We are happy to announce that Snyk's GitHub Actions now support showing open source vulnerabilities within the GitHub security tab, leveraging the GitHub's new Code Scanning interface! This addition will allow you to automatically scan your open source dependencies for security vulnerabilities and license issues, and view results directly from within GitHub’s Security tab!
For more details and usage instruction, see this section in the Snyk Actions repository.
We are happy to update that Snyk now supports the newest release from Ubuntu - 21.04
For more details, see the product documentation
We are very happy to announce that the Snyk CLI now supports testing Elixir projects 🎉
You can now test and monitor your Mix/Hex projects for vulnerabilities, with full support for umbrella projects, Elixir & Erlang dependencies.
CLI support for Elixir is available from version 1.561.0, see the documentation for more details.
We’re pleased to announce our new plugin for JetBrains IDEs, making it easier for developers to find and fix security issues as they code! Within seconds, the plugin provides a list of all the different types of issues identified, in three categories:
The plugin is easy to install just like any other JetBrains plugin, directly from within your IDE or from the JetBrains marketplace. Beneath the surface the powerful Snyk AI engine ensures both the speed of executed scans as well as the accuracy of results, guaranteeing an extremely fast feedback loop for developers.
Oh, and did we mention the plugin is totally free?! Any Snyk user using JetBrains IntelliJ and WebStorm can download the plugin and start scanning the code for issues, including free users. 🚀
We are pleased to announce the general availability of project attribute policies, enabling security teams to create granular policies that align with the context of their applications. This gives more power and flexibility to our policies engine, allowing you even greater prioritization of issues.
You can create project attribute policies for License policies and Security policies. Project attribute policies are available for Pro and Enterprise users.
For more details, see the product documentation.
We're happy to share that we just released a new Maven plugin version which is now based on the CLI! 🎉
As the new plugin is based on the CLI, all of the CLI options (args) are now available out-of-the-box from within the plugin and can be easily consumed as part of the Maven build process.
This means that you can now customize the test and monitor runs by setting a custom severity threshold, failing only when there were vulnerabilities that can be fixed, generating json output and more.
For more details and usage instructions, see the Snyk Maven Plugin repository.
I'm pleased to announce we have released a public beta of new functionality in the Snyk IaC CLI in version 1.511.0
You can now scan your Terraform Plan output, which will include any variables & modules that you use, enabling us to detect a broader range of security misconfigurations.
Additionally any configuration files that you scan (Terraform or Kubernetes) will be processed locally within the CLI and not sent to Snyk for processing.
This functionality is available in beta now and can be used by appending --experimental to any Snyk IaC CLI command.
For example $ snyk iac test --experimental or to test a Terraform Plan file name your file tf-plan.json and run $ snyk iac test tf-plan.json --experimental
For more details, see the product documentation
If you have any issues please reach out to support@snyk.io
We're happy to share that Quay container registry is now supported as part of our container integrations offering. Starting today, all Snyk users will be able to scan and fix vulnerabilities in their container images stored in Quay.
To get started, configure Quay from our integrations page. If you're using a self-hosted Quay, contact us for a brokered setup. Otherwise, you can start setting it up yourself and import images.
Once integrated, you can start adding images from Quay and test them for vulnerabilities.
To learn more about Snyk integration with Quay, see our documentation.
We're thrilled to share that Snyk can now raise fix pull requests against your Dockerfiles!
For every scanned Dockerfile that contains a base image for which we provide recommendations, we will raise an automatic fix PR in case there is a better base image that can be used. The PR will be opened with the minor upgrade available.
After it is opened, the fix PR can be found in your Git repository, showing the FROM line changed in your Dockerfile, updated with the new and improved base image version.
We also provide the option to manually open a fix PR and upgrade to any of the base image recommendations we provide (rather than just the minor version). This option is available using a button next to each one of the base images in the recommendations table.
You can enable/disable the feature using the setting that can be found in the integration level.
You can learn more about our automatic Dockerfile fix PR capability in our blog post.
For more details about opening PRs in your Dockerfile, see our product documentation.
We're happy to announce that Harbor container registry is now supported as part of our container integrations offering.
Starting today, Pro and Enterprise customers can test, fix and monitor vulnerabilities in their container images stored in Harbor.
To get started, you can find Harbor in our integrations page. If you're using self-hosted Harbor, contact us for a brokered setup. Otherwise, you can start setting it up yourself and import images.
Once integrated, you can start adding images from Harbor and test them for vulnerabilities.
To learn more about Snyk integration with Harbor, see our documentation.
