Product Updates

Snyk Code Consistent Ignores is now available in Early Access via Snyk Preview.

Snyk Code Consistent Ignores helps your teams focus on the important risk by filtering out distractions, ensuring that once an ignore is created, it is consistently respected regardless of how and where the test is run.

Snyk Code ignores span across branches, integrations, and Snyk Projects within a repository. Notably, this means that ignores are respected and won’t fail tests throughout the SDLC, including in IDE plugins, the CLI, and native PR checks.

Documentation outlining the details of this new functionality is available here.

Starting March 14th, our updated Snyk IDE plugins will feature the General Availability of Delta Findings, revolutionizing how you tackle code issues. Now, you'll see only the new issues introduced in your current branch, eliminating noise and allowing you to concentrate on your recent changes.

This targeted approach empowers you to prevent issues early, streamline your CI/CD pipeline, and accelerate delivery.

We've also enhanced the experience with a new Summary section for seamless navigation between "All" and "New" issues views. Plus, we've added reference folder comparison, enabling you to compare your work with other branches or folders—perfect for non-Git projects.

Supported Products: Snyk Code, Open Source, and IaC.

For more details about the Snyk IDE plugins, please reference our documentation:

• Visual Studio Code

• Jetbrains

• Eclipse

• Visual Studio

If you have any questions, feel free to reach out to the Snyk support team.

We're excited to share that new improvements to the DeepCode AI Fix experience are now available across all Snyk-supported IDE plugins! Since launching the general availability of DeepCode AI Fix in the IDE last November, we’ve been continuously enhancing the experience to help developers fix Code issues more seamlessly.

What’s New?

• Expanded IDE support: DeepCode AI Fix is now available on Eclipse and Visual Studio, in addition to existing IDEs.

• Prevent repetitive fixes: Once a fix is applied, it can no longer be applied repeatedly, preventing redundant changes.

• Improved messaging: Clearer notifications when AI Fix cannot generate a quality fix.

• Quick feedback option: Developers can now provide thumbs up/down feedback immediately after applying a fix, helping us further enhance the experience.

How to Access

If you have Snyk Code and DeepCode AI Fix enabled, simply upgrade to the latest IDE version to start using the new enhancements.

Starting April 3, 2025, Snyk Code will enhance gRPC support across multiple languages, improving vulnerability detection in Python, Java, PHP, Ruby, Go, C++, JavaScript, Kotlin, and C#.

With this update, gRPC data sources are now included in taint flow analysis, helping teams uncover more security issues in gRPC-based applications.

These improvements will roll out as part of Snyk Code's GA support for these languages and may lead to changes in findings.

Starting March 25, 2025, Snyk Code will enhance JavaScript, TypeScript, Java & Ruby analysis, improving detection accuracy.

• JavaScript/TypeScript: Better handling of method calls within lambdas.

• Java: Correct modeling of implicit toString() calls in string concatenation.

• Ruby: Improve analysis accuracy for object oriented Ruby code, including ERB template use cases as found in Ruby on Rails apps.

These improvements will roll out as part of Snyk Code’s GA support for these languages and may lead to changes in findings.

We are happy to update that new columns for Snyk Code Issues will become available in Snyk Reports and in the Snowflake Data Share!

The following columns and filters will be added in the main reports in both the Org and Group levels, as well as in Snowflake Data Share:

• File Path - trace all Snyk Code issues within a specific file.

• Code Region - identify the specific line and column numbers in the file where the issue was found.

• Commit ID - correlate the issue to the associated code version.

• Asset Finding ID - uniquely identify Snyk Code issues within a repository. The ID can help to dedupe issues that are found in several targets for the same repository.

The new column descriptions will be updated in the issue column dictionary and in Snowflake data share dictionary as part of the release.

This update will become available for enterprise customers on March, 19th.

For any further question, please contact your account team.

In 2025, Snyk Code will improve PR check performance for JavaScript and Python, enabling faster scans.

As a preparation, this update restructures some rules, simplifying the result set while maintaining detection accuracy.

What's New?

• JavaScript DDoS Detection: Instead of multiple findings, only the misconfigured web server instance will be highlighted.

• Python XSS Detection (when using the Jinja Framework): Repeated findings are consolidated into a single misconfiguration highlight for better clarity.

This update will roll out as part of our JavaScript and Python language support on March 10, 2025.

We’re expanding Snyk Code’s Java support with the addition of Spring WebFlux, a widely used reactive web framework.

What’s New?

• Recognize WebFlux APIs, including Mono and Flux types, to better understand application behavior.

• Detect tainted data sources in functional endpoints, improving security analysis for reactive applications.

This update will be available as part of our Java language support on March 17, 2025.

Snyk Code now enhances security scan coverage by automatically identifying which implementation belongs to an interface in Java.

This update improves vulnerability detection, especially for Dependency Injection (DI) frameworks and common design patterns that rely on interfaces.

Customers using these patterns may see an increase in detected vulnerabilities.

What’s New?

• Resolves an interface to its first and only detected implementation class.

• Improves scan accuracy for DI-heavy frameworks and reusable design patterns.

• Shipped as part of our ongoing improvements—already available!

We’re excited to announce that Snyk Code will support Rust and Groovy in early access, with the rollout starting on March 3. Customers will be able to enable Rust and Groovy support inside Snyk Preview to scan their source code for security issues.

For Rust, Snyk Code will detect security vulnerabilities in backend web applications, covering issues in common frameworks, HTTP handling, async runtimes, and database interactions.

For Groovy, Snyk Code will identify security risks in backend web applications, including those using standard libraries and major web frameworks.

Public documentation at docs.snyk.io will be updated by the launch date.