Product Updates

Snyk Code’s Python analysis has been updated to support __init__.py files, improving scan accuracy and depth.

This enhancement allows for the correct importing of symbols defined in package initialization files. This leads to a more accurate analysis of projects that use this common packaging structure, which is detailed in the official Python documentation on modules.

As a result of this deeper analysis, customers with projects utilizing this module structure may see new findings in their scan results.

This update affects Python projects only and was rolled out to all Snyk customers as part of recent support case work.

Starting July 14, 2025, Snyk Code will release an update to improve the accuracy of CSRF (CWE-352) detection in C# WebAPI applications.

• This fix significantly reduces false positives, helping developers focus on real issues without being distracted by incorrect CSRF findings. Other vulnerability results are unaffected.

The update will roll out as part of Snyk Code’s General Availability (GA) support for C#.

Snyk Code Consistent Ignores is now Generally Available (GA) for all Snyk Code customers.

This capability ensures ignores are consistently applied in all surfaces throughout the development lifecycle, helping your teams eliminate distractions and focus on the risks that matter most. This means ignores are now respected across projects, branches, and integrations within a repository, notably in the IDE plugins, the Snyk CLI, and native PR checks.

For existing customers, Snyk Code Consistent Ignores can be enabled by toggling this on in your Group or Org settings. Any newly created groups or orgs will have this functionality enabled by default going forward.

We're thrilled to bring this powerful capability as a core offering of the Snyk platform, bringing a new level of focus and efficiency to your security workflows. For more detailed information on how Snyk Code Consistent Ignores works, check out the documentation and the Snyk Learn lesson.

Starting July 7, 2025, Snyk Code will expand its framework support for JavaScript and TypeScript. This update increases vulnerability coverage for applications using popular web frameworks:

• New Framework Support: Introducing analysis for web applications built with the hapi.js and TSOA frameworks. Customers using these frameworks will potentially see an increase in vulnerabilities reported

• Express Framework Enhancement: Improving analysis by recognizing object destructuring in request handlers.

• Improved support for for-each loops.

This update will be released as part of Snyk Code’s existing support for JavaScript and TypeScript.

Starting June 1, 2025, Snyk Code will enhance its JavaScript analysis. This improves the understanding of function declarations, leading to more accurate scan results and a significant reduction in false positives.

• JavaScript Function Declarations: More precise recognition of various declaration methods, including prototype patterns, to improve taint flow analysis.

This update will be released as part of Snyk Code’s GA JavaScript support.

Customers participating in the Snyk Code Consistent Ignores early access can now convert pre-existing ignores created via project page or via API in bulk. Bulk conversions can be executed via UI from a project page and customers can also choose to write scripts for ignore conversion by leveraging the API.

Documentation outlining the details of this new functionality is available here.

We’re excited to announce that Issue Summary Comments and High-Context Inline Comments are now Generally Available! 🎉

As of May 1, 2025, the features are enabled by default for all customers using PR Checks on supported SCMs, marking a major milestone in how Snyk brings security into the developer workflow.

What’s included:

• Issue Summary Comments for both successful and failed PR checks, covering Snyk Code and Open Source security & license findings.

• Inline Comments for Snyk Code issue findings, providing high-context feedback directly in the pull request.

This applies to repositories connected via:

• GitHub: GitHub OAuth, GitHub Enterprise (PAT), and GitHub Cloud App

• BitBucket: Bitbucket Cloud (PAT) and Bitbucket Cloud App

To adjust your preferences, head over to Integration Settings in the Snyk UI where you can toggle comments on or off at any time. This release is a big step forward in our mission to make security native to the developer experience. We’re excited to see how this helps your teams catch and fix issues faster, right within your SCM! 🚀

Refer to the user documentation for more details!

We're excited to share that the REST Issues API now includes code details and issue descriptions. This enhancement significantly improves prioritization workflows, risk assessment, and the remediation of security issues.

The following fields will be added:

1. Snyk Code details

• File Path - allows tracing all Snyk code issues within a specific file.

• Code Region - guides the users to the specific lines and columns where the issue was found.

• Commit ID - allow users to match between Snyk Code issues to their commit ID, so that they can tell which specific version of code has the issue.

• Key Asset - allows to identify Snyk Code issues with a unique ID per repository.

2. Description - provides users with a clearer understanding of the issue’s nature and aids in prioritization.

For more information, please refer to the API documentation.

Stay secure,

In 2025, Snyk Code will improve PR check performance for Java and C#, enabling faster scans.

As a preparation, this update restructures some rules, simplifying the result set while maintaining detection accuracy.

What’s New?

• Java CSRF/XSS Detection: Focuses on pom.xml and selected Java classes to better understand global application context.

• C# Config Lookup: Limits security configuration checks to key files like web.config and Startup.cs.

This update will roll out as part of our Java and C# language support on April 29, 2025.

Starting May 1, 2025, Snyk Code will support Java 21 across all integrations, enabling full project scanning and improved accuracy.

• Java 21: Support for new language features including record patterns and sealed classes.

• Analysis Engine: Enhanced program analysis to align with Java 21 syntax and semantics.

• Ruleset: Updated to cover security-relevant classes introduced in Java 21.

These updates will roll out as part of Snyk Code’s GA support for Java 21 and may result in changes to findings.