snyk.io updates
snyk.io updates
app.snyk.io/projects

User Hub for knowledge resources

 

New

  

Weโ€™re very happy to announce a new User Hub page, giving access to all knowledge resources for Snyk users.

Screenshot 2022-09-22 at 17.29.21.png

This resource connects Snyk users to all knowledge resources for using Snyk, such as:

Default reviewer assignee to pull requests in Bitbucket Server / Data Center

 

New

  

We are happy to share that our Bitbucket Server / Data Center integration now supports the default reviewers assignee settings in Bitbucket.

From now on, any pull request opened by Snyk would be assigned to the default reviewer set in Bitbucket.

This enhancement works out the box - nothing needs to be done unless you use Broker. If you use Broker on Bitbucket Server / Data Center, please make sure to update it to the latest version in order for this enhancement to work.

 

Improved

  

Snyk Container - Improved Go binaries scanning

 

Improved

  

With the release of the Snyk CLI version 1.999.0, support for Go binary scanning in containers has been extended and improved. As long as binaries are built with go module support enabled, Snyk now also scans Cgo binaries, binaries with stripped debug information (the -ldflags="-s -w" compiler setting), binaries built with the -trimpath compiler setting and binaries with vendored dependencies.

Read more about application dependency scanning in our documentation.

Projects page performance enhancements: pagination and grouping

 

Improved

  

To improve the overall Projects page performance, Snyk added pagination and the ability to organize projects.

Currently, every request or filter you apply on the Projects page involves retrieving all the targets and projects for the page. For enterprise users with hundreds of thousands of imported projects, this can result in prolonged load times. Adding pagination can improve the Projects page load time by up to 90%.

Project Listing Pagination.png

View our documentation for more details.

Snyk Container now supports scanning Python applications in the CLI & Kubernetes Integration

 

New

  

We are happy to announce that Snyk Container now detect vulnerable dependencies of Python applications (Poetry and Pip) in a container image when scanning through the CLI or through the Kubernetes integration. This change is available in CLI version 1.998.0. We also improved the container registry scanning and added Poetry support.

Read our documentation to understand more about container application scanning.

Open Source, Infrastructure as Code and Code support in Eclipse

 

New

  

The support for Infrastructure as Code, Code and Open Source (improved) in Eclipse is now officially released ๐ŸŽ‰. This includes automatic analysis, inline highlights on hover, gutter icons, squiggly line and problems tab integration.

How to get started if Iโ€™m using Eclipse?

For Eclipse use the normal path to upgrade the software, or get the latest plugin from the marketplace. Here is a sneak peek:

image (10).png

Please see our documentation for more information or reach out if you have any questions and suggestions.

Snyk Learn - New lesson - DOM XSS for JavaScript

 

New

  

Let's hack! Walk through an example of exploiting DOM XSS vulnerabilities! This lesson looks at some vulnerable code and goes over mitigation techniques.

DOM XSS is our latest JavaScript lesson. Check out Snyk Learn for more lessons in JavaScript and many other languages.

Screen Shot 2022-08-22 at 10.12.38 AM.png

Introducing Snyk Training

 

New

  

Snyk Training is an easy way for teams to get an introduction to Snyk tools and user best practices. Most courses take between 3 and 10 minutes.

  • The Implement Snyk courses focus on key decisions and tasks when implementing Snyk, such as determining the organization structure and setting up single sign-on.

  • The Configure and manage Snyk courses focus on tasks to set up and manage a Snyk organization, including setting notification defaults, configuring integrations, and managing members.

  • The Find and fix issues with Snyk courses focus on developer tasks for getting started with the CLI, an IDE plug-in, or using Snyk in the web UI. The Video Library provides an even easier way to learn these developer tasks.

To browse the entire Snyk Training catalog, visit https://training.snyk.io/. Sign up to track your learning progress.

Improved public repo monitoring

 

Improved

  

A new version of Snykโ€™s Monitor Public GitHub Repos feature has been released to improve scalability and platform support. Using this feature you are able to monitor public repositories not directly owned by your SCM account through a GitHub integration connected by a user in your Snyk organization. With this release your followed projects will now trigger notifications according to your preferences, and be visible in reports.

Existing monitored public GitHub repos will be migrated, and no action is required for organizations where a user has already connected a GitHub SCM integration.

If you do not already have a GitHub integration connected, action is required to maintain recurring testing of these projects. Projects without access to a GitHub integration will remain static and their scan results will not reflect changes made at the public GitHub repository. Instructions for adding a GitHub integration can be found in our documentation.

For more information about this feature, see the ๐Ÿ“– documentation.

ReadOnlyProjectsGithub.png

Nexus Repository Manager integration

 

New

  

We are excited to announce the new Nexus Repository Manager integration for Snyk Open Source! ๐Ÿš€

This integration enables Snyk to resolve all direct and transitive dependencies of packages hosted in Nexus when testing Maven projects imported from Git, and calculate more complete and accurate dependency graphs.

Snyk will also use this integration to access private dependencies when creating Pull/Merge Requests, and update npm/yarn lockfiles using the correct URLs.

This release fully supports Nexus 3.x. Support for Nexus 2.15 and above is in open beta.

The integration is available on Enterprise plans.

To get started, see the ๐Ÿ“– documentation.