Product Updates

We've made some great new improvements to our existing GA REST audit log API to help you filter and find the logs you need more efficiently:

1. Filter over time - Previously, users faced challenges filtering audit logs due to the smallest unit being within a day. This difficulty escalates for users who may need to sift through millions of logs to find specific events. Now, by expanding filtering options to larger time periods and reducing the minimum granularity to 1-second ranges, customers can broaden their search while pinpointing crucial audit events like security breaches or for external audits.

2. Exclude events - some users can have millions of audit logs being produced every day so they need the ability to exclude certain events to reduce the noise of what they have to sieve through. We already have exclude events in the API today but you can only provide 1 include or exclude event, so we’ve improved this by providing multiple include and exclude events.

For more information, check out the API documentation, and we hope you update your version and enjoy these new improvements soon!

In addition, we are making api.access endpoint to be opt-in for users rather than automatically returning results due to feedback that api.access causes noise problems. We’re actively working towards a proper audit event for actions.

We are pleased to introduce Semantic Versioning and Release Channels to Snyk CLI from v.1.1291.0 onwards. These changes will allow all Snyk customers to select a sustainable release cadence that works for them, and help optimize governance and compliance overhead for enterprise customers.

Snyk CLI v.1.1291.0 follows three part MAJOR.MINOR.PATCH notation going forward, details for which are available in product documentation.

We are introducing the following release channels:

preview “pre-release” builds are deployed regularly up to multiple times a day and contain the latest changes.

• Version Pattern: v{MAJOR}.{MINOR}.{PATCH}-preview

• Cadence: Varying

• Availability:

  • https://static.snyk.io/cli/preview/

  • https://static.snyk.io/fips/cli/preview/

rc “release candidate” pre-releases are deployed at distinct points in time and contain a version of the CLI that is expected to be promoted to stable after additional testing

• Version Pattern: v{MAJOR}.{MINOR}.{PATCH}-rc

• Cadence: every 8 weeks, 2 weeks before a stable release (hotfix releases possible)

• Availability:

  • https://static.snyk.io/cli/rc/

  • https://static.snyk.io/fips/cli/rc/

stable stable builds are deployed at distinct points in time after being additionally tested and considered stable.

• Version Pattern: v{MAJOR}.{MINOR}.{PATCH}

• Cadence: every 8 weeks, end of an even month (hotfix releases possible)

• Availability:

  • https://github.com/snyk/cli/releases/

  • https://static.snyk.io/cli/stable/

  • https://static.snyk.io/fips/cli/stable/

  • npm

  • brew

  • scoop

  • Snyk-images

Existing Snyk CLI, and supported IDEs users are opted into the stable channel by default. You can find more information on how to opt into a release channel of your choice in our product documentation.

We are pleased to announce that Snyk Code now includes support for the FastAPI framework. This update enhances our ability to identify and analyze FastAPI-specific sources and sinks, improving the detection of security vulnerabilities in applications using this framework.

This new feature is integrated into Snyk Code’s existing scanning processes and is available for use immediately for all Python rules. We recommend conducting a fresh scan to benefit from the updated functionality.

As always, our goal is to assist you in enhancing your application's security by providing precise, framework-specific vulnerability detection. For detailed information or support, please reach out to your account team.

Thank you for using Snyk Code to secure your software development.

We are very happy to introduce an improved DeepCode AI Fix experience for Visual Studio Code. Developers will have a more streamlined experience by:

• Having visibility of how many issues are autofixable

• Being able to generate fixes from the issue details panel

• Having a preview of the possible fixes before they are applied

• Guidance to the code that has changed

These improvements come on top of our general fix quality improvements we have been working on, which you can read about on our new blog post!

For details on how to get started with DeepCode AI Fix and start fixing Snyk Code issues, please visit our documentation

We're excited to introduce the option of creating custom roles at the Group level alongside the existing custom ones at the Organization level.

Enterprise users can now extend the pre-defined Group roles by introducing new roles with customized sets of permissions. This allows admins to fine-tune access to parts of the Snyk product and better map team members' responsibilities to their permissions inside the Snyk app.

The new custom Group roles can be manually assigned on the Members page or automatically assigned using an updated version of Custom Mapping. Reach out to your account team to implement this option.

For more details on creating Group-level custom roles, see the documentation available here.

We are very pleased to announce that you can now use the Snyk CLI to scan CycloneDX and SPDX SBOM files!

Snyk has enabled SBOM testing via the API for a while. Adding this to the CLI makes it significantly easier to test SBOMs produced using other tools, or SBOMs received from 3rd-party vendors.

To get started install Snyk CLI v1.1290 or above, and run the following command (using your actual SBOM file name 😉).

snyk sbom test --experimental --file=bom.cdx.json

This feature is in Open Beta, the following SBOM formats are currently supported.

• CycloneDX: JSON version 1.4 and 1.5

• SPDX: JSON version 2.3

See snyk help or Snyk User Docs for more usage details 🙌

For customers on free plans, we plan to implement hard enforcements on monthly test limits. Specifically, we are starting work on the enforcement of test limits through the push flow. The work will begin on Monday, April 29th and plan to be complete by Thursday, May 2nd.

Please be aware that this feature will only impact customers on the free plan, who do not pay for any Snyk products. Customers with one or more paid products will not be affected by this feature.

For your awareness, minor updates to our Project page will be introduced over the next week. In the topmost heading, tabs related to the project overview, history, and settings are migrating higher on the page. In addition, modifications will be made to the project breadcrumbs.

Please be aware any temporary inconsistencies between organizations will resolve themselves shortly!

We’re happy to introduce Automated Collections to help you easily manage all your Snyk Projects.

With Automated Collections enabled, similar Projects from different integration types are automatically grouped into a collection to filter and report on the issues of your preferred scanning method easily and hide duplicate results.

You’ll find the option to enable Automated Collections under a new entry in the Organization Settings menu. After Automated Collections are enabled, it may take minutes (up to an hour) to analyze all the Organization’s Projects and group them by their Target URL.

Please note that Collections and Automated Collections are only available for customers on the Snyk Enterprise plan. Read more about how automatically created Project collections help you track issues, and contact your account team with any questions.

We are very pleased to announce that the option to define Python minor version when scanning pip projects via Git integrations is now GA!

Until now, Snyk would always use either Python 2.7 or 3.7 which could lead to some dependencies being omitted from results if they require newer versions.

You can now specify minor versions of Python 3 to use in scans, up to 3.12.

To try this out go to Settings > Languages > Python and specify the Python version to use.

For more details see the documentation available here.