snyk.io updates app.snyk.io/projects

Improved

We have updated the navigation and structure of the Snyk user docs, to make it simpler, easier to understand, and to match the Snyk user experience.

For example, we moved the product docs (Snyk Code, Snyk Cloud, and so on) under task-based sections (Scan application code, Scan containers and Scan cloud deployment) to give greater alignment between Snyk products and the functions of these products.

We will continue to work on these areas, to ensure that our docs match the requirements and actions of our user base.

See Snyk user documentation for more details.

Improved

We’ve started to roll out a new design and feature enhancements for the project listing page! The design provides a cleaner and more consistent experience across the platform. The functionality improvements help you navigate and use the project listing page more efficiently.

Note: This is a gradual rollout that will first affect those users already using the new Snyk UI with a wider global rollout to follow soon.

So what can you expect?

• Improved filtering insight, app context, and project identification: the new design accommodates project collections while aligning with how users navigate their projects

• Clearly identifiable filters allow users to get to their projects quicker whilst retaining the context they’re working in

• Page header and breadcrumbs let users know where they are in the app

• Searchable and sortable projects list improves the scannable nature of the page

• Share and bookmark filtered versions of the page: After users have applied filters in the project listing page, they can bookmark the link and share it with other users within their organization

• Exclusion of folders when importing a project: folders can be excluded when importing a project through the UI (SCA and Container only)

• Enhanced deletion: Targets, including their projects, can be deleted now

• Easier re-import: Users can retry the import of a target should anything derail it

• Sort by test recency: Projects inside a target can be sorted by name and latest test to find what is needed faster

For more information, head to the project documentation

Improved

We are excited to share that starting from January 24th, 2023, when using the snyk container test/monitor CLI commands, we will scan for application dependencies by default, which will allow you to get a full picture of the security issues within your images.

Here are all the details you need to know about this change to ensure your testing and automation work as expected and you understand all your options.

New

For every Snyk CLI release, we publish signed binaries for Windows and macOS, and GPG signed SHA-256 checksums for all artifacts.

These important measures ensure the authenticity and integrity of the Snyk CLI prior to use.

Following a recent incident impacting our CI/CD vendor, we have rotated our GPG keys and are re-issuing our Windows and macOS signing certificates for Snyk CLI. Going forward, every Snyk CLI release will be signed with these new certificates, which replace the previous ones used.

No malicious activity or leak is believed to have occurred, we are taking these steps out of an abundance of caution and concern for our customers’ safety.

What do I need to do?

Our new GPG keys should be used for verifying checksums from CLI release 1.1082.0 onwards.

If you have previously imported our public GPG key, please delete and re-import, via:

gpg --delete-keys 68BFBCCEB7794E6FC06A2044A29C32E91F4B9569

gpg --keyserver hkps://keys.openpgp.org --recv-keys A22665FB96CAB0E0973604C83676C4B8289C296E

Otherwise, no action is necessary.

For more information, see getting started with the CLI.

New

We’re excited to share that Snyk Cloud and Snyk IaC (integrated) now support compliance reporting and issue triage for 10+ compliance standards - including CIS Benchmarks for AWS and Google Cloud, PCI DSS and SOC 2.

We’ve added a Cloud Compliance Issues report to the reporting beta that enables users to select a compliance standard, and view compliance controls and corresponding Issue counts. To fix these issues, the report links directly to the Cloud Issues UI, with appropriate filters set for faster investigation and remediation.

Note: All users with access to the reporting beta will see the Cloud Compliance Issues report, with an appropriate message if you do not have Snyk Cloud and/or integrated IaC enabled. Please reach out to your account team for questions about access.

New

We are pleased to announce that we have added unmanaged C/C++ scanning support in the Snyk Open Source product for the following IDEs - JetBrains, Visual Studio and Visual Studio Code. You can follow instructions on how to use it via the following documentation.

• Unmanaged scanning in JetBrains

• Unmanaged scanning in Visual Studio

• Unmanaged scanning in Visual Studio Code

This is available to all users, free or paid!

Improved

We are excited to share that starting from January 24th, 2023, when using the snyk container test/monitor CLI commands, we will scan for application dependencies by default, which will allow you to get a full picture of the security issues within your images.

Here are all the details you need to know about this change to ensure your testing and automation work as expected and you understand all your options.

New

You can check for misconfigurations within your Visual Studio Code (VS Code) IDE powered by the Snyk IaC policy engine.

To install the extension search for ‘Snyk’ in the VSCode Marketplace. If you already have the Snyk VS Code extension, just update it from the Extensions tab of your IDE.

This feature is available to all users, free or paid!

View the documentation for more details.

New

We’re pleased to announce that Snyk is now also available in Asia-Pacific (Sydney), enabling Snyk customers to comply with local data residency requirements.

This new deployment option is currently available for new Snyk customers only. Migration from other regions and Snyk’s other deployment options will be supported in the future.

For more information on this announcement, please refer to our blog.

Improved

We are excited to announce the improvement of our Container Registry Agent (CRA). Previously CRA could only be configured to run an HTTP server. Now, The Container Registry Agent runs an HTTP server by default. Additionally, it is configurable to run an HTTPS server for local connections.

This new improvement allows the broker image and CRA to communicate in HTTPS. Please download the latest CRA image in Docker Hub and follow the configuration instruction in Snyk Public Docs.