Automated dependency upgrades for Bitbucket Cloud

Automated dependency upgrades are now available through your Bitbucket cloud integration, or for specific Bitbucket Cloud projects.

Read more in our docs, give it a try and let us know what you think!

image (24).png

New legal license instructions added!

We've released the Legal Instructions field where you can now customize advice for your teams when license issues are identified. You'll onboard developers faster than ever with relevant calls to action. Read all about it in our docs.

More improvements in our API!

You asked, we supplied! For Yarn and npm projects you can now also add your package-lock.json and yarn.lock files to get more accurate Snyk test results. See our docs for more info.

Get a single user by user ID

Organization and group administrators can now retrieve user details for a single user with our new API command. Check out our docs for more help.

Scan your Bitbucket Cloud and GitHub Enterprise Dockerfiles as part of your container security

As part of our continued efforts to further enrich container scanning, we’re super pleased to announce that you can now enrich your container scan results by adding your Dockerfile from Bitbucket Cloud or GitHub Enterprise (in addition to the support we already provided through GitHub and GitLab of course!). To get started, import your container from any of the registries we support. Need help with containers? Check out our docs!Dockerfile_CTA.png

Access Integration settings naturally from the Integrations area

Check out the new cogs cog.png that appear on all of the integrations you’ve already set up. With a quick glance alone, you can identify the integrations you’ve already configured and then directly access their settings. See our docs for more help with your integrations.

Dockerfile parsing improved

We know you might have experienced some issues with your Dockerfile in Snyk lately when using multiple build stages or Dockerfile variables, so we just wanted to let you know we’ve ironed things out.

We now correctly:

  • resolve base image names when using the Dockerfile multi-stage build functionality
  • identify installed packages when you use variables in your Dockerfile>

    Need some help with your Dockerfile and image remediation? Check out our docs for more info.

Track and easily upgrade your dependencies with Snyk

Once imported for monitoring, enable your GitHub integrations, GitHub Enterprise integrations, or specific projects for our new automatic upgrade PR feature and Snyk will automatically create upgrade PRs as relevant. Read more in our docs, give it a try and let us know what you think. image (3).png

Deep manifest file search now available, and more!

From now on, you don’t need to ensure your manifest file is on the root level, and you don’t have to tell us where it is either. For GitHub, GitHub Enterprise, Bitbucket Server, Bitbucket Cloud and Azure Repos, we now search the entire depth of your project to find and analyze the manifest files for your application when importing projects to Snyk.

To get started:

    for Broker, upgrade to at least v 4.53.0
    for projects Snyk is already monitoring, re-import.

When importing (or re-importing), use the Exclude folders field if you don't want Snyk looking through certain parts of the project.

2019-08-04_15-50-35.png

Plus! We’ve updated our GitLab integration settings screen, making it easier than ever to onboard, integrate and import your GitLab projects for security scanning, fixing and monitoring. Log out and back in to get started.

2019-08-04_15-59-38.png

Test your apps & containers for security vulnerabilities with Snyk in CircleCI!

Add our Snyk Orb for your CircleCI workflows and enable security testing as part of your automated builds. See our docs for more details.image (2).png