snyk.io updates app.snyk.io/projects

Identifying the right projects to work on at the right time can quickly become unmanageable when you scale from dozens to hundreds, or even thousands. Ensuring that your teams are working as efficiently as possible can let them focus on fixing issues rather than finding what they should be working on — you need to be able to find a needle in this haystack!

It’s with great pleasure that we can announce the latest feature to improve management at scale: Project tags. With Project tags, you can organize and locate your projects by tagging them based on any criteria that you have. Whether it’s grouping projects by team, the applications they are part of, or the potential risk they have in your system, you can organize and prioritize your work how you like.

You can read more about how to scale successfully with Snyk in our blog, and you can learn more about project tagging by visiting our API docs and Knowledge Centre.

Happy to share that Snyk licenses support has been extended to include non-SPDX licenses. By default, newly added licenses will inherit the “Unknown” license severity, which can be later updated at the settings area.

In order to be alerted, in cases where those licenses were used in any of your projects, verify that the severity level is not set to “None”.

To learn more about license compliance, visit our Knowledge Center.

Happy to announce that a new Snyk IDE plugin is now available, allowing Python developers to find and fix security vulnerabilities and license issues in their open source dependencies from within PyCharm! 🎉

The new plugin is based on Snyk CLI and supports the following:

• PyCharm Community / Educational / Professional versions 2020.2 and above
• All the Python package managers that are supported by Snyk: Pip, PyPI and pipenv


To learn more about the new PyCharm plugin, visit our Knowledge Center.

One of Snyk’s most powerful features is the ability to open fix and upgrade pull requests, directly in the SCM, making it easy for developers to fix vulnerabilities in their repos and keep the dependencies up to date in one click.

From now on, all of our PRs in GitHub (both fix and upgrade) will be signed with a PGP key, providing developers the confidence that Snyk's fix and upgrade PRs are generated by a trusted source 🎉

To learn more about the GitHub integration and Signed Commits for Fix and Upgrade PRs, visit our Knowledge Center.

If you look closely we’ve given the project page a makeover; we’ve not taken anything away from the page, we’ve just moved things around to help improve the user experience. This is to help cater for project attributes, which are static and non-configurable fields on projects which allow you to add additional metadata (also known as “values”) to a project.

The values added to a project can be used to group, organise, and filter projects in Snyk so that you can work efficiently and effectively prioritise what needs to be worked on. You can apply values to projects through the UI and through the API.

To learn more about project attributes, visit our API docs and Knowledge Center.

We’re happy to share that we’ve improved our PR Tests logic!

When Snyk cannot find in the tested pull request a manifest file that is being monitored, it will now skip its test instead of failing it, so the PR check will show as successful.

This change allows to keep the repositories you monitor with Snyk secured, by testing new pull requests for vulnerabilities and license issues, while allowing developers to get more accurate PR tests results.

Happy to share that Snyk now allows you to configure a specific GitHub account on whose behalf the fix and upgrade PRs will be opened!

In order to use this feature, you'll need to follow the above steps:

1. Open GitHub's Integrations Settings page by clicking on Settings → Integrations → GitHub
2. Enable the toggle button under the Open fix and upgrade pull requests from a fixed GitHub account setting
3. Follow the in-page instructions for creating a personal access token in GitHub
4. Provide the newly generated token to Snyk so it can be used for opening Fix PRs in GitHub

To learn more about this feature, visit our docs.

Snyk now supports the newest release from Alpine - 3.12. Rescan to get started.

Customers who use Snyk to scan their Java Maven applications can now understand which vulnerabilities have a path from the source code to the vulnerable function and prioritize accordingly.

Reachable Vulnerabilities is Beta now and available for Java Maven projects scanned via the CLI. Run snyk test --reachable in order to start using.

Read more about Reachable Vulnerabilities in our documentation and read how it fits with all of our new prioritization features.

For Snyk Container customers using our Kubernetes integration we're providing even more context to our new Priority Score. Where we find vulnerable packages running in poorly configured workloads we'll increase the priority, making it even easier to identify high-risk vulnerabilities.

Read more about the new Snyk prioritization features and find our how to use the Snyk Container prioritization functionality in the documentation.