We are excited to share that starting from January 24th, 2023, when using the snyk container test/monitor CLI commands, we will scan for application dependencies by default, which will allow you to get a full picture of the security issues within your images.
Here are all the details you need to know about this change to ensure your testing and automation work as expected and you understand all your options.
For every Snyk CLI release, we publish signed binaries for Windows and macOS, and GPG signed SHA-256 checksums for all artifacts.
These important measures ensure the authenticity and integrity of the Snyk CLI prior to use.
Following a recent incident impacting our CI/CD vendor, we have rotated our GPG keys and are re-issuing our Windows and macOS signing certificates for Snyk CLI. Going forward, every Snyk CLI release will be signed with these new certificates, which replace the previous ones used.
No malicious activity or leak is believed to have occurred, we are taking these steps out of an abundance of caution and concern for our customers’ safety.
Our new GPG keys should be used for verifying checksums from CLI release 1.1082.0 onwards.
If you have previously imported our public GPG key, please delete and re-import, via:
gpg --delete-keys 68BFBCCEB7794E6FC06A2044A29C32E91F4B9569
gpg --keyserver hkps://keys.openpgp.org --recv-keys A22665FB96CAB0E0973604C83676C4B8289C296E
Otherwise, no action is necessary.
For more information, see getting started with the CLI.
We’re excited to share that Snyk Cloud and Snyk IaC (integrated) now support compliance reporting and issue triage for 10+ compliance standards - including CIS Benchmarks for AWS and Google Cloud, PCI DSS and SOC 2.
We’ve added a Cloud Compliance Issues report to the reporting beta that enables users to select a compliance standard, and view compliance controls and corresponding Issue counts. To fix these issues, the report links directly to the Cloud Issues UI, with appropriate filters set for faster investigation and remediation.
Note: All users with access to the reporting beta will see the Cloud Compliance Issues report, with an appropriate message if you do not have Snyk Cloud and/or integrated IaC enabled. Please reach out to your account team for questions about access.
We are pleased to announce that we have added unmanaged C/C++ scanning support in the Snyk Open Source product for the following IDEs - JetBrains, Visual Studio and Visual Studio Code. You can follow instructions on how to use it via the following documentation.
This is available to all users, free or paid!
We are excited to share that starting from January 24th, 2023, when using the snyk container test/monitor CLI commands, we will scan for application dependencies by default, which will allow you to get a full picture of the security issues within your images.
Here are all the details you need to know about this change to ensure your testing and automation work as expected and you understand all your options.
You can check for misconfigurations within your Visual Studio Code (VS Code) IDE powered by the Snyk IaC policy engine.
To install the extension search for ‘Snyk’ in the VSCode Marketplace. If you already have the Snyk VS Code extension, just update it from the Extensions tab of your IDE.
This feature is available to all users, free or paid!
View the documentation for more details.
We’re pleased to announce that Snyk is now also available in Asia-Pacific (Sydney), enabling Snyk customers to comply with local data residency requirements.
This new deployment option is currently available for new Snyk customers only. Migration from other regions and Snyk’s other deployment options will be supported in the future.
For more information on this announcement, please refer to our blog.
We are excited to announce the improvement of our Container Registry Agent (CRA). Previously CRA could only be configured to run an HTTP server. Now, The Container Registry Agent runs an HTTP server by default. Additionally, it is configurable to run an HTTPS server for local connections.
This new improvement allows the broker image and CRA to communicate in HTTPS. Please download the latest CRA image in Docker Hub and follow the configuration instruction in Snyk Public Docs.
We are excited to announce improvements with the way fingerprinting is done in Snyk Code!
A fingerprinting algorithm is a procedure that maps an arbitrarily large data item to a much shorter bit string, its fingerprint, that uniquely identifies the original data for all practical purposes.
With our reporting functionality recently in Open Beta, the new fingerprinting will make the experience of viewing and retrieving issues data even easier and smoother.
Note, due to this, in the Code Reporting, you may see large numbers of both new and resolved issues.
We advise you to retest your projects.
Once retesting:
Snyk Cloud is now in General Availability! 🎉 Snyk Cloud is the newest product to join the Snyk Platform, enabling developer-focused cloud security across the SDLC with the following features:
View our Snyk Cloud documentation for more information, and reach out to your account executive if you’re interested in trying it out!
Note: Snyk Cloud is currently available only for Business and Enterprise plans.