Weโre very happy to announce a new User Hub page, giving access to all knowledge resources for Snyk users.
This resource connects Snyk users to all knowledge resources for using Snyk, such as:
We are happy to share that our Bitbucket Server / Data Center integration now supports the default reviewers assignee settings in Bitbucket.
From now on, any pull request opened by Snyk would be assigned to the default reviewer set in Bitbucket.
This enhancement works out the box - nothing needs to be done unless you use Broker. If you use Broker on Bitbucket Server / Data Center, please make sure to update it to the latest version in order for this enhancement to work.
With the release of the Snyk CLI version 1.999.0, support for Go binary scanning in containers has been extended and improved. As long as binaries are built with go module support enabled, Snyk now also scans Cgo binaries, binaries with stripped debug information (the -ldflags="-s -w" compiler setting), binaries built with the -trimpath compiler setting and binaries with vendored dependencies.
Read more about application dependency scanning in our documentation.
To improve the overall Projects page performance, Snyk added pagination and the ability to organize projects.
Currently, every request or filter you apply on the Projects page involves retrieving all the targets and projects for the page. For enterprise users with hundreds of thousands of imported projects, this can result in prolonged load times. Adding pagination can improve the Projects page load time by up to 90%.
View our documentation for more details.
We are happy to announce that Snyk Container now detect vulnerable dependencies of Python applications (Poetry and Pip) in a container image when scanning through the CLI or through the Kubernetes integration. This change is available in CLI version 1.998.0. We also improved the container registry scanning and added Poetry support.
Read our documentation to understand more about container application scanning.
The support for Infrastructure as Code, Code and Open Source (improved) in Eclipse is now officially released ๐. This includes automatic analysis, inline highlights on hover, gutter icons, squiggly line and problems tab integration.
For Eclipse use the normal path to upgrade the software, or get the latest plugin from the marketplace. Here is a sneak peek:
Here is how to enable it for Neovim: https://docs.snyk.io/ide-tools/language-server-beta#example-configuration-for-neovim
Here is how to enable it for Sublime Text: https://docs.snyk.io/ide-tools/language-server-beta#example-configuration-for-sublime-text
Please see our documentation for more information or reach out if you have any questions and suggestions.
Let's hack! Walk through an example of exploiting DOM XSS vulnerabilities! This lesson looks at some vulnerable code and goes over mitigation techniques.
DOM XSS is our latest JavaScript lesson. Check out Snyk Learn for more lessons in JavaScript and many other languages.
Snyk Training is an easy way for teams to get an introduction to Snyk tools and user best practices. Most courses take between 3 and 10 minutes.
The Implement Snyk courses focus on key decisions and tasks when implementing Snyk, such as determining the organization structure and setting up single sign-on.
The Configure and manage Snyk courses focus on tasks to set up and manage a Snyk organization, including setting notification defaults, configuring integrations, and managing members.
The Find and fix issues with Snyk courses focus on developer tasks for getting started with the CLI, an IDE plug-in, or using Snyk in the web UI. The Video Library provides an even easier way to learn these developer tasks.
To browse the entire Snyk Training catalog, visit https://training.snyk.io/. Sign up to track your learning progress.
A new version of Snykโs Monitor Public GitHub Repos feature has been released to improve scalability and platform support. Using this feature you are able to monitor public repositories not directly owned by your SCM account through a GitHub integration connected by a user in your Snyk organization. With this release your followed projects will now trigger notifications according to your preferences, and be visible in reports.
Existing monitored public GitHub repos will be migrated, and no action is required for organizations where a user has already connected a GitHub SCM integration.
If you do not already have a GitHub integration connected, action is required to maintain recurring testing of these projects. Projects without access to a GitHub integration will remain static and their scan results will not reflect changes made at the public GitHub repository. Instructions for adding a GitHub integration can be found in our documentation.
For more information about this feature, see the ๐ documentation.
We are excited to announce the new Nexus Repository Manager integration for Snyk Open Source! ๐
This integration enables Snyk to resolve all direct and transitive dependencies of packages hosted in Nexus when testing Maven projects imported from Git, and calculate more complete and accurate dependency graphs.
Snyk will also use this integration to access private dependencies when creating Pull/Merge Requests, and update npm/yarn lockfiles using the correct URLs.
This release fully supports Nexus 3.x. Support for Nexus 2.15 and above is in open beta.
The integration is available on Enterprise plans.
To get started, see the ๐ documentation.
