snyk.io updates
snyk.io updates
app.snyk.io/projects

Bug Fix: Reporting > New and Fixed Issues

Over the next two weeks, starting Sunday, March 1st at 3 AM EST, we will release a bug fix affecting the counts of New Issues and Fixed Issues in the Reporting > Summary tab. We will no longer include deleted projects or re-introduced issues in the calculations of these counts, to align reporting numbers with numbers in the Issues tab.

If you have any questions, please reach out to support@snyk.io Screenshot 2021-02-25 at 4.14.36 pm.png

Webhooks in Beta

Custom webhooks are in beta 🎉

Subscribe to push events from Snyk! This new API functionality can be used to receive Snyk payloads in third-party systems (collaboration tools or incident management platforms) when a Snyk event is triggered, such as when a new vulnerability is identified.

The first event you can subscribe to is project_snapshot, which is triggered every time a project is scanned for vulnerabilities. New issues are included in the payload your webhook receives, along with the project, org, and group for context.

To learn more about the new webhooks feature, see our API documentation.

As a feature of the API, webhooks are available in all paid plans.

Bug fix: Dependencies using dual/multiple licenses alignment

We have released a bug fix to align the way license severities are resolved and displayed for dependencies using dual/multiple licenses.

Previously, for these dependencies, the resolved license severity was not always displayed within the Snyk UI and exported CSV reports. Also, the API (Licenses, Licenses by organization, and List all licenses) response did not show when a certain dependency uses more than one license.

This fix aligns Snyk’s license reporting, to show accurate license details across the UI, exported CSVs, and the API.

1.png 2.png 3.png

Snyk Infrastructure as Code - Reporting

I'm pleased to announce that we have released reporting capabilities for the Snyk Infrastructure as Code (IaC) product as general availability.

Any issues that are detected in your Kubernetes, Helm or Terraform files will now be included in the summary graphs and detailed breakdowns in the Snyk UI.

The reporting data can be exported via CSV and is also accessible via the API.

This functionality is only available to paid Snyk Infrastructure as Code customers.

For more details, see the product documentation.

If you have any issues please reach out to support@snyk.io

Snyk supports Alpine 3.13

We are happy to announce that Snyk now supports the newest release from Alpine - 3.13.

For more details, see the product documentation

Ending Snyk CLI support for Node.js 8.x

Starting from 15.02.2021, the Snyk CLI will no longer support Node.js 8.x.

LTS support for this version expired at the end of 2019 and no longer receives security updates. We consider it a general security best practice to always use runtime environments that are more up-to-date.

What does this mean? Starting from the stated date above, using the latest version of the Snyk CLI (v. 1.437.4 and above) with Node.js 8.x, either locally or as part of an automated build pipeline, might fail.

What should you do? For optimized Snyk CLI operations, we recommend upgrading Node.js to the current stable version - version 14.x.

The Snyk team is here to help! Feel free to reach out to support in case you encounter any issues or have any questions.

See the product documentation for more details.

Snyk Infrastructure as Code - CLI Performance

I'm pleased to announce that we have released a significant performance improvement to the Snyk CLI for scanning your Infrastructure as Code files.

Handling large volumes of files is now performant and benchmarking shows that scanning 500 Terraform files takes < 20 seconds. To benefit from these improvements ensure you are using a CLI version > 1.438.0 and run $ snyk iac test

If you have any issues please reach out to support@snyk.io

See the product documentation for more details.

Prioritize fixes more efficiently with Reachable Vulnerabilities for GitHub Java Maven projects

We are happy to announce the availability of Reachable Vulnerabilities for GitHub Java Maven projects. Reachable Vulnerabilities analysis will take a deeper look into how your projects are using their open source dependencies, and how those open source dependencies interact with each other, identifying whether the vulnerable part of a dependency is indeed reached or not.

The reachability analysis will provide your development and security teams with deep application-level context for vulnerabilities identified in GitHub-hosted applications, enabling them to prioritize fixes more efficiently.

This feature is in open beta and we'll be gradually making it available to Snyk users over the upcoming weeks. If you can't wait and want to get access sooner, reach out to support@snyk.io.

See the product documentation for more details.

Snyk Infrastructure as Code - Reporting

I'm pleased to announce that we have launched reporting capabilities for the Snyk Infrastructure as Code (IaC) product. Any issues that are detected in your Kubernetes, Helm or Terraform files will now be included in the summary graphs and detailed breakdowns in the Snyk UI.

The reporting data can be exported via CSV and is also accessible via the API.

This beta is open to all paying Snyk IaC customers. If you are eligible you can opt in by navigating to the settings page for your organisation, selecting "Snyk Peek" on the left hand side and then turning reporting on.

When this functionality is released, it will be automatically available to all paid Snyk IaC customers.

For more details, see the product documentation.

If you have any issues please reach out to support@snyk.io

Broker Token Sharing and Rotation APIs

Happy to announce that we've just released a new set of APIs, allowing to share Broker tokens between multiple SCM integrations and rotate tokens continuously, without downtime.

To learn more about the new APIs, please look at the following endpoints in our API docs website:

The APIs are available for Standard, Pro and Enterprise users.