updates updates

Fix advice for Poetry





We are happy to announce that Snyk now provides actionable fix advice for Poetry projects 🎉

This provides you with the simplest options to fix the greatest number of issues in your project. This is available in the CLI and UI.

Screen Shot 2021-06-24 at 13.13.58.png

See the Poetry documentation for more details.

Improved site header





As part of our continuous improvements, we've rebuilt our site header to be easier to use across all devices, as well as being faster to navigate between key pages such as the dashboard and projects page.


Please note that organization and group settings have moved, from the main navigation Settings menu, to a cog icon cog icon.png on the right side of the site header.

Scan CloudFormation files for configuration issues





We're pleased to announce the launch of CloudFormation support within the Snyk IaC product.

You can now scan your AWS CloudFormation configuration templates against our comprehensive set of security rules and get actionable advice on how to resolve any configuration issues.

You can get started today by either importing a git repository containing your CloudFormation files or by using the Snyk IaC CLI.

See our product documentation for more details.

Visual Studio plugin for Snyk Open Source





We’re pleased to announce our new Snyk Open Source plugin for Visual Studio! Supporting Visual Studio 2015, 2017, and 2019, the new plugin enables developers to easily find and fix both known vulnerabilities and license issues in their open source dependencies, helping them address security early on and ship secure code faster.


For further details, please have a look at the product documentation or go straight to the marketplace and install it.

In case of any issues, feel free to reach out to:

Snyk integrates with AWS CodePipeline





We are excited to announce the release of Snyk for AWS CodePipeline! This integration provides seamless scanning and results of any found vulnerabilities inside the AWS Console.

You can now scan source artifacts from AWS CodeCommit or any other supported SCM by adding Snyk as a stage in your pipeline with a few simple clicks.

This new integration is available to all customers in our free plan and comes with 200 scans per month. If you need more scans, you can also upgrade to our paid plans via the AWS Marketplace.

With a built-in configuration page, you can customize the integration to fail builds when vulnerabilities are found. Reducing risk and improving your security posture.

CodePipeline Release Announcement.png

See our product documentation for more information.

Critical Severity Level





Starting on June 28, and in accordance with CVSS v3 ratings, we will assign the Critical Severity Level to any security vulnerability identified by Snyk Open Source and Snyk Container with a CVSS score higher than 9.0.

What does this mean for you? First, this change will likely reduce the number of High Severity issues across your projects as some of these issues will now be assigned a Critical Severity level. Second, this change affects automated CLI/API-based pipelines.

To ensure minimum disruption to your existing workflows, we recommend enabling the feature in advance of the stated date above. This can be done using Snyk Preview - a feature that enables you to preview new features before they are fully available within the Snyk Platform.

Please read the migration guide to fully understand the change and how it affects the way you are working in Snyk.

See our blog post for more details.


Snyk IaC CLI - Terraform Plan Scanning





We're excited to announce the release of the new Snyk Infrastructure as Code CLI which provides powerful new Terraform scanning capabilities.

You can scan your Terraform Plan configuration enabling you to get comprehensive security feedback of all infrastructure changes, including any modules and variables that you are using.

We've made performance and security improvements, with all scanning happening locally within the CLI and 20x faster than before. This applies to all configuration formats, including Terraform & Kubernetes.

Upgrade to version 1.594.0 or newer of the CLI now to try out this functionality.

Snyk IaC is available for free with a monthly scan limit of 300 tests.

See our launch blog post for more details.

Snyk Code available on Free Plans





We are very happy to announce Snyk Code is now available for all customers as part of our free plan 🎉.

The AI-driven static application security testing (SAST) solution Snyk Code provides real-time accurate suggestions for your code - in JavaScript, TypeScript, Java, or Python.

Every user has 100 free scans per month. You just need to enable Snyk Code in the org settings and re-import the projects you want scanned.

The results are in the web UI or you can use the IDE plugin for IntelliJ or WebStorm/IDE extension in Visual Studio Code.

It is easy to try, just activate and import an open-source repo of your choice.

Screen Shot 2021-05-13 at 17.25.40.png

See our Snyk Code documentation for more details.

GitHub Code Scanning Support for Snyk Open Source





We are happy to announce that Snyk's GitHub Actions now support showing open source vulnerabilities within the GitHub security tab, leveraging the GitHub's new Code Scanning interface! This addition will allow you to automatically scan your open source dependencies for security vulnerabilities and license issues, and view results directly from within GitHub’s Security tab!

For more details and usage instruction, see this section in the Snyk Actions repository.


Snyk supports Ubuntu 21.04





We are happy to update that Snyk now supports the newest release from Ubuntu - 21.04

For more details, see the product documentation