Product Updates

We're excited to announce the gradual release of a new drill-down experience designed to help you explore the underlying data behind key metrics without ever leaving your current view.

How does it work?

• Imagine you're looking at a metric like "resolved issues" or "MTTR" and want to understand exactly which issues contribute to that number.

• Clicking on the metric will unfold an expandable panel, displaying the specific issues used in that calculation, providing immediate context and detail.

• From this point, you can either fold back the panel and review other metrics in the same report or click to drill-down further and proceed to the Issues Detail or Asset Inventory screens.

We're planning to begin the gradual release starting next week, aiming to extend this enhanced experience across all issue-related reports in the coming weeks.

Please contact your account team for any question.

We’ve released hotfix v2.13.1 for our JetBrains IDE plugin.

This update solely addresses a scenario where special characters within file paths would create errors within the JetBrains plugin. There are no other functional changes or enhancements, so your experience using the plugin will remain the same.

If you have any questions, feel free to reach out to the Snyk support team.

We encourage everyone to upgrade to the latest version!

We're excited to announce several enhancements in the Issues Summary Report!

The planned enhancements include:

• Enhanced measurement clarity:

  • The report metrics (#open issues, #new issues, #resolved issues, MTTR) will include a percentage of progress indication.

  • The new indications will help you to quickly assess your AppSec health posture progress and ensure that you’re moving in the right direction.

• Table Dimension Picker in the Risk Breakdown table:

  • The dimension picker enables new powerful comparative analysis.

  • Comparing impact per asset class to ensure efforts are prioritized to secure the most sensitive assets first.

  • Comparing introduction category to quickly conclude if preventable issues are handled properly, as well as assessing the impact of new monitored assets over your AppSec Program.

• Expandable issues view

  • The expandable view provides on-demand drill-down capability, allowing you to click on selected metrics in the Risk Breakdown table and instantly explore the underlying issues without navigating away.

  • The view includes a link to the Issues Detail report, which allows further in-depth exploration.

• Default filters:

  • "Issues Severity" and "Asset Class" will become default filters, allowing quick visibility to high-risk vulnerabilities in business-critical assets.

  • These improvements will help you make more informed security decisions and better prioritize your remediation efforts.

The release is planned to take place at the 3rd of June.
We will update the user docs right after the release. For any question, please contact your account team.

We’ve released CLI hotfix v1.1297.1.

This version rolls back specific changes related to Gradle dependency resolution that were introduced in v1.1297.0.

We are taking this step to ensure stability for all users while we continue to refine this functionality. We plan to reintroduce these improvements for Gradle resolution in a future stable version once further enhancements are complete.

Release notes can be found here.

If you have any questions, feel free to reach out to the Snyk support team.

We encourage everyone to upgrade to the latest version!

We are pleased to announce the latest stable releases for:

• Visual Studio Code v2.22.0

• JetBrains v2.13.0

• Eclipse v3.2.0

• Visual Studio v2.2.1

The releases include notable bug fixes and enhancements:

• Fixed an issue where additionalParameters and baseBranch were not persisted when the opened workspace folder was not a Git repository.

• Addressed various persistence issues related to folderConfig.

Please consult the changelog for each of our plugins for a more detailed list of other bug fixes.

If you have any questions, feel free to reach out to the Snyk support team.

We encourage everyone to upgrade to the newest versions!

We are happy to announce that Snyk Open Source now supports Conan packages, available through SBOM workflows and the package issues API!

Conan, a popular package manager for C and C++ projects, is now included in Snyk’s growing list of supported ecosystems. Customers can now detect vulnerabilities and license intelligence in their Conan projects CycloneDX or SPDX SBOMs.

With this update:

• You can submit Conan packages via SBOM Test (CLI/API) and the package issues API (pkg:conan) for precise vulnerability detection.

• Access available fixed version information for Conan vulnerabilities.

• Identify and manage license information for Conan packages.

The feature will be generally available starting May 22, 2025. For any questions, please reach out to the Snyk Support team.

Starting June 1, 2025, Snyk Code will enhance its JavaScript analysis. This improves the understanding of function declarations, leading to more accurate scan results and a significant reduction in false positives.

• JavaScript Function Declarations: More precise recognition of various declaration methods, including prototype patterns, to improve taint flow analysis.

This update will be released as part of Snyk Code’s GA JavaScript support.

We are pleased to announce the latest stable Snyk CLI release v1.1297.0.

We are introducing the following new features and improvements in this version. To learn more about bug fixes and additional enhancements beyond what is highlighted below, please reference the release notes.

Container Enhancements

We've made scanning container image archives more straightforward. You can now directly scan image archives (e.g., image.tar) using snyk container test image.tar or snyk container monitor image.tar without needing to specify the image type as a prefix. This simplifies the command structure and streamlines your container security workflows.

Open Source Enhancements

This release brings significant improvements to Gradle module resolutions. The Snyk CLI's Gradle dependency resolution will now default to finding all artifacts against resolved dependencies. You can read more about this here.

Release notes can be found here.

If you have any questions, feel free to reach out to the Snyk support team.

We encourage everyone to upgrade to the latest version to benefit from these new features and improvements!

We are excited to announce that major improvements to scanning NuGet .NET applications in Snyk Open Source are available in Early Access!

The new scanning approach leverages closer integration with the internal workings of the .NET ecosystem, and works with the Snyk CLI and SCM integrations.

The key benefits over the previous solution include:

• Greater consistency across CLI and SCM results

• No false positives from runtime dependencies

• Support for more .NET features, such as .props files, global.json, and Central Package Management

• Support for private NuGet package repositories (inc. Azure Artifacts)

To get up and running with improved .NET scanning, check out the documentation.

Customers participating in the Snyk Code Consistent Ignores early access can now convert pre-existing ignores created via project page or via API in bulk. Bulk conversions can be executed via UI from a project page and customers can also choose to write scripts for ignore conversion by leveraging the API.

Documentation outlining the details of this new functionality is available here.