We’re pleased to announce we’ve enhanced Snyk’s security and license testing for pull requests to better support secure development workflows!
To further ensure development pipelines are not broken needlessly and to give developers full visibility into the results of Snyk’s security testing, developers can now see the full details on why their pull request failed and subsequently request the administrator to skip the test and “force pass” the pull request.
More details in this blog post.
You can now install the Snyk Container Kubernetes integration via the OperatorHub built-in marketplace, and then import and scan workloads for vulnerabilities.
Import OpenShift workloads into Snyk and start tracking your workloads for vulnerabilities. See our documentation for more information.
You can now create a view-only group-level service account, enabling read access to all organizations within the group - including their projects. To get started, check out our documentation!
We're super happy to announce our partnership with Greenkeeper, from Neighborhoodie!
With this partnership we've been able to improve our automatic upgrade dependency pull request functionality, and to build a seamless migration journey to join Snyk!
Get started maintaining the health of your dependencies with our quick video:
For more information about our cool automatic upgrade dependency pull request feature, check out:
We've just released a new enhancement to our PR tests feature! In the next few days, instead of receiving a status check per project (manifest) file, you'll receive only two combined status checks for the project in the repository: one for security and one for licenses.
When you click on the Details link, you’ll reach a page in Snyk showing a list of tests with a per-project status drill down. This feature is great for mono-repos, allowing you to see a reduced number of status checks coming from Snyk.
If Snyk checks are marked as Required in your GitHub repository settings, you'll need to swap the Required checks settings to the new combined checks (to look for the generic "security/snyk" check, instead of "security/snyk - <MANIFEST_FILE>").
In order to avoid blocking your work, we added detailed migration instructions that allow you to start the migration whenever you're ready. You can find the instructions in the Organization Settings page --> Integrations --> GitHub.
Snyk is excited to release automated fix pull requests providing you with additional support with the security of your Python dependencies. See our blog and our docs for more details about Python support.
Snyk Container detects workloads as they are created in EKS and connects to ECR to scan the container image for vulnerabilities and provide fix recommendations. We also alert you to potential workload configuration security issues. Read more about this support in our docs.
Snyk is dedicated to helping you secure your apps and fix vulnerabilities. In that spirit, we've further improved test results from our CLI and our app. Once Snyk tests your manifest files, we then provide summary and detailed remediation advice for vulnerabilities that have fixes available, enabling you to resolve those vulnerabilities in your code with the help of a clear overview, suggestions and explanations.
Summary advice now appears at the top of the Project results page, like this:
And from your CLI, all remediation advice is grouped together for easy remediation - just like this:
See our docs for more information about this cool improvement.
We've made some improvements to how our reporting looks and feels, making it easier to use!
You can now set certain filters that remain in place as you navigate through the various tabs within reporting.
Read more about reports in our docs.
Pro and Enterprise customers can now import container images from your Artifactory container registry and scan those images for vulnerabilities in Snyk.
Learn more in the blog post and find out how to get started in the documentation.
