snyk.io updates app.snyk.io/projects

New

We are excited to announce the new Nexus Repository Manager integration for Snyk Open Source! 🚀

This integration enables Snyk to resolve all direct and transitive dependencies of packages hosted in Nexus when testing Maven projects imported from Git, and calculate more complete and accurate dependency graphs.

Snyk will also use this integration to access private dependencies when creating Pull/Merge Requests, and update npm/yarn lockfiles using the correct URLs.

This release fully supports Nexus 3.x. Support for Nexus 2.15 and above is in open beta.

The integration is available on Enterprise plans.

To get started, see the 📖 documentation.

New

We are pleased to announce that Snyk Open Source now officially supports Gradle 7 in the Snyk CLI.

You can now confidently run snyk test and snyk monitor in your Gradle 7 projects, and see the complete picture of their dependencies, vulnerabilities and licence usage.

This support covers Gradle 7.0 and all minor versions above.

It is recommended you upgrade to Snyk CLI v1.969.0 or higher for the best experience.

See the Snyk Open Source Gradle documentation and CLI help for more details.

New

Improved

Improved the CLI Output for Snyk IaC to provide you with more informative and actionable feedback. The new CLI Output has been optimised for readability and displays issues in a more clear way to help you find your issues faster and take action to remediate them.

What's Changed?

Issues Section - View more useful information related to your issues.

Issues Ordered by Severity - Issues are now displayed by severity to help you focus on the most important issues.

Summary Section - The new summary section has been redesigned to help you get a quick view of your scan.

What should you do?

To get access to the improved CLI Output:

Update your CLI to v1.970.0 or later.

View the documentation for more details.

New

In CLI version 1.962.0, when using the --json flag together with the --app-vulns flag, we now list operating system as well as application vulnerabilities in a JSON format. Before the change, using the --app-vulns flag together with the --json was not possible.

This improvement is one step towards supporting an upcoming change that will allow the CLI to scan application vulnerabilities by default (without the need to specify the --app-vulns flag).

We have added a new JSON key called ‘applications’ that includes an array of all application scan results. The new JSON format will look like the following:

`{
  "vulnerabilities": [],
  "ok": true,
  "dependencyCount": 13,
  ...
  "packageManager": "apk",
  "summary": "No known vulnerabilities",
  "uniqueCount": 0,
  "projectName": "docker-image|snykgoof/os-app",
  "platform": "linux/amd64",
  "path": "snykgoof/os-app:node-snykin/os-app",
  "applications": [
    {
      "vulnerabilities": [
        {
          A bunch of vulns
        },
        ...
      ],
      "ok": false,
      "dependencyCount": 116,
      "packageManager": "yarn",
      "summary": "14 vulnerable dependency paths",
      "uniqueCount": 9,
      "targetFile": "/app2/package.json",
      "projectName": "snykin",
      "displayTargetFile": "/app2/package.json",
      "path": "snykgoof/os-app:node-snykin"
    }
  ]
}`

Improved

What's Changing?

We are changing the behaviour of snyk iac test to only scan files within your current working directory.

Currently when a user runs snyk iac test ../my-folder the command will be executed. However after the change if you try to run snyk iac test ../my-folder it will return an error.

We are making this change to create a more consistent and predictable way of how we group and display findings from scanning your directories and files.

Please see documentation for more information.

When is this happening?

Using path arguments outside of your current working directory is unsupported from CLI v1.968.0 onwards.

New

We're excited to announce the release of Learning progress, enabling developers to get a better overview of their progress with learning security:

• Categories: insights about the education of the specific domain
• In-progress: easily find where you stopped and continue learning
• Recommended: lessons that are mostly related to your expertise

Learning progress is accessible through the main top navigation:

New

We're pleased to announce that Snyk`s Learn reporting is released and can be accessed without further action. Our goal for this iteration was to provide you visibility over the adoption metrics of security education. We provide you:

• Lessons Overview: which lessons your colleagues have viewed, and what security issues do they cover.
• User Overview: how many lessons your colleagues have viewed.
• Category Overview: which categories your colleagues have selected in their profile.

Just go to Snyk Learn > User Menu (top right) > Reports

Select your organisation at the top right & report you are interested in:

Soon we will also provide a personal overview so that every developer is able to easily assess his knowledge and start or continue their learnings.

Stay tuned 👋

New

We’re pleased to announce Snyk’s new role-based access management capabilities, providing admins with greater flexibility in managing Snyk access in your organization!

Group admins can now grant users the permissions they need to do their jobs across the Snyk platform - and only those permissions - by creating their own customized roles and assigning specific, organization-level permissions to them.

Applicable to Enterprise plan only.

For more information, read our blog or refer to our documentation.

We’re pleased to announce that Snyk is now also hosted in the EU (Frankfurt), enabling Snyk customers to comply with European data residency requirements to store data in Europe.

This new deployment option is currently available for new Snyk customers only. Migration from other regions and Snyk’s other deployment options will be supported in the future.

For more information on this announcement, please refer to our blog.

New

New

Improved

Snyk Learn has become a valuable resource for developers to learn about application security. Today we are incredibly happy to announce the release of our new Homepage & Lessons Library.

Now it is even easier to navigate across various security lessons or categories. The new homepage showcases all the benefits Snyk Learn brings to the teams, in particular in combination with other Snyk products and just-in-time integration into the developers’ workflow.

Check it out today, we are eager to hear your feedback: https://learn.snyk.io

New homepage

Lessons library