Product Updates

We are pleased to announce the latest stable releases for:

• Visual Studio Code v2.22.0

• JetBrains v2.13.0

• Eclipse v3.2.0

• Visual Studio v2.2.1

The releases include notable bug fixes and enhancements:

• Fixed an issue where additionalParameters and baseBranch were not persisted when the opened workspace folder was not a Git repository.

• Addressed various persistence issues related to folderConfig.

Please consult the changelog for each of our plugins for a more detailed list of other bug fixes.

If you have any questions, feel free to reach out to the Snyk support team.

We encourage everyone to upgrade to the newest versions!

We are happy to announce that Snyk Open Source now supports Conan packages, available through SBOM workflows and the package issues API!

Conan, a popular package manager for C and C++ projects, is now included in Snyk’s growing list of supported ecosystems. Customers can now detect vulnerabilities and license intelligence in their Conan projects CycloneDX or SPDX SBOMs.

With this update:

• You can submit Conan packages via SBOM Test (CLI/API) and the package issues API (pkg:conan) for precise vulnerability detection.

• Access available fixed version information for Conan vulnerabilities.

• Identify and manage license information for Conan packages.

The feature will be generally available starting May 22, 2025. For any questions, please reach out to the Snyk Support team.

Starting June 1, 2025, Snyk Code will enhance its JavaScript analysis. This improves the understanding of function declarations, leading to more accurate scan results and a significant reduction in false positives.

• JavaScript Function Declarations: More precise recognition of various declaration methods, including prototype patterns, to improve taint flow analysis.

This update will be released as part of Snyk Code’s GA JavaScript support.

We are pleased to announce the latest stable Snyk CLI release v1.1297.0.

We are introducing the following new features and improvements in this version. To learn more about bug fixes and additional enhancements beyond what is highlighted below, please reference the release notes.

Container Enhancements

We've made scanning container image archives more straightforward. You can now directly scan image archives (e.g., image.tar) using snyk container test image.tar or snyk container monitor image.tar without needing to specify the image type as a prefix. This simplifies the command structure and streamlines your container security workflows.

Open Source Enhancements

This release brings significant improvements to Gradle module resolutions. The Snyk CLI's Gradle dependency resolution will now default to finding all artifacts against resolved dependencies. You can read more about this here.

Release notes can be found here.

If you have any questions, feel free to reach out to the Snyk support team.

We encourage everyone to upgrade to the latest version to benefit from these new features and improvements!

We are excited to announce that major improvements to scanning NuGet .NET applications in Snyk Open Source are available in Early Access!

The new scanning approach leverages closer integration with the internal workings of the .NET ecosystem, and works with the Snyk CLI and SCM integrations.

The key benefits over the previous solution include:

• Greater consistency across CLI and SCM results

• No false positives from runtime dependencies

• Support for more .NET features, such as .props files, global.json, and Central Package Management

• Support for private NuGet package repositories (inc. Azure Artifacts)

To get up and running with improved .NET scanning, check out the documentation.

Customers participating in the Snyk Code Consistent Ignores early access can now convert pre-existing ignores created via project page or via API in bulk. Bulk conversions can be executed via UI from a project page and customers can also choose to write scripts for ignore conversion by leveraging the API.

Documentation outlining the details of this new functionality is available here.

We are pleased to announce a bug fix for Snyk Open Source PHP support in the Snyk CLI.

With this update CLI support for PHP will be improved as follows:

• Today, Snyk CLI test and monitor commands may fail for users who only have composer.phar locally, and no global composer. With this bug fix, these scans will now succeed

How will my scan results change?

• CI/CD pipelines that were failing due to this error may now succeed after upgrading to the new CLI version

• New issues may be found when the projects are scanned successfully

What are the next steps?

The changes are available now in the preview channel of the CLI, and will be included in the stable channel on 14 May 2025.

We’re excited to announce that Project Context on Assets is now Generally Available! This feature brings powerful visibility and clarity into how your assets connect to underlying Snyk Projects and Organizations.

What’s New?

• Easily see which Projects and Orgs each asset belongs to

• View key scanning details like last scan time and surface (SCM or CLI)

• Filter assets by associated Snyk Orgs for faster, smarter asset management

With this change, AppSec teams can now better understand how, where, and when assets are being scanned – making it easier to act on security insights and streamline workflows.

Please see our user docs for more details, and contact your account team with any questions.

We’re excited to announce that Issue Summary Comments and High-Context Inline Comments are now Generally Available! 🎉

As of May 1, 2025, the features are enabled by default for all customers using PR Checks on supported SCMs, marking a major milestone in how Snyk brings security into the developer workflow.

What’s included:

• Issue Summary Comments for both successful and failed PR checks, covering Snyk Code and Open Source security & license findings.

• Inline Comments for Snyk Code issue findings, providing high-context feedback directly in the pull request.

This applies to repositories connected via:

• GitHub: GitHub OAuth, GitHub Enterprise (PAT), and GitHub Cloud App

• BitBucket: Bitbucket Cloud (PAT) and Bitbucket Cloud App

To adjust your preferences, head over to Integration Settings in the Snyk UI where you can toggle comments on or off at any time. This release is a big step forward in our mission to make security native to the developer experience. We’re excited to see how this helps your teams catch and fix issues faster, right within your SCM! 🚀

Refer to the user documentation for more details!

We're excited to share that the REST Issues API now includes code details and issue descriptions. This enhancement significantly improves prioritization workflows, risk assessment, and the remediation of security issues.

The following fields will be added:

1. Snyk Code details

• File Path - allows tracing all Snyk code issues within a specific file.

• Code Region - guides the users to the specific lines and columns where the issue was found.

• Commit ID - allow users to match between Snyk Code issues to their commit ID, so that they can tell which specific version of code has the issue.

• Key Asset - allows to identify Snyk Code issues with a unique ID per repository.

2. Description - provides users with a clearer understanding of the issue’s nature and aids in prioritization.

For more information, please refer to the API documentation.

Stay secure,