Product Updates

New enhancements are now available in the Developer IDE and CLI usage Report.

This update includes the following enhancements:

• Developer email address in the "Adoption by individual users" table - helps to better distinguish and reach out to any specific developers.

• PDF export - allowing to share usage status reports and improve internal communication over the IDE adoption.

The Developer IDE and CLI usage report is available under the Org and Group Reports menu. Learn more about it in our product documentation.

For any question, please contact your account team.

We are happy to share some important enhancements that are now available in the Vulnerabilities Detail Report.

The Vulnerabilities Detail Report is used to identify the most prevalent vulnerabilities and review their spread across your projects and targets. It is also useful for planning CVE eradication programs.

This update includes the following enhancements:

• Target indication: see the vulnerability spread across targets. We added indication on the affected targets count in the main table and when drilling-down, you would also see the affected target name, next to the affected project.

• Column picker: allowing you to view and prioritize vulnerabilities by various factors, such as NVD score, CVSS score, EPSS score and more.

The Vulnerabilities Detail Report is available under the Org and Group Reports menu. Learn more about it in our product documentation.

For any question, please contact your account team.

Starting on November 20, 2024, we will be rolling out scalability and data accuracy improvements to Issues. In some cases (<1% of recurring tests in our internal benchmarking), these improvements may impact the values for the following fields in our REST API for Issues, Issues UI, and Issues Reporting.

For SCA (Snyk Open Source, Snyk Container) products:

• reachability

• exploit maturity

• is pinnable

• is patchable

• is upgradeable

• package name

• package version

For all products:

• is currently present

• is ignored

• disappear reason

• original severity

If you are using fields such as "reachability" and "exploit maturity" to prioritize which issues to remediate, you may notice changes in values during the rollout and will need to plan accordingly.

Please reach out to your account team or support for any questions.

We are happy to share that the new edition of the Asset Dashboard will soon be available for Snyk Enterprise Customers!

The new edition of the Asset Dashboard featuring several new enhancements:

• Global filters bar: easily slice and dice the entire dashboard by various asset attributes.

• Revised Coverage Overview widget: one holistic view for all your security products' coverage.

• New data widgets: explore the new Asset Class Breakdown, Package manager breakdown, and Application context availability widgets.

• PDF export: export the full dashboard in a PDF format.

The new edition will be available starting November 18th, under Reports in the Group menu.

For any question, please contact your account team.

We have enhanced Snyk Container's public base image recommendation logic to provide more precise minor, major, and alternative upgrade options, based on the origin repo, flavor, and version of the detected base image. You should start seeing the new upgrade logic as early as November 8, 2024 (with a gradual rollout). If you have questions, please reach out via your account team or support.

Looking for content to train your developers on using Snyk in the IDE? Already a Snyk IDE Pro and want to know how the new features can assist you?

The Snyk Learn team is proud to announce the release of brand new Using Snyk in an IDE courseware. This will assist users in setting up the plugin, authenticating it, and initial configuration.

An important new section demonstrates how the new filter “Net new issues vs all Issues”, coupled with product and severity filters, can be utilized for different workflows such as triage, investigating an issue, or focusing on investigating and fixing only the issues that you are responsible for.

We’re also proud to highlight the new capabilities with DeepCode AI Fix!

We're thrilled to announce an upcoming update to Snyk Code, to be released on Wed, November 13th where we will be adding support for the popular Gin framework for Go! 🚀

This update will allow teams to identify and address potential security vulnerabilities in Gin-based applications and will apply to all rules supported today.

For more details, please reach out to your account team with any questions.

In order to safeguard the security of our services and our customers, Snyk has begun the deprecation of its integration with AWS CodePipeline.

Action Required: To minimize disruption, we recommend that you transition to using AWS CodeBuild and the Snyk CLI as an alternative which will support the same use case and functionality.

Migration Timeline: Effective Oct 30th, 2024, you will no longer be able to add or modify the Snyk plug-in for new or existing pipelines. Existing pipelines will continue to work as-is for 6 months, though we recommend migrating to the new process as soon as possible. To avoid disrupting your CI/CD workflows, you must transition to the Snyk CLI before April 30, 2025. Please refer to the steps in this migration guide to use Snyk CLI with AWS CodeBuild.

We are confident that AWS CodeBuild and the Snyk CLI will meet your requirements.

We're excited to announce an improvement to Snyk Code's reporting of Open Redirect vulnerabilities, to be released on Wed, November 6th.

Previously, Open Redirect issues in C# and VB.NET were categorized as high severity, while other languages reported them as Medium severity. Additionally, the descriptions for these vulnerabilities may have varied across languages.

To enhance consistency and provide a better user experience, we've made the following changes:

• Consistent Severity: Open Redirect vulnerabilities will now be reported as medium severity across all languages, including C#, VB.NET

• Standardized Descriptions: The descriptions for Open Redirect issues will be standardized to ensure clarity and consistency

If you have any questions, please reach out to your account teams.

We are excited to announce that DeepCode AI Fix in the IDE is now GA. As of October 29th, DeepCode AI Fix is available to be turned on at Group/Organization level from:

• Settings -> DeepCode AI Fix

The GA release reflects the maturity of DeepCode AI Fix and Snyk's confidence in the fixes it generates and the customer experience. This release has the following improvements based on customer feedback collected throughout the Early Access phase:

• Increased coverage of languages from 1 to 8 - with JavaScript, TypeScript, Java and Python being GA and the rest in limited support

• New improved IDE experience for VS Code and JetBrains IDEs

• Upgraded our internal LLM to improve fix quality and continue to improve quality through labelling and new training methods

• Improved our infrastructure to provide faster fixes at scale

You can learn more about DeepCode AI Fix in user documentation and blog post.