Product Updates

We've just released an enhancement for the Snyk Container Registry Agent to improve compatibility with a wider range of container registries. You can now disable the repository listing feature to prevent integration errors and reduce API calls.

This is especially useful if you are using a registry that does not support the GET /v2/_catalog endpoint, or if your organization's security policies restrict access to it.

Key Benefits

• Expanded Registry Support: Ensures smooth integration with registries like GitHub Container Registry and GitLab Container Registry.

• Work Around Permission Issues: Allows the agent to function correctly even when it doesn't have permissions to list all repositories.

• Reduce API Calls: Optimizes performance by preventing unnecessary calls to your registry's catalog endpoint.

How to Enable

You can enable this feature by setting the SNYK_DISABLE_LIST_REPOS environment variable to true in your deployment. When enabled, the agent immediately returns an empty list instead of trying to query the registry, resolving potential errors.

For full setup instructions for Docker, Helm, and Kubernetes, please see the updated Snyk Container Registry Agent documentation.

Launching in Early Access on August 4th, 2025, Snyk Agent Fix eliminates the manual overhead of resolving vulnerabilities, helping developers merge secure PRs faster while integrating seamlessly into their existing workflows. With Snyk Agent Fix, developers are empowered to act immediately on SAST findings by generating and applying fix suggestions directly within pull requests, reducing context switching and streamlining remediation.

The following capabilities are supported for Early Access:

• Generate fix suggestions using the @snyk /fix command in a PR inline comment, displaying a proposed code change.

• View an explanation of the suggested fix alongside the code snippet.

• Apply the suggested code directly to the PR as a commit using the @snyk /apply command.

• Generate multiple fix suggestions within the same PR, where applicable.

The following Bitbucket integrations: Bitbucket Cloud, Bitbucket Cloud App, and Bitbucket Server will be supported. If you’d like to enable this feature for your organization, you can self-opt in via the Pull Request Experience section in your SCM integration settings.

Check out our user docs for more details and connect with your account team to participate in feedback sessions to shape the future of your workflows with Snyk.

As of January 28th, 2026, 6 months from today, Snyk will require customers to use Bitbucket Server version 7.4 or higher, or Bitbucket Data Center 8 or higher to continue using Snyk PR Checks, and Snyk Broker version 4.218.0 or higher when using a brokered connection.

We are making this change to provide consistent operation across our integrations, and to ensure customers have access to the latest Pull Request experience from Snyk.

With this change going into effect, the minimum requirements for using Snyk PR Checks with Bitbucket Server/Data Center are as follows:

1. Bitbucket Server version 7.4 or higher, or Bitbucket Data Center version 8 or higher

2. The integration must have been set up in accordance with Snyk's documented requirements, including the necessary scopes for the token associated with your Snyk Bitbucket Server/Data Center integration.

   This includes webhooks read and write scopes, for continued feature support

3. When using a brokered connection, Snyk Broker version 4.218.0 or higher is required

If you have any questions, please reach out to Snyk's support team.

Useful Links

• Prerequisites for automated PR checks

• Bitbucket Cloud and Bitbucket Data Center/Server token permissions

• Update the Snyk Broker client

Get ready to supercharge your security prioritization! Snyk API & Web is rolling out a new Critical severity level for findings. This enhancement brings our platform even closer to industry standards, helping you zero in on the most urgent vulnerabilities that demand immediate attention.

Key Dates

• September 2, 2025: The Critical severity level will become visible within the Snyk API & Web UI. While no findings will be assigned this severity yet, this is your prime opportunity to prepare your systems. Read this article for more information.

• September 16, 2025: Snyk API & Web will begin automatically assigning the Critical severity to all eligible findings (those with a CVSS score of 9.0 or higher). Existing finding severities won't change unless they are detected in a new scan after September 16th.

This update empowers you to focus on what matters most in safeguarding your applications. If you have any questions, please reach out to Snyk’s support team.

We’ve released a new CLI hotfix (v1.1298.2) to address several bugs and improve the overall user experience.

This update includes the following:

• MCP: Streamlines local project testing by preventing unnecessary security prompts for folders you have already trusted. This category also includes security hardening to improve the container scanning tool’s resilience against potential prompt injection.

• Snyk Code: Resolves an issue where running the snyk code test --report command could fail in environments where a PROJECT_ID environment variable is set.

• Snyk Agent Fix: Resolves an issue that could prevent Snyk Agent Fix from being available in IDE plugins for users whose default organization didn't have the feature enabled.

As this is a targeted hotfix, no other changes in behavior or new features are expected.

Release notes are available here.

We encourage everyone to upgrade to the latest version to ensure stability and benefit from these important fixes.

If you have any questions, please don’t hesitate to reach out to the Snyk support team.

We’ve released hotfix v2.23.1 for our Visual Studio Code extension.

This update addresses two use cases that improve stability and the overall user experience. We have enhanced how the plugin handles network proxies and certificates, which will reduce download errors within the IDE. This release also fixes a bug that prevented the GCA integration from working correctly in some cases.

There are no other functional changes in this version, so your day-to-day experience using the extension will remain the same.

If you have any questions, feel free to reach out to our support team.

We encourage everyone to upgrade to the latest version to benefit from these improvements!

We are excited to announce the release of Snyk Azure DevOps Task v1.9.0. This update introduces a key improvement that simplifies the experience for users in complex network environments.

This release includes the following enhancement:

• Automatic Proxy Detection: The Snyk task will now automatically detect and use the HTTP/HTTPS proxy configuration from the Azure DevOps agent it is running on. This removes the need for any manual setup, streamlining pipeline configuration in restricted environments.

To enable this feature, simply update to version 1.9.0 in your Azure DevOps pipelines. No other configuration is required.

If you have any questions, please don’t hesitate to reach out to the Snyk support team.

We’re excited to announce that Issue Summary Comments and High-Context Inline Comments will be coming to General Availability for the second wave of SCMs. Starting August 26, 2025, these capabilities will be enabled by default for all customers using PR checks. The rollout will complete by September 8, 2025.

The following SCM integrations are in scope:

• GitLab

• Azure Repos

• Bitbucket Server
  

What’s included in this release

Repositories with PR checks enabled will automatically receive:

• Issue Summary Comments for both success and failure cases (covering Snyk Code + Open Source security and license findings)

• High-Context Inline Comments for Snyk Code issues

Repositories that have either been (1) manually disabled either of the comments after initial enablement or (2) disabled summary comments for success scenarios during Early Access will remain unchanged, ensuring prior preferences are respected.

🛑 Opt-Out Requests

Opt-out requests can be submitted via our dedicated form or through your Snyk POC (include Group/Org IDs). Submissions received on or before Aug 25, 2025 will not be default enabled. To customize your preferences at any time after default enablement, you can simply visit your integration settings in the Snyk WebUI where you can toggle comments off.

This release will be a big step forward in our mission to make security native to the developer experience and we’re excited to see how this helps your teams fix issues faster. Please reach out to your account team if you’d like to join upcoming feedback sessions and help shape the future of Snyk’s Pull Request experience.

We're excited to announce the general availability of Snyk's latest report, "Snyk Generated Pull Requests."

Originally launched to early access late last year for Enterprise plans, this report sought to provide high-level visibility over your Snyk-generated manual and auto-fix PRs. The premise was simple: many Snyk accounts have hundreds, if not thousands, of projects within a single Group, which makes monitoring PRs near impossible.

Until now, AppSec teams have been left to their own devices to understand concepts such as PR volume, state, merge rates, and even mean time to merge. With the introduction of the 'Snyk Generated Pull Request' report, we make it simple to view this information and take action on it. Moreover, the report is available at both the organizational and group levels, allowing you to spend more time analyzing and less time filtering for the right granularity.

What's new in the general availability release:

• A new global filter for specific package managers (thanks for your feedback!)

• A new table in the drawer to track PRs created for a specific repo

• Performance enhancements in filtering, data population, and overall loading time

To view the report, select Reports in the left-hand navigation of Snyk's UI. At the top of the page, under the Change Report dropdown, select Snyk Generated Pull Request.

Happy Remediating!

We are excited to announce that a couple of new asset enrichments from the SCM will be available beginning July 30th!

The new asset context properties introduced are:

1. SCM Project from BitBucket and Azure DevOps

2. SCM Organization from all SCMs (representing the SCM Organization in GitHub & Azure DevOps,Workspace in BitBucket, and Group in GitLab)

With additional asset context, it is possible to better prioritize and classify repositories based also on their SCM properties. Additionally this enables users to enforce coverage controls based on the SCM properties.

We are constantly working to provide additional asset context! If you have any asset context that you would like to see in Snyk or have any questions, contact the Snyk Support Team.