolvable: true && isConsumable: true. The reason for excluding these is because according to docs.gradle.org about declaring dependencies, this combination is deprecated and shouldn’t be used.

However, many applications still include configurations like these, so we are changing behaviour to include them in Snyk CLI scans.

What will you see?

You should see more accurate results in the Snyk CLI for applications using isResolvable: true && isConsumable: true configurations.

This might mean an increase in the number of dependencies, and/or different resolved versions for existing dependencies.

By reporting more and different versions of dependencies, the number of vulnerabilities may also potentially increase.

When is this happening?

This change will be released in a new version of the Snyk CLI on June 16th.

Improved

Open beta

Improved the CLI Output for Snyk IaC to provide you with more informative and actionable feedback. The new CLI Output has been optimised for readability and displays issues in a more clear way to help you find your issues faster and take action to remediate them.

What's Changed?

• Issues Section - View more useful information related to your issues.
• Issues Ordered by Severity - Issues are now displayed by severity to help you focus on the most important issues.
• Summary Section - The new summary section has been redesigned to help you get a quick view of your scan.

What should you do to enable this?

1. To get access to the improved CLI Output:

2. Log on to the Snyk Platform

3. Head over to Settings > Snyk Preview

4. Enable “ Additional CLI result information for Infrastructure as Code”

5. Update your CLI to v1.939.0 or later

View the documentation for more details.

Improved

Improved UI for Snyk IaC include Terraform, CloudFormation, and Kubernetes files. You now have a detailed view displaying one code snippet per issue, making it easier to identify the issue in code and creating consistency across the UI for Helm chart files and Snyk Code projects.

What has changed?

• Filter by Severity: sort by severity of Critical, High, Medium, and Low
• Work by Misconfiguration: the file is separated into misconfiguration issues and code snippets, instead of a code block of the entire file containing issues.
• Full Details - view the full file for additional configuration context.

View the documentation for more details.

New

Using the CLI command you can:

• Detect drift within a specific feature or cloud environment
• Discover unmanaged resources in your cloud environments
• See % IaC coverage of your cloud environments

This release includes a brand new CLI UI for clearer reporting. For usage and constraints, please see the product documentation, the release blog post or the Snyk CLI help.

New

The Snyk run tasks integration automates security and compliance in Terraform Cloud workflows.

Using the Snyk integration you can:

• Track security and compliance status of your workspaces
• Manage security guardrails and policy enforcement across workspaces
• Resolve security misconfigurations with fix guidance in Snyk

To start, navigate to your Integrations page in Terraform cloud and connect Snyk to your workspaces.

This feature is available on all Snyk plans.

For usage and context, see the Terraform Cloud integration documentation and our blog post. Also available is a great Hashicorp + Snyk tutorial.

New

Scanning for Terraform Variables is now released in the Snyk CLI 🎉.

snyk iac test will now process IaC configurations defined using variables, enabling greater security findings and more accurate results.

Upgrade Snyk CLI to v1.868.0 or above and run snyk iac test as usual in your directory with TF files.

For usage and constraints, see our documentation.