Product Updates

We are pleased to announce Snyk CLI release, v1.1304.1

This release contains fixes and minor improvements. To learn more beyond what is highlighted below, please reference the full release notes.

This update includes the following:

• Improved error handling to prioritize and surface the most relevant error and correct exit code when multiple errors occur during maintenance windows. Exit code behavior is documented here:

  • https://docs.snyk.io/developer-tools/snyk-cli/debugging-the-snyk-cli#exit-codes

  • https://docs.snyk.io/scan-with-snyk/error-catalog#snyk-0099

• Snyk Agent Scan: Improved CI flexibility with an issues ignore option, and added support for Windows x86 and macOS x86 architectures.

• Fixed vulnerabilities:

  • CVE-2026-4660

  • CVE-2026-39883

If you have any questions, feel free to reach out to the Snyk support team. We encourage everyone to upgrade to the latest version to take advantage of these improvements.

Starting May 5, 2026, we're updating Snyk Code to improve scanning precision and reduce noise across all supported languages.

Improvements to scanning precision

All languages — Path Traversal severity tuning (CWE-22)
Path Traversal findings are now tiered by source risk. Findings from lower-risk sources are automatically reclassified from High/Medium to Low severity, reducing noise while keeping high-risk vectors prominent.

Java, Kotlin, Groovy — Apache Camel framework coverage (CWE-89 / CWE-22 / CWE-611)
Apache Camel Exchange HTTP sources are now tracked as taint origins. Applications using Apache Camel will see new findings where HTTP body and header values flow into SQL injection, path traversal, or XXE sinks. Customers using Apache Camel may see an increase in findings.

All languages — Improved .snyk exclude precision
.snyk exclude patterns now use full .gitignore-style glob semantics for more expressive and consistent scan scope control. Customers relying on .snyk exclude rules may see changes in scan scope.

Python — Reduced false positives on archive extraction (CWE-22 / CWE-73)
Python TarSlip detection is now scoped to genuine archive operations. Previously, any .extract() method call was flagged regardless of context - causing false positives in document parsers, ML pipelines, and custom extraction classes.
Findings now only fire when the receiver is a tarfile.open() or zipfile.ZipFile() object. ZipSlip detection via zipfile.ZipFile is also improved. Customers may see a reduction in Python TarSlip findings and new ZipSlip findings where archive contents are extracted without path sanitisation.

Important details to note

All percentage improvements are based on Snyk's curated open-source data set. As part of these updates, you may see a decrease in High and Medium severity counts for Path Traversal as findings move to Low based on source risk tier. Total finding counts remain stable. Customers using Apache Camel may see an increase in findings as new data flows are detected. These changes apply specifically to the languages and CWEs listed above, while other scan areas remain unchanged.

We added a new Known Exploited Vulnerabilities (KEV) filter to help you identify risks that the Cybersecurity and Infrastructure Security Agency (CISA) tracks as already exploited in the wild. While we already allow you to filter vulnerabilities and Common Vulnerabilities and Exposures (CVE) by their exploit maturity level, this update specifically targets the CISA KEV catalog. You can find this filter on any page where issue filters are available to help you manage your security backlog.

The CISA KEV catalog is a vital resource for meeting global security standards. For instance, FedRAMP requires strict remediation service-level agreements (SLAs) for any vulnerability listed in this catalog. Furthermore, the European Union Cyber Resilience Act (EU CRA) mandates that organizations actively monitor for vulnerabilities found in the CISA KEV catalog. We’re providing this filter to automate this visibility and help you maintain compliance across different regulatory environments.

You can now isolate vulnerabilities within the CISA KEV catalog with a single click. This helps you prioritize remediation based on documented real-world exploitation rather than just theoretical risk. By using this filter, you ensure your team addresses the specific issues that auditors and regulators prioritize, reducing the manual effort needed to cross-reference your backlog against federal and international mandates.

To learn more, visit Issue vulnerability details in our user documentation.

We are excited to be launching Repo Monitor Configuration, which allows for management of repository coverage and monitoring configurations centrally across your entire Snyk Group from the Group-level Inventory page. This means you can monitor and manage repositories without navigating between individual Snyk Organizations.

Repo Monitor Configuration provides the following capabilities:

• Centralized asset monitoring: view monitoring status for all products, identify health status, and see required actions (such as enabling Snyk Code or resolving SCM integration issues) in one view.

• Bulk import: import repositories directly from the Group Inventory page into specific Snyk Organizations.

• On-demand retesting: trigger a retest for specific repositories directly from Inventory.

• Actionable error resolution: clear guidance ia available when testing fails due to integration issues or entitlements. After the underlying issue is resolved, testing resumes automatically.

We are excited to be launching Repository Content Sync (Early Access), an enhancement to how Snyk manages your imported repositories, ensuring your security posture always reflects your current codebase. This will be available to all Enterprise customers via Snyk Preview during the week of April 13th, 2026.

This new feature provides native, automated synchronization between your Source Code Management (SCM) tool and Snyk, eliminating the need for manual re-imports or external synchronization tools. It ensures:
New Files are Detected: Snyk automatically creates new projects and monitors manifest, Docker, or configuration files as they are added to your SCM.
Deletions are Reflected: Projects associated with manifest files deleted in your SCM are automatically deactivated in Snyk.
This functionality is available across all Snyk-supported SCMs.

Please note: Because this feature enables Snyk to automatically detect and potentially create projects from newly added files, customers who enable the feature are likely to see an increase in issues.

https://docs.snyk.io/scan-with-snyk/import-project-repository/snyk-repo-content-sync

We are pleased to announce the release of new stable versions for our IDE plugins.
The new versions are:

• Visual Studio Code v2.31.0

• JetBrains v2.21.0

• Eclipse v3.9.0

• Visual Studio v2.9.0

This release is focused on enhancing stability and reliability, with key updates including:

• Fixed download URL fallback when the CLI is not found

• Fixed race conditions in authentication flows

• Added support for JetBrains 2026.1

Along with additional bug fixes, security updates, and improvements.

Please refer to the changelog for each of our plugins for a more detailed list of additional bug fixes and enhancements. You can learn more about the Snyk IDE plugins in our Learn resources.

If you have any questions, feel free to reach out to the Snyk Support team.

We’ve expanded our DAST capabilities by adding GraphQL as a supported API target type in Snyk API & Web. This enables security tests specifically designed for GraphQL operations, including queries and mutations. In addition to schema ingestion via URL or file upload, you can now fetch your schema directly from an introspection endpoint to ensure tests stay up to date. To support these scans, we've also updated our authentication settings to include dedicated options for GraphQL targets.

To learn more, visit How to configure and scan an API and How to set target authentication: GraphQL in our user documentation.

We added a new Test configuration option to the Scan dropdown menu and the Target Settings page. This allows you to verify that your target is accessible and correctly configured before starting a full dynamic application security testing (DAST) scan. When you click this button, a side panel opens in your target settings to provide real-time feedback on connectivity, authentication, web application firewall (WAF) interference, schema validity, and any detected extra hosts.

We want to simplify your onboarding experience and prevent failed scans caused by misconfigured settings. By validating your setup upfront, we help you identify and fix issues immediately, reducing the need for troubleshooting or technical support later in the process.

You can now proactively test your target configuration. To use this feature, ensure you have the view_target, change_target_settings, and start_scan permissions.

To learn more, visit How to test target configuration in our user documentation.

Python is at the heart of the modern AI revolution but for many developers the packaging ecosystem has felt like a bottleneck: burdened by slow installs and fragmented tooling. The emergence of uv has changed that, offering a high-performance alternative that has quickly become the industry standard.

Today, we are excited to announce that Snyk is bringing native support for uv to the Snyk CLI, IDE, and GitHub Actions. This integration ensures that teams can embrace the speed of uv without ever having to trade off on security.

With this update, Snyk enables you to seamlessly integrate uv security scanning directly into your existing Snyk workflows, wherever you are using the CLI.

What’s supported?

Native uv support is currently in Early Access. During this phase, you can use the following commands to secure your uv projects via the CLI:

• snyk test: Scan your uv dependencies for known vulnerabilities.

• snyk monitor: Continuously monitor your project and receive alerts for new risks.

• snyk sbom: Generate a Software Bill of Materials for your uv-based applications.

In addition to the CLI, this support extends to the Snyk IDE extensions, MCP server, and GitHub Actions, providing security coverage wherever you code.

Getting started

If you were part of the closed beta, you can begin using these features immediately on the latest stable release of the CLI (v1.1304). Otherwise, please enable the preview by navigating to the Snyk UI and toggle the feature under Snyk Preview.

What’s next?

We are committed to full-ecosystem support for uv. While this release focuses on the CLI and developer tools, SCM support will follow in the upcoming months.

Documentation

Please see the documentation for more information.

We are pleased to announce the latest stable Snyk CLI release, v1.1304.0.

We are introducing the following key improvements in this version. To learn more about bug fixes and additional enhancements beyond what is highlighted below, please reference the full release notes.

This update includes the following:

• Snyk Evo

  • Accelerate AI Governance and Security: Generate an AI-BOM and instantly validate it against your tenant's Evo policies using the new snyk aibom test command.

  • Enhanced Red Teaming insights: Agent Red Teaming scanned output now includes a vulnerability summary for quicker triage. Also improved JSON support and new exhaustive and eager modes.

• MCP

  • Faster setup: Improved auto-enable behavior for Snyk Code.

  • Ensure Reliable Package Quality: Package health checks are now fully promoted to the stable release channel, providing consistent and reliable risk information.

• Container

  • Extended support for Java runtime binary scanning.

• Additional Reliability and Performance Improvements

  • Increased stability with explicit network retry configuration, option to force global Maven usage, faster Golang scans, improved dependency resolution for Go, Yarn, and Python, and enhanced resilience against non-fatal Maven build errors.

Release notes can be found here.

If you have any questions, feel free to reach out to the Snyk support team. We encourage everyone to upgrade to the latest version to take advantage of these new features and improvements.