Product Updates

We’re excited to announce that Issue Summary Comments and High-Context Inline Comments are now Generally Available! 🎉

As of May 1, 2025, the features are enabled by default for all customers using PR Checks on supported SCMs, marking a major milestone in how Snyk brings security into the developer workflow.

What’s included:

• Issue Summary Comments for both successful and failed PR checks, covering Snyk Code and Open Source security & license findings.

• Inline Comments for Snyk Code issue findings, providing high-context feedback directly in the pull request.

This applies to repositories connected via:

• GitHub: GitHub OAuth, GitHub Enterprise (PAT), and GitHub Cloud App

• BitBucket: Bitbucket Cloud (PAT) and Bitbucket Cloud App

To adjust your preferences, head over to Integration Settings in the Snyk UI where you can toggle comments on or off at any time. This release is a big step forward in our mission to make security native to the developer experience. We’re excited to see how this helps your teams catch and fix issues faster, right within your SCM! 🚀

Refer to the user documentation for more details!

We're excited to share that the REST Issues API now includes code details and issue descriptions. This enhancement significantly improves prioritization workflows, risk assessment, and the remediation of security issues.

The following fields will be added:

1. Snyk Code details

• File Path - allows tracing all Snyk code issues within a specific file.

• Code Region - guides the users to the specific lines and columns where the issue was found.

• Commit ID - allow users to match between Snyk Code issues to their commit ID, so that they can tell which specific version of code has the issue.

• Key Asset - allows to identify Snyk Code issues with a unique ID per repository.

2. Description - provides users with a clearer understanding of the issue’s nature and aids in prioritization.

For more information, please refer to the API documentation.

Stay secure,

In 2025, Snyk Code will improve PR check performance for Java and C#, enabling faster scans.

As a preparation, this update restructures some rules, simplifying the result set while maintaining detection accuracy.

What’s New?

• Java CSRF/XSS Detection: Focuses on pom.xml and selected Java classes to better understand global application context.

• C# Config Lookup: Limits security configuration checks to key files like web.config and Startup.cs.

This update will roll out as part of our Java and C# language support on April 29, 2025.

Starting May 1, 2025, Snyk Code will support Java 21 across all integrations, enabling full project scanning and improved accuracy.

• Java 21: Support for new language features including record patterns and sealed classes.

• Analysis Engine: Enhanced program analysis to align with Java 21 syntax and semantics.

• Ruleset: Updated to cover security-relevant classes introduced in Java 21.

These updates will roll out as part of Snyk Code’s GA support for Java 21 and may result in changes to findings.

Snyk Code Consistent Ignores is now available in Early Access via Snyk Preview.

Snyk Code Consistent Ignores helps your teams focus on the important risk by filtering out distractions, ensuring that once an ignore is created, it is consistently respected regardless of how and where the test is run.

Snyk Code ignores span across branches, integrations, and Snyk Projects within a repository. Notably, this means that ignores are respected and won’t fail tests throughout the SDLC, including in IDE plugins, the CLI, and native PR checks.

Documentation outlining the details of this new functionality is available here.

Starting March 14th, our updated Snyk IDE plugins will feature the General Availability of Delta Findings, revolutionizing how you tackle code issues. Now, you'll see only the new issues introduced in your current branch, eliminating noise and allowing you to concentrate on your recent changes.

This targeted approach empowers you to prevent issues early, streamline your CI/CD pipeline, and accelerate delivery.

We've also enhanced the experience with a new Summary section for seamless navigation between "All" and "New" issues views. Plus, we've added reference folder comparison, enabling you to compare your work with other branches or folders—perfect for non-Git projects.

Supported Products: Snyk Code, Open Source, and IaC.

For more details about the Snyk IDE plugins, please reference our documentation:

• Visual Studio Code

• Jetbrains

• Eclipse

• Visual Studio

If you have any questions, feel free to reach out to the Snyk support team.

We're excited to share that new improvements to the DeepCode AI Fix experience are now available across all Snyk-supported IDE plugins! Since launching the general availability of DeepCode AI Fix in the IDE last November, we’ve been continuously enhancing the experience to help developers fix Code issues more seamlessly.

What’s New?

• Expanded IDE support: DeepCode AI Fix is now available on Eclipse and Visual Studio, in addition to existing IDEs.

• Prevent repetitive fixes: Once a fix is applied, it can no longer be applied repeatedly, preventing redundant changes.

• Improved messaging: Clearer notifications when AI Fix cannot generate a quality fix.

• Quick feedback option: Developers can now provide thumbs up/down feedback immediately after applying a fix, helping us further enhance the experience.

How to Access

If you have Snyk Code and DeepCode AI Fix enabled, simply upgrade to the latest IDE version to start using the new enhancements.

Starting April 3, 2025, Snyk Code will enhance gRPC support across multiple languages, improving vulnerability detection in Python, Java, PHP, Ruby, Go, C++, JavaScript, Kotlin, and C#.

With this update, gRPC data sources are now included in taint flow analysis, helping teams uncover more security issues in gRPC-based applications.

These improvements will roll out as part of Snyk Code's GA support for these languages and may lead to changes in findings.

Starting March 25, 2025, Snyk Code will enhance JavaScript, TypeScript, Java & Ruby analysis, improving detection accuracy.

• JavaScript/TypeScript: Better handling of method calls within lambdas.

• Java: Correct modeling of implicit toString() calls in string concatenation.

• Ruby: Improve analysis accuracy for object oriented Ruby code, including ERB template use cases as found in Ruby on Rails apps.

These improvements will roll out as part of Snyk Code’s GA support for these languages and may lead to changes in findings.

We are happy to update that new columns for Snyk Code Issues will become available in Snyk Reports and in the Snowflake Data Share!

The following columns and filters will be added in the main reports in both the Org and Group levels, as well as in Snowflake Data Share:

• File Path - trace all Snyk Code issues within a specific file.

• Code Region - identify the specific line and column numbers in the file where the issue was found.

• Commit ID - correlate the issue to the associated code version.

• Asset Finding ID - uniquely identify Snyk Code issues within a repository. The ID can help to dedupe issues that are found in several targets for the same repository.

The new column descriptions will be updated in the issue column dictionary and in Snowflake data share dictionary as part of the release.

This update will become available for enterprise customers on March, 19th.

For any further question, please contact your account team.