Product Updates

Starting February 24, 2026, Snyk Code will begin a phased rollout of support for Ruby 4.0. This initial update focuses on foundational parser improvements and enhanced support for Ruby modules to accommodate the latest language features.

• Ruby 4.0 Parser: Support for new syntax and language features introduced in the Ruby 4.0 specification.

• Module Analysis: Improved understanding of Ruby module structures for more accurate pathing and taint flow.

Impact on Results: Because this update provides a more precise interpretation of Ruby codebases, customers may see an increase in findings as the engine identifies issues that were previously outside the parser's scope.

This release is the first in a series of planned enhancements to our Ruby analysis engine scheduled for the first half of 2026. We will continue to announce significant updates and further improvements in this area as they are rolled out.

This update will be automatically available to all customers using Snyk Code for Ruby.

We're excited to introduce the first automatic solution for correlating static application security testing (SAST) and dynamic application security testing (DAST) findings. By connecting Snyk Code issues with Snyk API & Web results, we can now pinpoint the exact line of code responsible for a DAST vulnerability, helping you understand exactly where your code needs to be fixed and speed up your remediation process.

Vulnerabilities discovered during DAST can often be difficult and time-consuming for developers to locate within the source code. This update automates that manual search process. By using artificial intelligence to map runtime findings back to static code analysis, we're helping your teams reduce the mean time to remediate and focus on fixing issues rather than finding them.

In order to use our SAST/DAST correlation, you just need to link your Snyk API & Web targets to your Snyk Code projects and scan your API & Web targets the way you're used to. We'll do all the heavy lifting for you, and show you the corresponding SAST issue that matches our DAST finding, with the context and link directly to the code that needs to be fixed to mitigate the vulnerability.

Learn more about it here

Snyk Code enhances analysis across multiple language ecosystems

We’ve updated Snyk Code to improve accuracy and coverage for many of the languages and frameworks you use. These enhancements help identify more true positive findings and remove false positives from your results, providing a more reliable view of your security posture.

Expanded language and framework support

The latest updates introduce support for several modern frameworks and libraries:

• C# 14 and .NET 10: Analysis now includes the latest C# and .NET versions, which also covers VB.NET applications built on the .NET 10 framework.

• Kotlin and Java: We improved support for Spring WebFlux and Jax-RS in Kotlin. We also added better coverage for grpc-spring based gRPC clients in both Java and Kotlin.

• JavaScript and TypeScript: Snyk Code now supports the Sequelize library.

• Go: We added support for the Fiber framework.

• Swift: Analysis now includes the grpc-swift library for gRPC use cases.

These changes will be available as part of our general availability support for these ecosystems. You can see these improvements reflected in your scan results in the Web UI or CLI.

The changes will roll out on February 23, 2026.

To learn more, visit Snyk Code language and framework support in our user documentation.

We have been listening to your feedback regarding the upcoming improvements to Snyk Code analysis for the Java, Kotlin, and .NET ecosystems.

To ensure the best possible experience and minimize disruption during the busy end-of-year season, we have decided to reschedule this rollout. These updates, including support for the Netty framework and ASPX inline code expression blocks, will now go live on January 12.

Thank you for your feedback as we work to improve the accuracy of your scan results.

We’re releasing support for the Dart programming language in Snyk Code, now available in Snyk Preview. This update allows you to scan your Dart code, which is frequently used with the Flutter framework, for security vulnerabilities. We have added detection capabilities for a variety of issues, including insecure data handling, authentication flaws, and injection risks.

We added this language support to help you secure mobile and offline storage, ensure robust authentication flows, and harden network communications within your Dart applications. By expanding Snyk Code capabilities, we aim to provide better coverage for modern mobile development stacks and help you prevent critical risks like cleartext logging and SSL/TLS validation failures.

To start scanning Dart applications, you must enable the feature manually. Navigate to Settings > Snyk Preview and enable the Dart support option. Once enabled, we will include Dart files in any future tests and retests, identifying vulnerabilities such as SQL injection and path handling issues.

To learn more, visit Snyk Code language and framework support in our user documentation.

We’re introducing Objective C support in preview to help you secure your iOS and macOS applications. This update allows you to identify vulnerabilities across industry-standard libraries like AFNetworking and Realm, as well as native frameworks including Core Data and Security. You can now enable this feature directly in your settings to start scanning your code immediately.

We built this to ensure you have comprehensive coverage for your Apple ecosystem development, particularly for critical use cases like encrypted offline-first storage and hardened credential management. By supporting common libraries such as OpenSSL and Couchbase Lite alongside native frameworks, we help you secure legacy and active projects against complex risks.

This update affects developers and security teams managing Objective C codebases. If you use libraries like SQLite, RNCryptor, or Foundation, you can now detect security issues within your existing workflows. To benefit from this new capability, you must manually enable Objective C support within Snyk Preview.

To learn more, visit our Snyk User Documentation.

We’re improving Snyk Code analysis for the Java, Kotlin, and .NET ecosystems. These updates include support for the Netty framework and ASPX inline code expression blocks, arriving with our GA support for these languages on December 15.

We built these improvements to increase the accuracy of your scan results. By refining our analysis engines and expanding coverage to frameworks like Netty, we can help you identify more real issues while reducing distracting false positives.

You may notice changes in your vulnerability results after December 15. These improvements are designed to surface more true positive findings and remove false positives, specifically improving accuracy for Java, Kotlin, and .NET projects.

To learn more, visit our Snyk User Documentation.

We've improved Snyk Code analysis for the .NET, PHP, Python, Go, and Scala ecosystems. These updates increase coverage and analysis quality, providing broader and more accurate static application security testing (SAST) support.

We're expanding our support to include C#13 and .NET9 SDK, additional PHP file extensions (.inc, .module, .install, .theme & .profile), better Python import support for class instances, support for lib/pq in Go, and support for the Tapir web framework in Scala.

These improvements roll out on November 17, 2025, as part of our General Availability (GA) support for these languages in Snyk Code.

Because analysis quality is enhanced, you may notice a change in your scan results, including new true positives and the removal of previous false positives. No action is required; the updates apply automatically.

To learn more, visit our Snyk User Documentation.

We’re excited to announce the Early Access launch of the PR Check Report, a powerful new way to see how PR checks are performing and driving security outcomes across your organization. This release sets the stage for measuring the true security impact of PR checks across your organization and strengthening your overall prevention posture.

The current release of the report helps you:

• Monitor performance: Track pass, fail, error, and marked-as-successful rates over time across Snyk Open Source and Snyk Code checks. 

• Measure coverage: Understand where PR checks are enabled across your repositories to identify adoption gaps.

• Uncover recurring errors: Surface common error types and configuration issues to improve scan reliability and developer confidence.

Feature highlights:

• Flexible filters by time window, Snyk product (Snyk Open Source / Snyk Code), and project parameters like origin (SCM) and asset class.

• Org, Group, and Tenant-level insights into PR check performance and coverage.

• Export options for deeper data exploration and sharing.

The report is available under Analytics in the All Reports section for Tenant-level visibility. You can also find it in the Reports section of your Group or Organization by selecting Pull Request Checks Usage & Performance from the Change Report menu.

Learn more in our user documentation and connect with your account team to share feedback or help shape upcoming improvements.

Snyk Code CLI Upload is now Generally Available. This powerful capability bridges the gap between local CLI scanning and the centralized power of the Snyk Platform. By uploading your scan results directly from the CLI to the Snyk Web UI, you unlock the full range of Snyk features, helping your teams gain a comprehensive, centralized view of their security posture.

This means that projects scanned via the Snyk CLI are now seamlessly integrated into the platform, giving you unified management and visibility, including:

• Centralized Reporting: View historical trends, metrics, and risk overviews for CLI-scanned projects alongside your SCM-integrated projects.

• Full Platform Features: Access Organization and Group level views, enabling better governance, policy enforcement, and holistic security management across all your code, dependencies, and configurations.

• Unified Issue Management: Manage, triage, and collaborate on issues found by the CLI directly in the Snyk Web UI.

For all users, the Snyk Code CLI Upload functionality is available by updating to the latest Snyk CLI version and using the appropriate upload command/flag. This functionality is enabled and ready for use by default.

For more detailed information on how Snyk Code CLI Upload works and how to implement it, visit our CLI Upload documentation.