Product Updates

We have been listening to your feedback regarding the upcoming improvements to Snyk Code analysis for the Java, Kotlin, and .NET ecosystems.

To ensure the best possible experience and minimize disruption during the busy end-of-year season, we have decided to reschedule this rollout. These updates, including support for the Netty framework and ASPX inline code expression blocks, will now go live on January 12.

Thank you for your feedback as we work to improve the accuracy of your scan results.

We’re releasing support for the Dart programming language in Snyk Code, now available in Snyk Preview. This update allows you to scan your Dart code, which is frequently used with the Flutter framework, for security vulnerabilities. We have added detection capabilities for a variety of issues, including insecure data handling, authentication flaws, and injection risks.

We added this language support to help you secure mobile and offline storage, ensure robust authentication flows, and harden network communications within your Dart applications. By expanding Snyk Code capabilities, we aim to provide better coverage for modern mobile development stacks and help you prevent critical risks like cleartext logging and SSL/TLS validation failures.

To start scanning Dart applications, you must enable the feature manually. Navigate to Settings > Snyk Preview and enable the Dart support option. Once enabled, we will include Dart files in any future tests and retests, identifying vulnerabilities such as SQL injection and path handling issues.

To learn more, visit Snyk Code language and framework support in our user documentation.

We’re introducing Objective C support in preview to help you secure your iOS and macOS applications. This update allows you to identify vulnerabilities across industry-standard libraries like AFNetworking and Realm, as well as native frameworks including Core Data and Security. You can now enable this feature directly in your settings to start scanning your code immediately.

We built this to ensure you have comprehensive coverage for your Apple ecosystem development, particularly for critical use cases like encrypted offline-first storage and hardened credential management. By supporting common libraries such as OpenSSL and Couchbase Lite alongside native frameworks, we help you secure legacy and active projects against complex risks.

This update affects developers and security teams managing Objective C codebases. If you use libraries like SQLite, RNCryptor, or Foundation, you can now detect security issues within your existing workflows. To benefit from this new capability, you must manually enable Objective C support within Snyk Preview.

To learn more, visit our Snyk User Documentation.

We’re improving Snyk Code analysis for the Java, Kotlin, and .NET ecosystems. These updates include support for the Netty framework and ASPX inline code expression blocks, arriving with our GA support for these languages on December 15.

We built these improvements to increase the accuracy of your scan results. By refining our analysis engines and expanding coverage to frameworks like Netty, we can help you identify more real issues while reducing distracting false positives.

You may notice changes in your vulnerability results after December 15. These improvements are designed to surface more true positive findings and remove false positives, specifically improving accuracy for Java, Kotlin, and .NET projects.

To learn more, visit our Snyk User Documentation.

We've improved Snyk Code analysis for the .NET, PHP, Python, Go, and Scala ecosystems. These updates increase coverage and analysis quality, providing broader and more accurate static application security testing (SAST) support.

We're expanding our support to include C#13 and .NET9 SDK, additional PHP file extensions (.inc, .module, .install, .theme & .profile), better Python import support for class instances, support for lib/pq in Go, and support for the Tapir web framework in Scala.

These improvements roll out on November 17, 2025, as part of our General Availability (GA) support for these languages in Snyk Code.

Because analysis quality is enhanced, you may notice a change in your scan results, including new true positives and the removal of previous false positives. No action is required; the updates apply automatically.

To learn more, visit our Snyk User Documentation.

We’re excited to announce the Early Access launch of the PR Check Report, a powerful new way to see how PR checks are performing and driving security outcomes across your organization. This release sets the stage for measuring the true security impact of PR checks across your organization and strengthening your overall prevention posture.

The current release of the report helps you:

• Monitor performance: Track pass, fail, error, and marked-as-successful rates over time across Snyk Open Source and Snyk Code checks. 

• Measure coverage: Understand where PR checks are enabled across your repositories to identify adoption gaps.

• Uncover recurring errors: Surface common error types and configuration issues to improve scan reliability and developer confidence.

Feature highlights:

• Flexible filters by time window, Snyk product (Snyk Open Source / Snyk Code), and project parameters like origin (SCM) and asset class.

• Org, Group, and Tenant-level insights into PR check performance and coverage.

• Export options for deeper data exploration and sharing.

The report is available under Analytics in the All Reports section for Tenant-level visibility. You can also find it in the Reports section of your Group or Organization by selecting Pull Request Checks Usage & Performance from the Change Report menu.

Learn more in our user documentation and connect with your account team to share feedback or help shape upcoming improvements.

Snyk Code CLI Upload is now Generally Available. This powerful capability bridges the gap between local CLI scanning and the centralized power of the Snyk Platform. By uploading your scan results directly from the CLI to the Snyk Web UI, you unlock the full range of Snyk features, helping your teams gain a comprehensive, centralized view of their security posture.

This means that projects scanned via the Snyk CLI are now seamlessly integrated into the platform, giving you unified management and visibility, including:

• Centralized Reporting: View historical trends, metrics, and risk overviews for CLI-scanned projects alongside your SCM-integrated projects.

• Full Platform Features: Access Organization and Group level views, enabling better governance, policy enforcement, and holistic security management across all your code, dependencies, and configurations.

• Unified Issue Management: Manage, triage, and collaborate on issues found by the CLI directly in the Snyk Web UI.

For all users, the Snyk Code CLI Upload functionality is available by updating to the latest Snyk CLI version and using the appropriate upload command/flag. This functionality is enabled and ready for use by default.

For more detailed information on how Snyk Code CLI Upload works and how to implement it, visit our CLI Upload documentation.

Starting October 13, 2025, we're rolling out several analysis improvements in Snyk Code for the Java and VB.NET ecosystems. For Java, we are improving taint flow analysis to correctly handle variadic method parameters and enhancing inter-file sanitization logic. For VB.NET, we are adding support for aliased namespace imports.

These enhancements are designed to improve the accuracy of our static application security testing (SAST) engine. By better understanding how data flows through your applications and recognizing more language features, we can provide more precise scan results.

You may notice an increase in true positive findings and a reduction of false positives in your projects. These updates will be applied automatically as part of our standard support for Java and VB.NET, with no action required from you.

To learn more, visit our Snyk User Documentation.

We’re pleased to announce that Issue Summary Comments and High-Context Inline Comments are now live and enabled by default for all customers using PR Checks with the following Source Code Manager (SCM) integrations:

• GitLab

• Azure Repos

• Bitbucket Server

What’s included:

• Issue Summary Comment for both successful and failed PR checks, covering Snyk Code and Open Source security & license findings.

• Inline Comments for Snyk Code findings, providing high-context feedback directly in the pull request.

To adjust your preferences, head over to Integration Settings in the Snyk UI where you can toggle comments on or off at any time. This release is a big step forward in our mission to make security native to the developer experience. Refer to the user documentation for more details.

We're updating the "Code Analysis" popup in Snyk Code to provide a more detailed and accurate breakdown of your scanned repositories. Previously, this view showed general language names (e.g., JavaScript).

After this update, it will display the specific file extensions that were analyzed (e.g., .js, .jsx, .ts).

This change provides greater transparency, removing the ambiguity that can occur in complex, polyglot projects. By seeing the exact file types Snyk has scanned, you can more easily verify scan coverage and gain a better understanding of your repository's composition.

This update will roll out to all customers on Sep 22, 2025.