Product Updates

We are announcing the Early Access release of PR Issue Summary Comment and SAST High-Context Inline Comments as part of our ongoing efforts to enhance the pull request experience. These features bring critical security insights directly into your PRs, reducing context switching and streamlining vulnerability remediation.

• PR Issue Summary Comment - With this feature, developers using Snyk PR Checks will receive a comment with a summary count of security, license, and code checks directly within their pull requests, categorized by severity (Critical, High, Medium, Low). This empowers developers to identify and address issues early, with detailed links provided for deeper investigation.

• High-Context Inline Comments display each SAST security finding alongside key information such as CWE (Common Weakness Enumeration) and priority score and a Snyk Learn link for further guidance—helping developers remediate issues faster without leaving their SCM. 🚀

This is part of a series of enhancements designed to improve your developers’ pull request experience with Snyk, and we remain committed to further improving it. If you’re interested in enabling this feature for your organization, you can self-opt in via the Pull Request Experience section in the SCM integration settings. Check out the user docs for more details. Try it out and connect with your account team to participate in feedback sessions to shape the future of your Snyk’s workflows.

To improve consistency within the Snyk app, we've moved the Broker client commit signing toggle from Snyk Preview to the Broker Settings page. The client commit signing to gives you the ability to enable access to commit signing using Broker clients.

This change centralizes related settings, making it easier for you to manage your commit signing preferences and ensuring a more predictable and unified experience.

We've released a hotfix for our Visual Studio extension (v2.1.1) to enhance clarity in multi-project setups.

Specifically, we've addressed the following:

• Enhanced Project Identification: The OSS file tree nodes now include the relative path to the project.assets.json file in addition to the project folder path. This change aims to provide a more intuitive and informative experience when working with multi-project workspaces.

If you have any questions, feel free to reach out to the Snyk support team.

We encourage everyone to upgrade to the latest version!

We've released version 2.12.1 of our IntelliJ plugin in order to address some API incompatibilities in order to ensure seamless support for the upcoming JetBrains 2025.1 release.

No changes are introduced from v2.12.0, previously announced here yesterday.

We recommend upgrading to v2.12.1 through the IntelliJ plugin marketplace for optimal compatibility!

If you have any questions, feel free to reach out to the Snyk support team!

We are pleased to announce the latest stable releases for:

• Visual Studio Code v2.21.0

• Jetbrains v2.12.0

• Eclipse v3.1.0

• Visual Studio v2.1.0

We're excited to announce significant updates designed to streamline your development workflow:

• We're pleased to announce the release of AI Fix in all IDEs, coming with more stability and enhanced fixes. Read more about AI Fix here.

• Stay focused on prevent with the General Availability of Delta Findings! We've simplified issue management with a new summary view and refined the user experience for seamless navigation. Learn more about the enhanced Delta Findings.

In addition to significant features, these releases contain multiple fixes that can be consulted in the changelog for each of our plugins.

For more details about the Snyk IDE plugins, please reference our documentation:

• Visual Studio Code

• Jetbrains

• Eclipse

• Visual Studio

  If you have any questions, feel free to reach out to the Snyk support team.

We'll soon update our learning page with new videos to give you a sense on how to use our IDEs!

We encourage everyone to upgrade to the newest versions!

Starting March 14th, our updated Snyk IDE plugins will feature the General Availability of Delta Findings, revolutionizing how you tackle code issues. Now, you'll see only the new issues introduced in your current branch, eliminating noise and allowing you to concentrate on your recent changes.

This targeted approach empowers you to prevent issues early, streamline your CI/CD pipeline, and accelerate delivery.

We've also enhanced the experience with a new Summary section for seamless navigation between "All" and "New" issues views. Plus, we've added reference folder comparison, enabling you to compare your work with other branches or folders—perfect for non-Git projects.

Supported Products: Snyk Code, Open Source, and IaC.

For more details about the Snyk IDE plugins, please reference our documentation:

• Visual Studio Code

• Jetbrains

• Eclipse

• Visual Studio

If you have any questions, feel free to reach out to the Snyk support team.

We're excited to share that new improvements to the DeepCode AI Fix experience are now available across all Snyk-supported IDE plugins! Since launching the general availability of DeepCode AI Fix in the IDE last November, we’ve been continuously enhancing the experience to help developers fix Code issues more seamlessly.

What’s New?

• Expanded IDE support: DeepCode AI Fix is now available on Eclipse and Visual Studio, in addition to existing IDEs.

• Prevent repetitive fixes: Once a fix is applied, it can no longer be applied repeatedly, preventing redundant changes.

• Improved messaging: Clearer notifications when AI Fix cannot generate a quality fix.

• Quick feedback option: Developers can now provide thumbs up/down feedback immediately after applying a fix, helping us further enhance the experience.

How to Access

If you have Snyk Code and DeepCode AI Fix enabled, simply upgrade to the latest IDE version to start using the new enhancements.

Starting April 3, 2025, Snyk Code will enhance gRPC support across multiple languages, improving vulnerability detection in Python, Java, PHP, Ruby, Go, C++, JavaScript, Kotlin, and C#.

With this update, gRPC data sources are now included in taint flow analysis, helping teams uncover more security issues in gRPC-based applications.

These improvements will roll out as part of Snyk Code's GA support for these languages and may lead to changes in findings.

We are pleased to announce the latest stable Snyk CLI release v1.1296.0

Important reminder: Snyk's primary distribution channel for CLI is downloads.snyk.io rather than static.snyk.io. Please ensure you whitelist this domain to ensure seamless updates with npm, Homebrew, Scoop, and CI/CD integrations.

We are introducing the following new features in this version. To learn more about bug fixes beyond what is highlighted below, please reference the release notes.

Error handling enhancements

We've made significant improvements to our error handling for Snyk scans. You'll now see consistent error code formatting for exit codes 2 and 3 across all scan commands. To simplify troubleshooting, we've also enhanced our debug logs, making them easier to interpret. In the event of an error, a unique Interaction ID will be displayed in the main CLI output, facilitating faster issue tracking and more efficient communication with our support team.

Container enhancements

We're empowering you with more control over container scanning. The Snyk CLI now supports scans for Kaniko generated images, and you can optimize scan times by excluding node_modules directories within Node.js containers.

Open Source enhancements

We've made significant improvements to open source analysis. snyk test --scan-all-unmanaged now identifies all possible package identities based on SHA1 hashes for JAR, WAR, and AAR files, providing more comprehensive coverage.

Release notes can be found here.

If you have any questions, feel free to reach out to the Snyk support team.

We encourage everyone to upgrade to the latest version!

Starting March 25, 2025, Snyk Code will enhance JavaScript, TypeScript, Java & Ruby analysis, improving detection accuracy.

• JavaScript/TypeScript: Better handling of method calls within lambdas.

• Java: Correct modeling of implicit toString() calls in string concatenation.

• Ruby: Improve analysis accuracy for object oriented Ruby code, including ERB template use cases as found in Ruby on Rails apps.

These improvements will roll out as part of Snyk Code’s GA support for these languages and may lead to changes in findings.