Skipping failing PR checks

We’re pleased to announce we’ve enhanced Snyk’s security and license testing for pull requests to better support secure development workflows!

To further ensure development pipelines are not broken needlessly and to give developers full visibility into the results of Snyk’s security testing, developers can now see the full details on why their pull request failed and subsequently request the administrator to skip the test and “force pass” the pull request.

image2.png

More details in this blog post.

Red Hat OpenShift 4 support for the Snyk Container Kubernetes integration

You can now install the Snyk Container Kubernetes integration via the OperatorHub built-in marketplace, and then import and scan workloads for vulnerabilities.

Import OpenShift workloads into Snyk and start tracking your workloads for vulnerabilities. See our documentation for more information.

Group Viewer service accounts now available

You can now create a view-only group-level service account, enabling read access to all organizations within the group - including their projects. To get started, check out our documentation!

Snyk partners with Greenkeeper: keep your dependencies healthy

We're super happy to announce our partnership with Greenkeeper, from Neighborhoodie!

With this partnership we've been able to improve our automatic upgrade dependency pull request functionality, and to build a seamless migration journey to join Snyk!

Get started maintaining the health of your dependencies with our quick video:

For more information about our cool automatic upgrade dependency pull request feature, check out:

  • Our blog post
  • Our documentation
  • Greenkeeper's blog
  • Our press release

  • Combined status checks for pull request tests

    We've just released a new enhancement to our PR tests feature! In the next few days, instead of receiving a status check per project (manifest) file, you'll receive only two combined status checks for the project in the repository: one for security and one for licenses.

    When you click on the Details link, you’ll reach a page in Snyk showing a list of tests with a per-project status drill down. This feature is great for mono-repos, allowing you to see a reduced number of status checks coming from Snyk.

    Combined checks.png

    Have GitHub repos where Snyk checks are marked as Required?

    If Snyk checks are marked as Required in your GitHub repository settings, you'll need to swap the Required checks settings to the new combined checks (to look for the generic "security/snyk" check, instead of "security/snyk - <MANIFEST_FILE>").

    In order to avoid blocking your work, we added detailed migration instructions that allow you to start the migration whenever you're ready. You can find the instructions in the Organization Settings page --> Integrations --> GitHub.

    Upgrade Wizard.png

    New Python fix pull requests

    Snyk is excited to release automated fix pull requests providing you with additional support with the security of your Python dependencies. See our blog and our docs for more details about Python support. python_fix.png

    EKS and ECR support for container scanning

    Snyk Container detects workloads as they are created in EKS and connects to ECR to scan the container image for vulnerabilities and provide fix recommendations. We also alert you to potential workload configuration security issues. Read more about this support in our docs. eks.gif

    Actionable remediation advice

    Snyk is dedicated to helping you secure your apps and fix vulnerabilities. In that spirit, we've further improved test results from our CLI and our app. Once Snyk tests your manifest files, we then provide summary and detailed remediation advice for vulnerabilities that have fixes available, enabling you to resolve those vulnerabilities in your code with the help of a clear overview, suggestions and explanations.

    Summary advice now appears at the top of the Project results page, like this: actionable1.png And from your CLI, all remediation advice is grouped together for easy remediation - just like this: actionable3.png See our docs for more information about this cool improvement.

    Improved reports experience

    We've made some improvements to how our reporting looks and feels, making it easier to use!

    You can now set certain filters that remain in place as you navigate through the various tabs within reporting.

    Read more about reports in our docs.

    Artifactory container registry support available for Pro and Enterprise customers

    Pro and Enterprise customers can now import container images from your Artifactory container registry and scan those images for vulnerabilities in Snyk.

    Screen-Shot-2020-02-07-at-10.30.18-AM-1240x560.png

    Learn more in the blog post and find out how to get started in the documentation.