Product Updates

We’ve released a CLI hotfix (v1.1296.2) to enhance the following use cases and introduce new capabilities:

• Experimental Model Context Protocol (MCP) Integration: Enables integrating Snyk scans (Open Source & Code) into MCP-compatible tools using the new snyk mcp --experimental command. This allows the CLI to act as an MCP server for these integrations. Note: This feature is experimental and may evolve. You can read more about Snyk MCP here.

• Routine enhancements: Incorporates routine enhancements for security and reliability.

Release notes can be found here.

If you have any questions, feel free to reach out to the Snyk support team.

We encourage everyone to upgrade to the latest version!

We’re excited to announce that Reachability for C# is now available in Early Access! 🎉

With this release, you gain an essential signal for assessing risk & prioritizing vulnerabilities in NuGet dependencies across all of your .NET projects.

Reachability for Snyk Open Source works by analyzing your source code with Snyk's DeepCode AI Engine to determine whether a path to vulnerable code can be found, whether directly or transitively.

This insight helps you gauge the likelihood of exploitation and enables you to make more informed decisions about how to address vulnerabilities.

Whether used independently or as part of a comprehensive risk-based prioritization strategy with Risk Score, Reachability helps you focus on the vulnerabilities that matter most.

Visit Snyk Preview to enable this feature and start gaining deeper insights into your C# codebase today.

Snyk users without a configured Snyk Essentials Group-level integration will soon benefit from Automatic Repository Discovery, which provides visibility into the users' security coverage, out of the box. This feature helps users identify which repositories have been imported and are being tested in Snyk—and which have not. The discovered repositories will appear in the Snyk Essentials Inventory tab.

Automatic Repository Discovery will be available to users with GitHub Cloud App and GitHub Enterprise Organization-level integrations, including brokered setups.

We’ll begin rolling this out to all Enterprise plan customers starting May 5th, 2025. If you’d like early access, please reach out to your account team.

In 2025, Snyk Code will improve PR check performance for Java and C#, enabling faster scans.

As a preparation, this update restructures some rules, simplifying the result set while maintaining detection accuracy.

What’s New?

• Java CSRF/XSS Detection: Focuses on pom.xml and selected Java classes to better understand global application context.

• C# Config Lookup: Limits security configuration checks to key files like web.config and Startup.cs.

This update will roll out as part of our Java and C# language support on April 29, 2025.

Starting May 1, 2025, Snyk Code will support Java 21 across all integrations, enabling full project scanning and improved accuracy.

• Java 21: Support for new language features including record patterns and sealed classes.

• Analysis Engine: Enhanced program analysis to align with Java 21 syntax and semantics.

• Ruleset: Updated to cover security-relevant classes introduced in Java 21.

These updates will roll out as part of Snyk Code’s GA support for Java 21 and may result in changes to findings.

We’re thrilled to announce the integration of Snyk’s AI-powered security platform with Google Gemini Code Assist, a cutting-edge AI coding assistant.

This collaboration brings together Snyk’s trusted application security capabilities and Gemini’s advanced AI coding tools to revolutionize secure software development.

With this integration, developers can now:

• Seamlessly secure code within their IDE: Access Snyk’s powerful Snyk Code, Snyk Open Source, and Infrastructure as Code scanning directly through Gemini Code Assist.

• Leverage natural language prompts: Type @Snyk in Gemini to scan code, prioritize vulnerabilities, and even auto-remediate issues using Snyk’s DeepCode AI Fix—all without leaving your workflow.

• Streamline productivity without compromising security: No more switching between tools—security insights are now embedded directly into your coding environment.

Why It Matters

AI-generated code transforms development, but studies show that 40% of such code contains vulnerabilities. This integration ensures that security is embedded early in the development process, enabling teams to innovate confidently while mitigating risks.

This integration is part of our commitment to empowering developers and security teams with tools that make secure development effortless and efficient.

See more in our blog article.

Snyk Code Consistent Ignores is now available in Early Access via Snyk Preview.

Snyk Code Consistent Ignores helps your teams focus on the important risk by filtering out distractions, ensuring that once an ignore is created, it is consistently respected regardless of how and where the test is run.

Snyk Code ignores span across branches, integrations, and Snyk Projects within a repository. Notably, this means that ignores are respected and won’t fail tests throughout the SDLC, including in IDE plugins, the CLI, and native PR checks.

Documentation outlining the details of this new functionality is available here.

From April 23rd 2025, Snyk Open Source will support SCM integration scanning of pip and pipenv applications using Python 3.13, as follows:

• pip: Snyk will use Python 3.13 for SCM scans when specified in Organisation settings, or .snyk files.

• pipenv: Snyk will scan using Python 3.13 if specified in the projects Pipfile.

In both cases, the updated results will be available after the projects next retest.

⚠️ Note that for relevant projects, the numbers of dependencies and issues may increase.

FAQ

Q: How do I specify Python version for pip projects?

This can be defined in Organization settings, or on a per-repo basis using .snyk files. See documentation.

Q: How do I specify Python version for pipenv projects?

Snyk will use the Python version specified in the projects Pipfile

Before this release, a Pipfile specifying Python 3.13 (or any other unsupported version) would be scanned with a default version of 3.10 instead.

Q: How does Python version affect accuracy of Snyk scans?

Some Python packages depend on specific Python versions, and developers must build these apps in an environment with a compatible Python version for them to be installed correctly.

Similarly, to provide the most accurate results, Snyk must be configured to use the same Python version used by your application.

The Inventory Overview is a new tab offering both insights as well as prescriptive guidance related to operationalizing your AppSec program with Snyk.

Some of its highlights include:

• Which repositories are not being tested with Snyk

• Coverage gaps as defined by your asset policies

• Dormant repositories with high and critical vulnerabilities

• Languages with most issues, that can be prevented through education modules in Snyk Learn

• Class A repositories with the highest number of critical & high issues

And more.

Each widget links directly to the relevant filters so that it's easier to follow up and take an action.

We will begin rolling out the Inventory Overview to all customers on the Enterprise plan starting April 9, 2025. If you would like to get access earlier, please contact your account team.

From April 17th 2025, Snyk's improved Gradle scanner (available in Snyk Preview) will support allprojects and subprojects building blocks.

Existing users of the new scanner should see the improved results in the next re-scan of their projects. Or, to start using the new scanner, see the documentation.

How will my scan results change?

⚠️ For relevant projects, the numbers of dependencies and issues may increase.

For projects with these types of blocks, the new scanner may have previously reported unknown versions for some dependencies. It will now return the correct version.

In addition, it will include their transitive dependencies, resulting in fewer false negatives.

What are allprojects and subprojects?

Gradle provides special blocks called allprojects and subprojects which enable sharing code and configuration across projects.

Here is an example of an allprojects block in a Gradle build file.

// build.gradle
allprojects {
  apply plugin: 'java'
  repositories {
    mavenCentral()
  }
  dependencies {
    implementation 'org.apache.commons:commons-collections4:4.2'
  }
}