Product Updates

Starting March 25, 2025, Snyk Code will enhance JavaScript, TypeScript, Java & Ruby analysis, improving detection accuracy.

• JavaScript/TypeScript: Better handling of method calls within lambdas.

• Java: Correct modeling of implicit toString() calls in string concatenation.

• Ruby: Improve analysis accuracy for object oriented Ruby code, including ERB template use cases as found in Ruby on Rails apps.

These improvements will roll out as part of Snyk Code’s GA support for these languages and may lead to changes in findings.

We are happy to update that new columns for Snyk Code Issues will become available in Snyk Reports and in the Snowflake Data Share!

The following columns and filters will be added in the main reports in both the Org and Group levels, as well as in Snowflake Data Share:

• File Path - trace all Snyk Code issues within a specific file.

• Code Region - identify the specific line and column numbers in the file where the issue was found.

• Commit ID - correlate the issue to the associated code version.

• Asset Finding ID - uniquely identify Snyk Code issues within a repository. The ID can help to dedupe issues that are found in several targets for the same repository.

The new column descriptions will be updated in the issue column dictionary and in Snowflake data share dictionary as part of the release.

This update will become available for enterprise customers on March, 19th.

For any further question, please contact your account team.

In 2025, Snyk Code will improve PR check performance for JavaScript and Python, enabling faster scans.

As a preparation, this update restructures some rules, simplifying the result set while maintaining detection accuracy.

What's New?

• JavaScript DDoS Detection: Instead of multiple findings, only the misconfigured web server instance will be highlighted.

• Python XSS Detection (when using the Jinja Framework): Repeated findings are consolidated into a single misconfiguration highlight for better clarity.

This update will roll out as part of our JavaScript and Python language support on March 10, 2025.

We’re expanding Snyk Code’s Java support with the addition of Spring WebFlux, a widely used reactive web framework.

What’s New?

• Recognize WebFlux APIs, including Mono and Flux types, to better understand application behavior.

• Detect tainted data sources in functional endpoints, improving security analysis for reactive applications.

This update will be available as part of our Java language support on March 17, 2025.

Snyk Code now enhances security scan coverage by automatically identifying which implementation belongs to an interface in Java.

This update improves vulnerability detection, especially for Dependency Injection (DI) frameworks and common design patterns that rely on interfaces.

Customers using these patterns may see an increase in detected vulnerabilities.

What’s New?

• Resolves an interface to its first and only detected implementation class.

• Improves scan accuracy for DI-heavy frameworks and reusable design patterns.

• Shipped as part of our ongoing improvements—already available!

We’re excited to announce that Snyk Code will support Rust and Groovy in early access, with the rollout starting on March 3. Customers will be able to enable Rust and Groovy support inside Snyk Preview to scan their source code for security issues.

For Rust, Snyk Code will detect security vulnerabilities in backend web applications, covering issues in common frameworks, HTTP handling, async runtimes, and database interactions.

For Groovy, Snyk Code will identify security risks in backend web applications, including those using standard libraries and major web frameworks.

Public documentation at docs.snyk.io will be updated by the launch date.

Snyk Code is improving its Jakarta EE and Java EE coverage to enhance vulnerability detection in enterprise Java applications. This update expands support for key frameworks, increasing accuracy and improving security insights.

What’s New?

• Additional Data Sources: Now includes JMS messaging, WebSocket, and Mail as sources of user-controlled data.

• Broader Sink & Sanitizer Coverage: Expanded detection across Jakarta EE components.

• ConstraintValidator Support: Recognizes sanitizers defined via ConstraintValidator annotations within the same repository.

This update will be available as part of our Java language support on March 1, 2025.

Snyk Code will soon provide a more focused dataflow view for taint vulnerability reports. By removing unnecessary steps, this update makes it easier to trace relevant flows, improving clarity and speeding up issue reviews.

The update rolls out on February 19.

As part of our ongoing commitment to improving and making Snyk Code findings more accurate and relevant, we're improving our Anti-Forgery Token Validation detection for C#, particularly in cases where .NET MVC is used.

This updates changes the logic to only be triggered in specific instances where .NET MVC usage is detected, a change from the previous "blacklist" approach.

Supported classes include: System.Web.Mvc.Controller, System.Web.Mvc.ControllerBase, Microsoft.AspNetCore.Mvc.Controller, Microsoft.AspNetCore.Mvc.ControllerBase.

This update will be released Wednesday, January 15th. Customers should see a decrease in False-Positive results pertaining to the rule mentioned above.

Please do not hesitate to reach out to your account team with any questions or inquiries!

Dear customers,

We want to inform you of upcoming changes which may impact your development workflows.

Starting June 24, 2025, Snyk will implement an official 12-month Support Policy for our IDE, Language Server, and CLI versions. Additionally, we are announcing the deprecation of certain IDE features, detailed herein: Code Quality Findings in Snyk Code (both WebUI and IDE Plugins), Javascript CDN Library Detection in HTML Files, and Container Image Detection in Kubernetes YAML Files.

12-month Support Policy

Establishing an official 12-month Support Policy for IDE, Language Service, and CLI will enable us to provide a more consistent experience throughout the feature lifecycle, enabling customers to adopt new innovative features sooner and providing more clarity to customers about what they can expect in terms of supportability.

What this means: Each version of our IDE plugins, CLI, and Language Server will be supported for 12 months from its release date. Clear support timelines allow you to plan upgrades confidently, reducing unexpected disruptions.

To continue receiving support and access to the latest features, please upgrade your IDE plugin, Language Server, and CLI to a version released within the last 12 months by June 24, 2025. We encourage you to schedule regular updates to stay within our support window.

For guidance on upgrading, please refer to our Documentation for IDE, Language Server, and CLI, respectively. If you need assistance, please contact our support team.

IDE plugin feature deprecations effective June 24, 2025

Snyk previously supported a basic set of code quality features that only appeared in the IDE experience and some experimental security features found only in singular IDE platforms. This functionality was used only by a small number of customers, and the feedback we received from most customers was that this feature set needed to be revised to meet their needs and obscured relevant findings. After careful consideration, we have decided that removing this functionality is the best outcome for all of our customers.

Deprecation of Code Quality Findings in Snyk Code (WebUI and IDE Plugins) Snyk Code Quality findings will no longer be provided in versions of the IDE plugins. Earlier plugin versions may still show the Code Quality findings section but the results will be empty. Affected integrations: Web UI, all Snyk IDE Plugins

Deprecation of JavaScript CDN Library Detecting in HTML Files This feature surfaced security vulnerabilities in JavaScript packages from well-known CDNs (Content Delivery Networks) within HTML files in your projects. Affected integrations: Visual Studio Code and Language Server

Deprecation of Container Image Detection in Kubernetes YAML Files This was an experimental feature available in the the Snyk JetBrains IDE that scans Kubernetes configuration files and searches for container images . Affected integrations: Snyk JetBrains IDE Integration

We value your partnership and are committed to supporting your success. If you have any questions or need assistance, we’re here to help.

Thank you for your continued support.

Best regards,