Product Updates

As part of our continued effort to improve developer productivity, we have released several enhancements to High-Context Inline Comments today. These updates aim to reduce context switching by delivering contextual and actionable security findings directly within your workflow.

What’s new:

• Data Flow support for GitLab & Azure Repos - Data flows are now supported for both GitLab and Azure Repos, helping developers trace how a vulnerability travels from source to sink in their code, making investigation and fixes faster. For users leveraging Snyk Broker, they are supported for the following versions:

  • Gitlab: Broker version 4.215.2 or higher

  • Azure Repos: Broker version 4.218.2 or higher

• We’ve resolved an issue for GitHub and Bitbucket users leveraging Snyk Broker. Data flows will now correctly point to the intended commit reference for the following versions:

  • GitHub: Broker version 4.216.1 or higher

  • Bitbucket: Broker version 4.217.3 or higher

No action is required to enable these changes. You can find more details in the user docs.

We’ve released a new CLI version (v1.1298.3) with new features, bug fixes and improvements to enhance your security scanning.

This update includes the following two changes:

1. Open Source: Gradle 9 Support

We are pleased to announce that the Snyk CLI now supports scanning Gradle 9 projects!

Previously, when scanning version 9 projects in the CLI, some operations might fail due to reliance on a deprecated and removed Gradle CLI flag. This has now been resolved, and Gradle 9 is officially supported in the Snyk CLI.

2. AI-BOM: The snyk aibom command

The AI-BOM CLI command is now publicly accessible.

You can use the snyk aibom command to identify AI models, datasets, and map the AI supply chain, including connections to external tools and services using the Model Context Protocol (MCP).

Note: AI-BOM is an experimental feature and is subject to breaking changes without notice. Read more in our documentation.

Release notes are available here.

We encourage everyone to upgrade to the latest version to take advantage of these new capabilities. If you have any questions, please don’t hesitate to reach out to the Snyk support team.

Launching in Early Access on August 4th, 2025, Snyk Agent Fix eliminates the manual overhead of resolving vulnerabilities, helping developers merge secure PRs faster while integrating seamlessly into their existing workflows. With Snyk Agent Fix, developers are empowered to act immediately on SAST findings by generating and applying fix suggestions directly within pull requests, reducing context switching and streamlining remediation.

The following capabilities are supported for Early Access:

• Generate fix suggestions using the @snyk /fix command in a PR inline comment, displaying a proposed code change.

• View an explanation of the suggested fix alongside the code snippet.

• Apply the suggested code directly to the PR as a commit using the @snyk /apply command.

• Generate multiple fix suggestions within the same PR, where applicable.

The following Bitbucket integrations: Bitbucket Cloud, Bitbucket Cloud App, and Bitbucket Server will be supported. If you’d like to enable this feature for your organization, you can self-opt in via the Pull Request Experience section in your SCM integration settings.

Check out our user docs for more details and connect with your account team to participate in feedback sessions to shape the future of your workflows with Snyk.

As part of the Snyk AI Trust platform, Snyk Agent Fix will be available in pull requests starting next week, on 23 June. This feature aims to reduce the manual overhead of resolving vulnerabilities and minimize PR time to merge, all while ensuring seamless integration into existing developer workflows. With Snyk Agent Fix, developers are empowered to act immediately on SAST findings by generating and applying fix suggestions directly within pull requests, reducing context switching and streamlining remediation.

The following capabilities are supported for Early Access:

• Generate fix suggestions using the @snyk /fix command in a PR inline comment, displaying a proposed code change.

• View an explanation of the suggested fix alongside the code snippet.

• Apply the suggested code directly to the PR as a commit using the @snyk /apply command.

• Generate multiple fix suggestions within the same PR, where applicable.

Early access is currently focused on GitHub integrations: GitHub App (Cloud and Server). GitHub and GitHub Enterprise while support for additional SCM integrations is coming soon. This is part of an ongoing series of enhancements aimed at improving the developer pull request experience with Snyk. If you’d like to enable this feature for your organization, you will be able to self-opt in via the Pull Request Experience section in your SCM integration settings.

Check out the user docs for more details. We’re committed to continuously improving this experience — reach out to your account team if you’d like to join feedback sessions and help shape the future of your Snyk workflows.

As part of the Snyk AI Trust platform, Snyk Agent Fix will be available in pull requests starting this week, on 23 June. This feature aims to reduce the manual overhead of resolving vulnerabilities and minimize PR time to merge, all while ensuring seamless integration into existing developer workflows. With Snyk Agent Fix, developers are empowered to act immediately on SAST findings by generating and applying fix suggestions directly within pull requests, reducing context switching and streamlining remediation.

The following capabilities are supported for Early Access:

• Generate fix suggestions using the @snyk /fix command in a PR inline comment, displaying a proposed code change.

• View an explanation of the suggested fix alongside the code snippet.

• Apply the suggested code directly to the PR as a commit using the @snyk /apply command.

• Generate multiple fix suggestions within the same PR, where applicable.

Early access is currently focused on GitHub integrations: GitHub App (Cloud and Server). GitHub and GitHub Enterprise while support for additional SCM integrations is coming soon. This is part of an ongoing series of enhancements aimed at improving the developer pull request experience with Snyk. If you’d like to enable this feature for your organization, you will be able to self-opt in via the Pull Request Experience section in your SCM integration settings.

Check out the user docs for more details. We’re committed to continuously improving this experience — reach out to your account team if you’d like to join feedback sessions and help shape the future of your Snyk workflows.

We're excited to share that new improvements to the DeepCode AI Fix experience are now available across all Snyk-supported IDE plugins! Since launching the general availability of DeepCode AI Fix in the IDE last November, we’ve been continuously enhancing the experience to help developers fix Code issues more seamlessly.

What’s New?

• Expanded IDE support: DeepCode AI Fix is now available on Eclipse and Visual Studio, in addition to existing IDEs.

• Prevent repetitive fixes: Once a fix is applied, it can no longer be applied repeatedly, preventing redundant changes.

• Improved messaging: Clearer notifications when AI Fix cannot generate a quality fix.

• Quick feedback option: Developers can now provide thumbs up/down feedback immediately after applying a fix, helping us further enhance the experience.

How to Access

If you have Snyk Code and DeepCode AI Fix enabled, simply upgrade to the latest IDE version to start using the new enhancements.