Product Updates

We've released a hotfix for our Visual Studio extension (v2.1.1) to enhance clarity in multi-project setups.

Specifically, we've addressed the following:

• Enhanced Project Identification: The OSS file tree nodes now include the relative path to the project.assets.json file in addition to the project folder path. This change aims to provide a more intuitive and informative experience when working with multi-project workspaces.

If you have any questions, feel free to reach out to the Snyk support team.

We encourage everyone to upgrade to the latest version!

We've released version 2.12.1 of our IntelliJ plugin in order to address some API incompatibilities in order to ensure seamless support for the upcoming JetBrains 2025.1 release.

No changes are introduced from v2.12.0, previously announced here yesterday.

We recommend upgrading to v2.12.1 through the IntelliJ plugin marketplace for optimal compatibility!

If you have any questions, feel free to reach out to the Snyk support team!

We are pleased to announce the latest stable releases for:

• Visual Studio Code v2.21.0

• Jetbrains v2.12.0

• Eclipse v3.1.0

• Visual Studio v2.1.0

We're excited to announce significant updates designed to streamline your development workflow:

• We're pleased to announce the release of AI Fix in all IDEs, coming with more stability and enhanced fixes. Read more about AI Fix here.

• Stay focused on prevent with the General Availability of Delta Findings! We've simplified issue management with a new summary view and refined the user experience for seamless navigation. Learn more about the enhanced Delta Findings.

In addition to significant features, these releases contain multiple fixes that can be consulted in the changelog for each of our plugins.

For more details about the Snyk IDE plugins, please reference our documentation:

• Visual Studio Code

• Jetbrains

• Eclipse

• Visual Studio

  If you have any questions, feel free to reach out to the Snyk support team.

We'll soon update our learning page with new videos to give you a sense on how to use our IDEs!

We encourage everyone to upgrade to the newest versions!

Starting March 14th, our updated Snyk IDE plugins will feature the General Availability of Delta Findings, revolutionizing how you tackle code issues. Now, you'll see only the new issues introduced in your current branch, eliminating noise and allowing you to concentrate on your recent changes.

This targeted approach empowers you to prevent issues early, streamline your CI/CD pipeline, and accelerate delivery.

We've also enhanced the experience with a new Summary section for seamless navigation between "All" and "New" issues views. Plus, we've added reference folder comparison, enabling you to compare your work with other branches or folders—perfect for non-Git projects.

Supported Products: Snyk Code, Open Source, and IaC.

For more details about the Snyk IDE plugins, please reference our documentation:

• Visual Studio Code

• Jetbrains

• Eclipse

• Visual Studio

If you have any questions, feel free to reach out to the Snyk support team.

We're excited to share that new improvements to the DeepCode AI Fix experience are now available across all Snyk-supported IDE plugins! Since launching the general availability of DeepCode AI Fix in the IDE last November, we’ve been continuously enhancing the experience to help developers fix Code issues more seamlessly.

What’s New?

• Expanded IDE support: DeepCode AI Fix is now available on Eclipse and Visual Studio, in addition to existing IDEs.

• Prevent repetitive fixes: Once a fix is applied, it can no longer be applied repeatedly, preventing redundant changes.

• Improved messaging: Clearer notifications when AI Fix cannot generate a quality fix.

• Quick feedback option: Developers can now provide thumbs up/down feedback immediately after applying a fix, helping us further enhance the experience.

How to Access

If you have Snyk Code and DeepCode AI Fix enabled, simply upgrade to the latest IDE version to start using the new enhancements.

Starting April 3, 2025, Snyk Code will enhance gRPC support across multiple languages, improving vulnerability detection in Python, Java, PHP, Ruby, Go, C++, JavaScript, Kotlin, and C#.

With this update, gRPC data sources are now included in taint flow analysis, helping teams uncover more security issues in gRPC-based applications.

These improvements will roll out as part of Snyk Code's GA support for these languages and may lead to changes in findings.

We are pleased to announce the latest stable Snyk CLI release v1.1296.0

Important reminder: Snyk's primary distribution channel for CLI is downloads.snyk.io rather than static.snyk.io. Please ensure you whitelist this domain to ensure seamless updates with npm, Homebrew, Scoop, and CI/CD integrations.

We are introducing the following new features in this version. To learn more about bug fixes beyond what is highlighted below, please reference the release notes.

Error handling enhancements

We've made significant improvements to our error handling for Snyk scans. You'll now see consistent error code formatting for exit codes 2 and 3 across all scan commands. To simplify troubleshooting, we've also enhanced our debug logs, making them easier to interpret. In the event of an error, a unique Interaction ID will be displayed in the main CLI output, facilitating faster issue tracking and more efficient communication with our support team.

Container enhancements

We're empowering you with more control over container scanning. The Snyk CLI now supports scans for Kaniko generated images, and you can optimize scan times by excluding node_modules directories within Node.js containers.

Open Source enhancements

We've made significant improvements to open source analysis. snyk test --scan-all-unmanaged now identifies all possible package identities based on SHA1 hashes for JAR, WAR, and AAR files, providing more comprehensive coverage.

Release notes can be found here.

If you have any questions, feel free to reach out to the Snyk support team.

We encourage everyone to upgrade to the latest version!

Starting March 25, 2025, Snyk Code will enhance JavaScript, TypeScript, Java & Ruby analysis, improving detection accuracy.

• JavaScript/TypeScript: Better handling of method calls within lambdas.

• Java: Correct modeling of implicit toString() calls in string concatenation.

• Ruby: Improve analysis accuracy for object oriented Ruby code, including ERB template use cases as found in Ruby on Rails apps.

These improvements will roll out as part of Snyk Code’s GA support for these languages and may lead to changes in findings.

From March 18th 2025, Snyk's improved Gradle scanner (available in Snyk Preview) will support Spring Boot plugin BOMs.

Existing users of the new scanner should see the improved results in the next re-scan of their projects. Or, to start using the new scanner, see the documentation.

What are Spring Boot plugin BOMs?

Here is an example of a plugin BOM in Gradle build file.

// build.gradle
plugins {
  id 'org.springframework.boot' version '3.3.1'
  id 'io.spring.dependency-management' version '1.1.4'
}
dependencies {
  implementation 'org.springframework.boot:spring-boot-starter-actuator'
  implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
  implementation 'org.springframework.boot:spring-boot-starter-security'
  implementation 'org.springframework.boot:spring-boot-starter-web'
}

Although the versions of all the dependencies in the dependencies block are omitted, Gradle revolves them to 3.3.1 because the plugins org.springframework.boot and io.spring.dependency-management implicitly introduces a BOM into the build that guides version resolution.

How will my scan results be improved?

For projects with these types of plugin BOM, the new scanner previously reported unknown versions for the relevant dependencies. It will now return the correct version as specified by the plugin.

In addition, it will include their transitive dependencies, resulting in fewer false negatives.

We are happy to update that new columns for Snyk Code Issues will become available in Snyk Reports and in the Snowflake Data Share!

The following columns and filters will be added in the main reports in both the Org and Group levels, as well as in Snowflake Data Share:

• File Path - trace all Snyk Code issues within a specific file.

• Code Region - identify the specific line and column numbers in the file where the issue was found.

• Commit ID - correlate the issue to the associated code version.

• Asset Finding ID - uniquely identify Snyk Code issues within a repository. The ID can help to dedupe issues that are found in several targets for the same repository.

The new column descriptions will be updated in the issue column dictionary and in Snowflake data share dictionary as part of the release.

This update will become available for enterprise customers on March, 19th.

For any further question, please contact your account team.