Product Updates

In the past few months, Probely’s interface has been changing with the goal of providing users a more unified and improved experience. We have been working hard to bring new elements to life, and now we have a new side menu, severity badges, buttons, tables, tabs, filters and search fields similar to Snyk’s own, among others.

With the latest release, we’re bringing the new details panels into view for all the main sections of the app (Discovery, Targets, Findings, and Scans).

• You can click on the item’s name to open the full view of its details, where all the information is visible and all actions related to that element can be performed, or you can click on a row from the list to open a small panel with some details without losing focus from the list itself.

• In either view, you can use the navigation arrows on the bottom of the screen to scroll through the list in an effortless way.

Additionally, we’re also updating the way bulk actions are displayed in the app, to be more in line with the ones from Snyk.

We will continue to update the app in an ongoing effort to reduce friction and improve the experience for our users, and we encourage everyone to explore Probely and interact with the new interface.

For any suggestions, questions or concerns please reach out to the Snyk support team.

The accuracy of the Computed Fixability column in Snyk Analytics is planned to be improved. This column Indicates whether an issue can be fixed based on the vulnerability remediation paths, that are based on the dependency tree, and thus only applicable for SCA vulnerabilities.

As of now, any issue that is not an SCA vulnerability, like Snyk Code and Snyk IaC issues, is assigned with the value of "No fix supported", which cause confusion among users.

Starting April 16th, a new value, "Not Applicable", will be introduced for all issues that are not related to SCA vulnerabilities.

This change will impact the Computed Fixability value of the following issues:

• Snyk Open Source (only License issues)

• Snyk Code

• Snyk IaC

In the following components:

• Snyk Reports

• Snowflake data share

• Export API

If your internal processes rely on this data, please update your logic accordingly and be ready to apply relevant changes by April 16th.

For any questions or concerns please contact your account team.

Dear Customers,

In our December announcement regarding the upcoming 12-month Support Policy (effective June 24, 2025), we outlined changes impacting our IDE, Language Server, and CLI versions. We'd like to provide an important clarification regarding the scope of this policy.

We are confirming that the 12-month Support Policy will also apply to Snyk's CI/CD plugins, which are highly dependant on the Snyk CLI.

This means that, starting June 24, 2025, each version of our CI/CD plugins will be supported for 12 months from its release date, in line with the policy for IDE plugins, CLI, and Language Server.

Why this clarification is important:

• Consistency: This ensures a unified support experience across the Snyk developer tools.

• Planning: It allows you to plan your upgrades for CI/CD integrations with the same confidence and clarity as other Snyk tools.

• Security & Stability: Staying within the support window ensures you have access to the latest security updates and stability improvements.

We encourage you to schedule regular updates to stay within our support window for all Snyk tools, including CI/CD plugins.

For more guidance, please refer to our Documentation for CI/CD plugins, IDE, Language Server, and CLI, respectively. If you need assistance, please contact our support team.

We apologize for any oversight in our initial announcement and appreciate your understanding. We are committed to providing clear and comprehensive information to help you manage your development workflows effectively.

Update: The rollout has officially started on April 22 and will proceed gradually through to May 1.

We are excited to announce that Issue Summary comment and High Context Inline comments are coming to General Availability soon! As part of this exciting milestone, we're taking the next step by enabling these capabilities by default for all customers who use PR checks on April 22nd, 2025. With this update, all GitHub and Bitbucket (except Bitbucket Server) repositories with PR checks enabled will automatically include both the Issue Summary comment and SAST High Context Inline comments, revolutionizing how your developers identify and address vulnerabilities without ever leaving the SCM.

The repositories onboarded via the following SCM integrations are in scope of this change:

• GitHub: GitHub OAuth*, GitHub Enterprise (PAT), and GitHub Cloud App

• Bitbucket: Bitbucket Cloud (PAT), Bitbucket Cloud App

Key highlights ​​of this release

On April 22nd, 2025, all repositories with PR checks enabled will automatically activate the following capabilities:

• Issue Summary comment for both PR check success and failure cases, covering Snyk Code and Open Source security & license checks.

• High Context Inline comments for Snyk Code findings.

Repositories that have either (1) manually disabled either of the comments after initial enablement or (2) disabled summary comments for success scenarios during Early Access will remain unchanged, ensuring prior preferences are respected.

Opt-Out Requests

• Opt-out requests can be submitted via our dedicated form or through your Snyk POC (include Group/Org IDs)

• Opt-out submissions received before April 21st, 2025 will not be default enabled

To customize your preferences at any time after default enablement, you can simply visit your integration settings in the Snyk WebUI where you can toggle comments off.

This milestone represents our ongoing commitment to transforming the developer experience with Snyk, making security an integrated, intuitive part of your development workflow 🚀

*Note: For GitHub OAuth integrations, a PAT token with the right permissions will need to be added to start receiving PR comments.

Currently, Snyk’s BitBucket Server integration reports on commit statuses (Snyk PR Checks) per project (i.e., per manifest file in the repo). This reporting approach consumes excessive SCM resources in large or complex repositories. To remedy this, the Snyk BitBucket Server integration will report per-product commit statuses beginning April 22, 2025.

By moving to per-product statuses, BitBucket Server integration users will benefit from:

• A more consistent UX with the rest of Snyk’s SCM integrations, which report their statuses on a per-product basis (Snyk Code, Snyk Open Source)

• Performance improvements through fewer calls made to their SCM by Snyk

• Access to existing features like Mark as Successful or new features such as PR Comments, which were not supported by per-project statuses.

We’ve released a CLI hotfix (v1.1296.1) to enhance the following use cases:

• Poetry 2 Open Source is now supported in the Snyk CLI, with the same features as for Poetry 1, as mentioned here. Upgrade to the new CLI version and run snyk test or snyk monitor as usual.

• Increase authentication resilience for OAuth connections.

• Fix duplicate Open Source Issues appearing only in a single IDE tree node, despite occurring in multiple files.

• Avoid that the trust dialog blocks the language server.

Release notes can be found here.

If you have any questions, feel free to reach out to the Snyk support team.

We encourage everyone to upgrade to the latest version!

Snyk Open Source Fix PRs are a key feature for helping Developers stay on top of vulnerabilities in their dependencies.

However, Fix PRs in projects using the Early Access improved .NET scanning feature could sometimes upgrade the wrong dependencies.

This bug fix will ensure that the correct dependencies are upgraded.

When is this coming?

• This fix will be gradually rolled out.

• Rollout begins on April 15th, and should finish by May 2nd.

• During the rollout customers using Early Access .NET scanning should expect to see fewer incorrect .NET Fix PRs being raised, with the problem eliminated entirely by the end date.

We are excited to announce upcoming improvements to Snyk Open Source Fix PRs to help you manage the overall risk posture of your applications.

Fix PRs are a key tool for helping Developers stay on top of new vulnerabilities in their dependencies. However, by upgrading a dependency our PRs might sometimes introduce new vulnerabilities that increase the overall risk posture of the project.

Snyk will now only raise a PR for a vulnerability if the change does not introduce additional vulnerabilities with higher severity than the one being fixed.

Users should expect to see on average a 10% reduction in Fix PRs as a result.

When is this coming?

Gradual rollout of these changes will begin on April 3rd, and finish by April 10th.

During the rollout, an increasing percentage of Fix PRs for all users will have the new risk aware checks applied.

No action is required to benefit from these improvements.

AppSec teams export Snyk datasets for various purposes, including:

• Build their own analytics and dashboards.

• Following company policies that requires specific customization

• Sharing data with external audience, such as the leadership team or security auditors.

The Export API enables cyclic data export of Snyk datasets into CSV files. Designed for efficiency and security, the API supports exporting large datasets in an organized, scalable manner, making it ideal for reporting and analytics workflows.

To learn more about the Export API, and how to get started right away, visit the API documentation.

For any question, please contact your account team.

We are thrilled to announce two new Snyk Reports in Early Access, that are available for the enterprise plan customers!

Repositories Tested in CI/CD Report:

AppSec teams need visibility on the Snyk tests that are executed during CI/CD pipelines and answer questions like:

• What portion of repos are being tested (against repos that had commits)?

• Are we adopting the practice of testing code in CI/CD pipelines as a company? and where are the gaps?

• What is the test success rate is it going up over time?

The new Repositories Tested in CI/CD Report answer all of those questions and more.

To learn more please visit the report documentation.

PCI-DSS v4.0.1 Report:

AppSec teams are tasked with ensuring a successful PCI-DSS audit, to prepare for the audit they need to:

• Estimate compliance readiness and share status with relevant stakeholders.

• Identify and mitigate compliance violations and gaps as early as possible.

• Provide evidence that the organization is meeting the PCI-DSS requirements.

The new PCI-DSS v4.0.1 Report is aimed to assist AppSec teams to tackle this challenge!

To learn more please visit the report documentation. For any question, please contact your account team.