Product Updates

We're providing an important update regarding an upcoming enhancement to the Snyk CLI that will impact Linux environments. To ensure the Snyk CLI operates as smoothly and securely as possible, providing the strongest security and stability for your development environments, we are updating an internal component.

What's Changing for Linux Users?

Effective with the Snyk CLI release 1.1298.0 targeted for July 16, 2025, the minimum required GNU C Library (glibc) versions on Linux will be updated as follows:

• For Linux x64 environments: glibc version 2.28 or higher

• For Linux arm64 environments: glibc version 2.31 or higher

This change only affects Linux environments. Users on macOS and Windows are not impacted by this specific glibc update.

Why Are We Making This Change?

This update is driven by our commitment to ensure all components within the Snyk CLI are current and supported, preventing the use of components that may no longer receive critical security patches or bug fixes. This transition is crucial for:

• Enhanced Security & Stability: Via this upgrade, we ensure our CLI remains protected against emerging vulnerabilities and benefits from ongoing improvements, addressing potential risks.

• Modern Dependency Compatibility: The broader software ecosystem continually evolves. This upgrade allows us to integrate essential library updates, bug fixes, and new features more effectively and reliably.

Meeting these glibc requirements also means your Linux environments will likely be running on operating system versions that are fully supported and not past their own end-of-support dates, further enhancing your overall security posture.

Timeline and Your Environment Readiness:

We are introducing these new requirements in the Snyk CLI 1.1298.0 release scheduled for July 16, 2025. This provides a window for you to assess and, if necessary, update your Linux environments.What if You Need More Time?We understand that updating your environments might require planning and coordination. If you anticipate needing more time to meet these new glibc requirements beyond the July 16, 2025 release, we recommend the following temporary solutions to continue using the Snyk CLI without interruption:

• Pin your Snyk CLI version: You can temporarily pin your Snyk CLI to version 1.1297.1 (the last version before these new requirements take effect) to allow more time for your glibc upgrade.

• Utilize Snyk CLI Docker Images: Our official Snyk CLI Docker images come with compatible glibc versions and can be a good alternative.

• The CLI preview version was updated starting June 4th to contain the new glibc requirements for testing the coming changes in time.

Our primary goal is to provide you with the most secure and reliable tools, and this update is a key step in that direction.Thank you for your understanding and partnership in maintaining a secure development lifecycle!

We are announcing the End of Life (EOL) for the Snyk Nexus Gatekeeper Plugin, effective September 15th, 2025.

This change is primarily due to Sonatype's discontinuation of Plugin Support. Sonatype, the creators of Nexus Repository, have officially removed all third-party plugin support in Nexus Repository version 3.78 and newer, which was released in March 2025.

Here is what you need to know:

• Impacted Plugin: Snyk Nexus Gatekeeper Plugin.

• End of Life Date: September 15th, 2025.

• Support until EOL: We will continue to offer support for leveraging the plugin until September 15th, 2025. However, please note that no new enhancements or bug fixes will be released for the plugin during this period.

• Action Required: If you are currently using the Snyk Nexus Gatekeeper Plugin, we recommend planning your transition to alternative solutions before the EOL date. We encourage you to leverage other Snyk products (such as Pull Request Checks or SCM integrations) that can help enhance your security posture and integrate seamlessly into your development workflows.

We understand that this change may require adjustments to your current workflows. We encourage you to explore Snyk's other integrations and features to continue securing your software development lifecycle effectively.

If you have any questions or require assistance, please do not hesitate to contact the Snyk support team!

Once discovery of repositories takes place and is available on the Inventory view, the coverage gap asset policy will be applied out of the box to identify repositories not tested with Snyk OS and Snyk Code. Based on this policy, coverage gaps will be identified and repositories that don't meet the coverage requirements will be marked as such.

The policy can be edited to meet each customer's coverage requirements.

The default coverage gap asset policy will be rolled out to new groups starting June 4. It is also available as an asset policy template for all customers.

We are announcing the Early Access release of Issue Summary Comment and Inline Comments for Bitbucket Server. These features bring critical security insights directly into your PRs, reducing context switching and streamlining vulnerability remediation.

• Issue Summary Comment (SCA and SAST) - Developers receive a comment within their pull request displaying the count of security findings by severity directly in the SCM when PR checks are active. This empowers developers to identify and address issues early, with detailed links provided for deeper investigation.

• Inline Comments (SAST only) - Developers receive specific inline comments for each SAST security finding directly within their pull requests in the SCM, accelerating PR merge times and proactively surfacing issues within the development workflow. The SAST finding displays the CWE, and Priority Score, and includes a Snyk Learn URL for reference.

This is part of a series of enhancements designed to improve your developers’ pull request experience with Snyk, and we remain committed to further improving it.

If you’re interested in enabling this feature for your organization, you can now self-opt in via the Pull Request Experience section in the SCM integration settings. Check out the user docs for more details. Try it out and connect with your account team to participate in feedback sessions to shape the future of your Snyk’s workflows.

Snyk users without a configured Snyk Essentials Group-level integration will soon benefit from Automatic Repository Discovery, which provides visibility into the users' security coverage, out of the box. This feature helps users identify which repositories have been imported and are being tested in Snyk, and which have not. The discovered repositories will appear in the Snyk Essentials Inventory tab.

Automatic Repository Discovery is currently available for users with GitHub Cloud App and GitHub Enterprise Org-level integrations, and will soon be available to users with GitLab and Azure DevOps Organization-level integrations, including brokered setups.

We’ll begin gradually rolling this out to all Enterprise plan customers starting June 9th, 2025. If you’d like early access, please reach out to your account team.

We're happy to announce a new filter and column for Snyk Analytics that will allow you to prioritize the remediation of vulnerabilities based on their presence in a direct dependency.

Key benefits:

• Laser Focus: Zero in on vulnerabilities that are simpler to fix.

• Reduced Noise: Significantly decrease the volume of vulnerabilities needing immediate attention.

• Faster Triage: Make quicker, more informed decisions about which vulnerabilities to prioritize.

The new "In Direct Dependency" column and filter will be available in:

• Snyk Reports - across issues-centered reports, such as Issues Detail, Issues Summary, Vulnerabilities Detail, SLA Management, etc.

• Snowflake Data Share - introduced in a new table.

• Export API - as part of the Issues dataset.

This important capability is planned to be released on June 5th. Please contact your account team for any questions.

We're excited to announce the gradual release of a new drill-down experience designed to help you explore the underlying data behind key metrics without ever leaving your current view.

How does it work?

• Imagine you're looking at a metric like "resolved issues" or "MTTR" and want to understand exactly which issues contribute to that number.

• Clicking on the metric will unfold an expandable panel, displaying the specific issues used in that calculation, providing immediate context and detail.

• From this point, you can either fold back the panel and review other metrics in the same report or click to drill-down further and proceed to the Issues Detail or Asset Inventory screens.

We're planning to begin the gradual release starting next week, aiming to extend this enhanced experience across all issue-related reports in the coming weeks.

Please contact your account team for any question.

We’ve released hotfix v2.13.1 for our JetBrains IDE plugin.

This update solely addresses a scenario where special characters within file paths would create errors within the JetBrains plugin. There are no other functional changes or enhancements, so your experience using the plugin will remain the same.

If you have any questions, feel free to reach out to the Snyk support team.

We encourage everyone to upgrade to the latest version!

We're excited to announce several enhancements in the Issues Summary Report!

The planned enhancements include:

• Enhanced measurement clarity:

  • The report metrics (#open issues, #new issues, #resolved issues, MTTR) will include a percentage of progress indication.

  • The new indications will help you to quickly assess your AppSec health posture progress and ensure that you’re moving in the right direction.

• Table Dimension Picker in the Risk Breakdown table:

  • The dimension picker enables new powerful comparative analysis.

  • Comparing impact per asset class to ensure efforts are prioritized to secure the most sensitive assets first.

  • Comparing introduction category to quickly conclude if preventable issues are handled properly, as well as assessing the impact of new monitored assets over your AppSec Program.

• Expandable issues view

  • The expandable view provides on-demand drill-down capability, allowing you to click on selected metrics in the Risk Breakdown table and instantly explore the underlying issues without navigating away.

  • The view includes a link to the Issues Detail report, which allows further in-depth exploration.

• Default filters:

  • "Issues Severity" and "Asset Class" will become default filters, allowing quick visibility to high-risk vulnerabilities in business-critical assets.

  • These improvements will help you make more informed security decisions and better prioritize your remediation efforts.

The release is planned to take place at the 3rd of June.
We will update the user docs right after the release. For any question, please contact your account team.

We’ve released CLI hotfix v1.1297.1.

This version rolls back specific changes related to Gradle dependency resolution that were introduced in v1.1297.0.

We are taking this step to ensure stability for all users while we continue to refine this functionality. We plan to reintroduce these improvements for Gradle resolution in a future stable version once further enhancements are complete.

Release notes can be found here.

If you have any questions, feel free to reach out to the Snyk support team.

We encourage everyone to upgrade to the latest version!