Product Updates

We are pleased to announce that Reachability for JavaScript and TypeScript will begin rolling out for General Availability (GA) on June 18th.

This milestone follows an Early Access program during which we partnered with development and security teams to validate the capability and refine its accuracy, coverage, and scalability.

Reachability analysis helps teams prioritize vulnerabilities by identifying whether a vulnerable code element (functions, classes, modules, etc.) is invoked by their application code. This enables organizations to concentrate remediation efforts on vulnerabilities that are more likely to be exploitable in their application context.

This enhancement also means that customers participating in the Early Access stage may see changes to existing vulnerabilities, marking them as reachable.

Please refer to the documentation on reachability analysis for more information on enablement, supported environments, and package managers.

Back in November, we announced a significant enhancement to Snyk Automatic Fix Pull Requests, furthering our mission to design workflows to match different projects needs.

Today, we're excited to announce the completion of this effort, the setting of a default threshold for any organization leveraging our auto-fixes that hasn't done so already.

Auto Fix Pull Request thresholds are configurable by either severity or score. We understand in some projects, fixing all vulnerabilities constantly is extremely important, whereas in others focusing on specific types boosts velocity. That's why we configured two types of rules for Automatic Fix Pull Requests:

• by score (priority or risk score) - set a threshold from 0 to 1000

• by severity - select among critical, high, medium or low

Starting today, June 5th, we're defaulting any organization that hasn't yet set a threshold to a risk score of 700, the general consensus amongst our early adopters and the value Snyk's seen to most effectively reduce noise while still surfacing fixes for the most important vulnerabilities.

If you've already set thresholds, Snyk will not change your defaults. This option will also not influence our Backlog PR capability.

We are pleased to announce an update to the Java Reachability Engine, which will deliver a more accurate analysis across a broader range of Java packages and vulnerabilities.

As a result of this expanded coverage, customers may see changes to existing vulnerabilities marking them as reachable. We recognize that this update may affect your triage and prioritization workflows, as we ensure that potential issues are identified with greater precision.

This change will gradually roll out on June 16th, and customers should expect to see additional coverage improvements in the upcoming months. No action is needed from customers who have already enabled the reachability feature.

Just so you know, modifications in first-party code, vulnerability analysis updates, and SAST engine improvements (like this update) can affect the reachability results, and vulnerabilities labeled as "No Path Found" can evolve to "Reachable" over time.

See our documentation to learn more about Reachability Analysis.

We are pleased to announce a bug fix for Snyk Open Source Python support.

With this update SCM support for Python will be improved as follows:

• Today, SCM scans for some Python 3.8+ projects omit virtualenv and pip dependencies if they are used, leading to possible false negatives in related issues. With this change, these dependencies will be correctly included.

• CLI scans already accurately represent these dependencies, and are not affected by this release.

How will my scan results change?

• Overall accuracy of Python SCM scans for projects using these dependencies will increase, which may lead to an increase in identified vulnerabilities for projects using these dependencies.

What are the next steps?

The changes will be released on June 18th, and projects will see improved results in their next test.

We're providing an important update regarding an upcoming enhancement to the Snyk CLI that will impact Linux environments. To ensure the Snyk CLI operates as smoothly and securely as possible, providing the strongest security and stability for your development environments, we are updating an internal component.

What's Changing for Linux Users?

Effective with the Snyk CLI release 1.1298.0 targeted for July 16, 2025, the minimum required GNU C Library (glibc) versions on Linux will be updated as follows:

• For Linux x64 environments: glibc version 2.28 or higher

• For Linux arm64 environments: glibc version 2.31 or higher

This change only affects Linux environments. Users on macOS and Windows are not impacted by this specific glibc update.

Why Are We Making This Change?

This update is driven by our commitment to ensure all components within the Snyk CLI are current and supported, preventing the use of components that may no longer receive critical security patches or bug fixes. This transition is crucial for:

• Enhanced Security & Stability: Via this upgrade, we ensure our CLI remains protected against emerging vulnerabilities and benefits from ongoing improvements, addressing potential risks.

• Modern Dependency Compatibility: The broader software ecosystem continually evolves. This upgrade allows us to integrate essential library updates, bug fixes, and new features more effectively and reliably.

Meeting these glibc requirements also means your Linux environments will likely be running on operating system versions that are fully supported and not past their own end-of-support dates, further enhancing your overall security posture.

Timeline and Your Environment Readiness:

We are introducing these new requirements in the Snyk CLI 1.1298.0 release scheduled for July 16, 2025. This provides a window for you to assess and, if necessary, update your Linux environments.What if You Need More Time?We understand that updating your environments might require planning and coordination. If you anticipate needing more time to meet these new glibc requirements beyond the July 16, 2025 release, we recommend the following temporary solutions to continue using the Snyk CLI without interruption:

• Pin your Snyk CLI version: You can temporarily pin your Snyk CLI to version 1.1297.1 (the last version before these new requirements take effect) to allow more time for your glibc upgrade.

• Utilize Snyk CLI Docker Images: Our official Snyk CLI Docker images come with compatible glibc versions and can be a good alternative.

• The CLI preview version was updated starting June 4th to contain the new glibc requirements for testing the coming changes in time.

Our primary goal is to provide you with the most secure and reliable tools, and this update is a key step in that direction.Thank you for your understanding and partnership in maintaining a secure development lifecycle!

We are announcing the End of Life (EOL) for the Snyk Nexus Gatekeeper Plugin, effective September 15th, 2025.

This change is primarily due to Sonatype's discontinuation of Plugin Support. Sonatype, the creators of Nexus Repository, have officially removed all third-party plugin support in Nexus Repository version 3.78 and newer, which was released in March 2025.

Here is what you need to know:

• Impacted Plugin: Snyk Nexus Gatekeeper Plugin.

• End of Life Date: September 15th, 2025.

• Support until EOL: We will continue to offer support for leveraging the plugin until September 15th, 2025. However, please note that no new enhancements or bug fixes will be released for the plugin during this period.

• Action Required: If you are currently using the Snyk Nexus Gatekeeper Plugin, we recommend planning your transition to alternative solutions before the EOL date. We encourage you to leverage other Snyk products (such as Pull Request Checks or SCM integrations) that can help enhance your security posture and integrate seamlessly into your development workflows.

We understand that this change may require adjustments to your current workflows. We encourage you to explore Snyk's other integrations and features to continue securing your software development lifecycle effectively.

If you have any questions or require assistance, please do not hesitate to contact the Snyk support team!

Once discovery of repositories takes place and is available on the Inventory view, the coverage gap asset policy will be applied out of the box to identify repositories not tested with Snyk OS and Snyk Code. Based on this policy, coverage gaps will be identified and repositories that don't meet the coverage requirements will be marked as such.

The policy can be edited to meet each customer's coverage requirements.

The default coverage gap asset policy will be rolled out to new groups starting June 4. It is also available as an asset policy template for all customers.

We are announcing the Early Access release of Issue Summary Comment and Inline Comments for Bitbucket Server. These features bring critical security insights directly into your PRs, reducing context switching and streamlining vulnerability remediation.

• Issue Summary Comment (SCA and SAST) - Developers receive a comment within their pull request displaying the count of security findings by severity directly in the SCM when PR checks are active. This empowers developers to identify and address issues early, with detailed links provided for deeper investigation.

• Inline Comments (SAST only) - Developers receive specific inline comments for each SAST security finding directly within their pull requests in the SCM, accelerating PR merge times and proactively surfacing issues within the development workflow. The SAST finding displays the CWE, and Priority Score, and includes a Snyk Learn URL for reference.

This is part of a series of enhancements designed to improve your developers’ pull request experience with Snyk, and we remain committed to further improving it.

If you’re interested in enabling this feature for your organization, you can now self-opt in via the Pull Request Experience section in the SCM integration settings. Check out the user docs for more details. Try it out and connect with your account team to participate in feedback sessions to shape the future of your Snyk’s workflows.

Snyk users without a configured Snyk Essentials Group-level integration will soon benefit from Automatic Repository Discovery, which provides visibility into the users' security coverage, out of the box. This feature helps users identify which repositories have been imported and are being tested in Snyk, and which have not. The discovered repositories will appear in the Snyk Essentials Inventory tab.

Automatic Repository Discovery is currently available for users with GitHub Cloud App and GitHub Enterprise Org-level integrations, and will soon be available to users with GitLab and Azure DevOps Organization-level integrations, including brokered setups.

We’ll begin gradually rolling this out to all Enterprise plan customers starting June 9th, 2025. If you’d like early access, please reach out to your account team.

We're happy to announce a new filter and column for Snyk Analytics that will allow you to prioritize the remediation of vulnerabilities based on their presence in a direct dependency.

Key benefits:

• Laser Focus: Zero in on vulnerabilities that are simpler to fix.

• Reduced Noise: Significantly decrease the volume of vulnerabilities needing immediate attention.

• Faster Triage: Make quicker, more informed decisions about which vulnerabilities to prioritize.

The new "In Direct Dependency" column and filter will be available in:

• Snyk Reports - across issues-centered reports, such as Issues Detail, Issues Summary, Vulnerabilities Detail, SLA Management, etc.

• Snowflake Data Share - introduced in a new table.

• Export API - as part of the Issues dataset.

This important capability is planned to be released on June 5th. Please contact your account team for any questions.