Product Updates

Following our Early Access launch of Snyk MCP for Agentic Workflows, we are excited to introduce powerful new visibility into how your teams are adopting Snyk in their local and AI-driven development environments.

We are rolling out key new metrics to the Developer IDE and CLI usage report to capture detailed MCP usage. This update will provide deeper insights into developer adoption with three key additions:

• Top-Level MCP Scan Count: A high-level summary of the total number of MCP scans performed by your team.

• Usage Breakdown Chart: A new chart that visualizes the usage split between the Snyk CLI, our various IDE plugins, and Agentic Scans (MCP), helping you clearly see which platforms developers leverage.

• MCP Host Breakdown Chart: To offer more granular insights, a new chart will break down Agentic Scans by the specific host application, such as Windsurf, Cursor, and others.

These new reporting features will allow security teams to demonstrate strong shift-left behavior and identify teams that are successfully adopting Snyk locally as a model for the rest of the organization.

To enable this new level of insight, it is required for users to update to the latest versions of the Snyk CLI (v1.1298.1).

Please reference our documentation for all the details and prerequisites to use the report.

Finding and providing up-to-date API schemas for security scanning is a common challenge. To solve this, Snyk API & Web now integrates with Akamai to simplify and automate your API security workflow, helping you maintain comprehensive coverage with significantly less manual effort.

This integration connects directly to your Akamai account to automatically discover your complete API inventory and import the corresponding schemas required for security testing.

Key Features

• Automated API Discovery: The integration automatically imports your API inventory and schemas from Akamai, eliminating the manual work of finding and uploading them.

• Increased Scan Coverage: By discovering all your Akamai-managed APIs, you can ensure broader security testing coverage across your application portfolio.

• One-Click Onboarding: Add discovered APIs as targets with a single click, with their schemas pre-populated and ready for testing.

How to Get Started

Availability: This feature will be available in your Snyk API & Web account on August 4, 2025.

Once available, you can begin using the integration by following these steps:

1. Connect to Akamai: Go to Settings > Integrations in your Snyk API & Web account to configure the new Akamai integration.

2. View Imported Domains: After a successful connection, Snyk API & Web imports your domains from Akamai. You can see these new domains under Targets > Domains.

3. Discover and Scan Your APIs: Snyk API & Web then automatically scans these domains to find the associated API assets. When the scan is complete, your discovered APIs are displayed when you select the Discovery menu option. From there, you can add them as targets and begin scanning immediately.

To find specific API assets, use the following filters:

• Filter by Type > API to display only API assets.

• Filter by Source > Akamai to display assets imported from this integration.

Need Help?

If you have any questions or need assistance with the new integration, please contact the Snyk support team.

We’ve released a CLI hotfix (v1.1298.1) to address regressions from a recent release and improve analytics tracking.

This update includes the following:

• Container Scanning: Fixes a bug that may have caused scans of local container images to fail. This issue could occur in various environments, particularly those using base images with alternative default shells (e.g., Alpine, BusyBox).

• Enhanced MCP Analytics: Improves analytics for MCP scans in order to support upcoming reporting capabilities.

As this is a targeted hotfix, no other changes in behavior or new features are expected.

Release notes are available here.

We encourage everyone to upgrade to the latest version to ensure stability and benefit from these important fixes. If you have any questions, please don’t hesitate to reach out to the Snyk support team.

We've rolled out an enhanced tenant-level Snyk Analytics experience! This update empowers you with more control and deeper insights into your security posture, making it easier than ever to manage risk across your organization.

What's New & Improved?

• Customizable Dashboards: You can now build your own analytics dashboards using a new set of widgets. This lets you focus on the metrics that matter most to you.

• Centralized Reporting Catalog: Access a new catalog of Snyk tenant-level reports. This central hub makes it simpler to find and access the reports you need, providing a unified view of your security data.

• Improved Data Access: Users with group reporting permissions now have direct access to tenant-level analytics for all the groups they are authorized to view, streamlining data visibility and collaboration.

Who Can Access This Early Access?

This exciting Early Access is currently available for our Enterprise plan customers who have group-level reporting permissions.

How to Opt-In:

Look for a banner link on your existing Tenant Analytics page to opt in. You can switch back to the current General Availability (GA) experience at any time.

Also, Now Generally Available!

As part of this release, we're also pleased to announce that the Repositories Tested in CI/CD report and the PCI-DSS v4.0.1 report have been moved to General Availability.

Go to Redesigned Analytics to learn more about this new Analytics page!

As part of the Snyk AI Trust platform, Snyk Agent Fix will be available in pull requests starting next week, on 23 June. This feature aims to reduce the manual overhead of resolving vulnerabilities and minimize PR time to merge, all while ensuring seamless integration into existing developer workflows. With Snyk Agent Fix, developers are empowered to act immediately on SAST findings by generating and applying fix suggestions directly within pull requests, reducing context switching and streamlining remediation.

The following capabilities are supported for Early Access:

• Generate fix suggestions using the @snyk /fix command in a PR inline comment, displaying a proposed code change.

• View an explanation of the suggested fix alongside the code snippet.

• Apply the suggested code directly to the PR as a commit using the @snyk /apply command.

• Generate multiple fix suggestions within the same PR, where applicable.

Early access is currently focused on GitHub integrations: GitHub App (Cloud and Server). GitHub and GitHub Enterprise while support for additional SCM integrations is coming soon. This is part of an ongoing series of enhancements aimed at improving the developer pull request experience with Snyk. If you’d like to enable this feature for your organization, you will be able to self-opt in via the Pull Request Experience section in your SCM integration settings.

Check out the user docs for more details. We’re committed to continuously improving this experience — reach out to your account team if you’d like to join feedback sessions and help shape the future of your Snyk workflows.

On August 5th, 2025, Snyk Code will receive a significant analysis and coverage upgrade. This update will enhance detection capabilities and may lead to a change in findings for some customers, including new findings and a reduction in false positives for most.

Key improvements in this release include:

• Go & PHP: Improved analysis of multi-variable declarations to reduce false positives in common assignment patterns.

• All Languages: Enhanced inter-file analysis to more accurately track when data is sanitized across multiple files, significantly reducing a common source of false positives.

• All Languages (except Scala & Ruby): Better detection of field-level sanitization within a single file, reducing false positives where tainted data is later made safe.

• JavaScript and TypeScript: Support for mongoose as well as express-mongo-sanitize has been added.

• Java: Added support for the JAX-RS framework.

• Go: Added support for the sqlx library.

• Scala: Added support for the Slick framework.

• Python: Introduced initial support for CWE-330, detecting insecure random number generation related to ciphers.

We are pleased to announce the new stable releases for our IDE plugins. The new versions are:

• Visual Studio Code v2.23.0

• JetBrains v2.15.0

• Visual Studio v2.3.0

• Eclipse v3.2.0

The releases include notable enhancements and changes:

• Personal Access Token (PAT) Support: We've added support for Personal Access Tokens (PAT) for authentication across all IDEs. This provides another secure method to connect to Snyk, in addition to our existing OAuth and legacy token methods.

• Feature Removals: The following three features are being removed (as previously announced here):

  • Code Quality Findings in Snyk Code

  • JavaScript CDN Library Detection in HTML, JS, and TS files

  • Container Image Detection in Kubernetes YAML Files

• VS Code Copilot Integration: The Snyk VS Code extension will now be automatically detected to support the Model Context Protocol (MCP) in GitHub Copilot, allowing for a more integrated AI-driven security experience directly in the editor. More details here.

Please consult the changelog for each of our plugins for a more detailed list of other bug fixes and enhancements.

You can learn more about the Snyk IDE plugins in our Learn resources.

If you have any questions, feel free to reach out to the Snyk support team.

We encourage everyone to upgrade to the newest versions once they are available in your IDE's marketplace!

We've added a new asset policy template to easily keep up with new repositories discovered across all SCMs used within a specific Snyk Group.

The out-of-the-box logic is set notify on newly discovered repositories from the past 7 days that are not yet tested with Snyk. Customers only need to add the list of email recipients to save and start using it.

The template can be tweaked and adjusted as needed.

We're excited to announce a new default vulnerability experience coming to Snyk Open Source, launching over the next couple of weeks to all Maven, .NET, npm, Python, Ruby, and Yarn projects.

What's New?

We've shifted the focus from individual vulnerabilities to the libraries they belong to. This new dependency-grouped view provides a holistic look at your remediation options, allowing you to see the full impact of each potential library upgrade.

Instead of fixing vulnerabilities one by one, you can now perform a true cost/benefit analysis. See exactly how many issues you can resolve with a single upgrade, compare the impact of different library updates, and make more informed decisions to maximize your team's efficiency. We've also streamlined the Fix PR process, making it easier to understand and customize your upgrades with just a few clicks.

How do I use it?

This new experience will begin rolling out to all applicable Snyk projects over the next couple of weeks. Once enabled, navigate to an individual project in your organization to see it in action. To switch back to the legacy view, click the “Group by” dropdown in the right-hand corner and select "none".

Happy Remediating!

We are pleased to announce the latest stable Snyk CLI release, v1.1298.0.

We are introducing the following new features and improvements in this version. To learn more about bug fixes and additional enhancements beyond what is highlighted below, please reference the release notes.

General Enhancements

• Updated glibc requirements: This version introduces new expectations for the underlying glibc requirements for Linux users. We recommend reviewing the updated requirements to ensure continued smooth operation. More details here.

• Personal Access Token (PAT) Support: We have added support for Personal Access Tokens (PAT) for authentication. More details here.

• MCP Enhancements: Further improvements have been made to the Snyk MCP for Agentic Workflows to enhance AI-driven security workflows. More details here.

Open Source Enhancements

• Maven: For long-running test, monitor, and sbom scans on projects with dense dependency graphs, the Dverbose flag now provides improved output and progress indication.

• Dotnet: We have improved support for comments within global.json files. Scans that previously failed when the file contained special content, such as URLs, will now complete successfully.

• NPM/Yarn: Package aliases are now supported and honored by default, leading to more accurate dependency resolution in complex projects.

• Node.js: The dependency graph produced by snyk test --print-graph has been enhanced. Node IDs will now contain type and classifier information for greater clarity.

• Gradle: For projects scanned with the --gradle-normalize-deps flag, internal project dependencies with multiple artifacts under a single coordinate will now correctly show all dependencies instead of a single, randomly selected one.

Container Enhancements

• Red Hat Vulnerability scanning: Starting from RHEL 10 Red Hat will be providing vulnerability data in CSAF/VEX format, and we now support this new format.

• Support for new versions of Chainguard Wolf images: Chainguard has made some changes in file locations. With this new version we now accurately support scanning Chainguard images.

Release notes can be found here.

If you have any questions, feel free to reach out to the Snyk support team.

We encourage everyone to upgrade to the latest version to benefit from these new features and improvements!