Happy to share that Snyk licenses support has been extended to include non-SPDX licenses. By default, newly added licenses will inherit the “Unknown” license severity, which can be later updated at the settings area.
In order to be alerted, in cases where those licenses were used in any of your projects, verify that the severity level is not set to “None”.
To learn more about license compliance, visit our Knowledge Center.
Happy to announce that a new Snyk IDE plugin is now available, allowing Python developers to find and fix security vulnerabilities and license issues in their open source dependencies from within PyCharm! 🎉
The new plugin is based on Snyk CLI and supports the following:
To learn more about the new PyCharm plugin, visit our Knowledge Center.
One of Snyk’s most powerful features is the ability to open fix and upgrade pull requests, directly in the SCM, making it easy for developers to fix vulnerabilities in their repos and keep the dependencies up to date in one click.
From now on, all of our PRs in GitHub (both fix and upgrade) will be signed with a PGP key, providing developers the confidence that Snyk's fix and upgrade PRs are generated by a trusted source 🎉
To learn more about the GitHub integration and Signed Commits for Fix and Upgrade PRs, visit our Knowledge Center.
If you look closely we’ve given the project page a makeover; we’ve not taken anything away from the page, we’ve just moved things around to help improve the user experience. This is to help cater for project attributes, which are static and non-configurable fields on projects which allow you to add additional metadata (also known as “values”) to a project.
The values added to a project can be used to group, organise, and filter projects in Snyk so that you can work efficiently and effectively prioritise what needs to be worked on. You can apply values to projects through the UI and through the API.
To learn more about project attributes, visit our API docs and Knowledge Center.
We’re happy to share that we’ve improved our PR Tests logic!
When Snyk cannot find in the tested pull request a manifest file that is being monitored, it will now skip its test instead of failing it, so the PR check will show as successful.
This change allows to keep the repositories you monitor with Snyk secured, by testing new pull requests for vulnerabilities and license issues, while allowing developers to get more accurate PR tests results.
Happy to share that Snyk now allows you to configure a specific GitHub account on whose behalf the fix and upgrade PRs will be opened!
In order to use this feature, you'll need to follow the above steps:
To learn more about this feature, visit our docs.
Snyk now supports the newest release from Alpine - 3.12. Rescan to get started.
Customers who use Snyk to scan their Java Maven applications can now understand which vulnerabilities have a path from the source code to the vulnerable function and prioritize accordingly.
Reachable Vulnerabilities is Beta now and available for Java Maven projects scanned via the CLI.
Run snyk test --reachable in order to start using.
Read more about Reachable Vulnerabilities in our documentation and read how it fits with all of our new prioritization features.
For Snyk Container customers using our Kubernetes integration we're providing even more context to our new Priority Score. Where we find vulnerable packages running in poorly configured workloads we'll increase the priority, making it even easier to identify high-risk vulnerabilities.
Read more about the new Snyk prioritization features and find our how to use the Snyk Container prioritization functionality in the documentation.
We're excited to formally introduce Snyk Priority Score, a new 0-1000 score encompassing not only basic CVSS, but also a range of other contextual factors that allow the score to reflect the value of fixing a vulnerability in the context of your project.
This not only allows you to focus your effort for the fastest risk reduction, but also the best ROI on valuable time and effort!
Read more about the score in the documentation, or find out how this fits in with a suite of other new Snyk prioritization functionality.
