Product Updates

We are pleased to announce a bug fix for Snyk Open Source PHP support in the Snyk CLI.

With this update CLI support for PHP will be improved as follows:

• Today, Snyk CLI test and monitor commands may fail for users who only have composer.phar locally, and no global composer. With this bug fix, these scans will now succeed

How will my scan results change?

• CI/CD pipelines that were failing due to this error may now succeed after upgrading to the new CLI version

• New issues may be found when the projects are scanned successfully

What are the next steps?

The changes are available now in the preview channel of the CLI, and will be included in the stable channel on 14 May 2025.

We’re excited to announce that Project Context on Assets is now Generally Available! This feature brings powerful visibility and clarity into how your assets connect to underlying Snyk Projects and Organizations.

What’s New?

• Easily see which Projects and Orgs each asset belongs to

• View key scanning details like last scan time and surface (SCM or CLI)

• Filter assets by associated Snyk Orgs for faster, smarter asset management

With this change, AppSec teams can now better understand how, where, and when assets are being scanned – making it easier to act on security insights and streamline workflows.

Please see our user docs for more details, and contact your account team with any questions.

We’re excited to announce that Issue Summary Comments and High-Context Inline Comments are now Generally Available! 🎉

As of May 1, 2025, the features are enabled by default for all customers using PR Checks on supported SCMs, marking a major milestone in how Snyk brings security into the developer workflow.

What’s included:

• Issue Summary Comments for both successful and failed PR checks, covering Snyk Code and Open Source security & license findings.

• Inline Comments for Snyk Code issue findings, providing high-context feedback directly in the pull request.

This applies to repositories connected via:

• GitHub: GitHub OAuth, GitHub Enterprise (PAT), and GitHub Cloud App

• BitBucket: Bitbucket Cloud (PAT) and Bitbucket Cloud App

To adjust your preferences, head over to Integration Settings in the Snyk UI where you can toggle comments on or off at any time. This release is a big step forward in our mission to make security native to the developer experience. We’re excited to see how this helps your teams catch and fix issues faster, right within your SCM! 🚀

Refer to the user documentation for more details!

We're excited to share that the REST Issues API now includes code details and issue descriptions. This enhancement significantly improves prioritization workflows, risk assessment, and the remediation of security issues.

The following fields will be added:

1. Snyk Code details

• File Path - allows tracing all Snyk code issues within a specific file.

• Code Region - guides the users to the specific lines and columns where the issue was found.

• Commit ID - allow users to match between Snyk Code issues to their commit ID, so that they can tell which specific version of code has the issue.

• Key Asset - allows to identify Snyk Code issues with a unique ID per repository.

2. Description - provides users with a clearer understanding of the issue’s nature and aids in prioritization.

For more information, please refer to the API documentation.

Stay secure,

We are pleased to announce two Snyk Open Source bug fixes for Gradle support in the CLI.

With this update CLI support for Gradle will be improved as follows:

• Multiple packages with the same artifactId will be included in the dependency graph correctly.

• platform dependencies will no longer be included in the dependency graph. Platform dependencies are not regular dependencies of the project, and do not result in an artifact. Rather they control the versions of other dependencies, in a similar way to dependency management BOMs in Maven.

How will my scan results change?

Overall, this release should not lead to an increase in vulns or issues.

• artifactId change - we might find more paths in the dependency graph, but the packages and issues should remain the same.

• platform change - potentially fewer issues.

What are the next steps?

The changes are available now in the preview channel of the CLI, and will be included in the stable channel on 14 May 2025.

We are excited to announce that the asset enrichments of the Repository Visibility will be available on April 29th!

A new type of enrichment called Visibility had been added. This provides visibility information for assets of type repository (Public/Private/Internal), which will be introduced as a new column called "Visibility". The main highlights include:

• Allow prioritization/classification of repository assets based on their visibility (Public/Private/Internal).

• Allow enforcement of coverage controls based on the visibility of the repositories.

We are constantly working on providing additional asset context! If you have any repository context that you would like to enrich your assets or have any questions, contact the Snyk Support Team.

We are happy to announce the UI changes of the Snyk Essentials Integration page. While no functionalities have changed, the new UI design clearly indicates that a group-level SCM should be set up to fully leverage Snyk Essentials. Main highlights include:

• Help immediately understand that the critical Group-level SCM integration is not yet configured.

• Better user experience in the Integration Hub at the group-level.

• Smoother onboarding experience to Snyk Essentials through clear and actionable Call-to-Actions (CTAs).

This update will be rolled out on May 5th.

We’re thrilled to announce that Snyk API & Web has a brand new course called “Snyk API & Web - Using the web interface” available at Snyk Learn. 🎉

With this course, you can expect to learn how to configure targets and their settings, initiate scheduled scans, test APIs and web apps, manage findings, learn about asset discovery and take the most out of the reporting tools available.

With Snyk, you can narrow the gap between development, security, and operations by making security an intrinsic part of your development life cycle. Just head over to the course page or search for API & Web in our catalog to start learning today!

For any suggestions, questions or concerns, please reach out to the Snyk support team.

Customers using Snyk Reporting should notice changes to many of our charts and visualizations! Updates include charts that can be more easily downloaded and improvements to colors and data point indexes for easier analysis.

We’ve released hotfix v2.12.2 for our JetBrains IDE plugin.

This update solely ensures compatibility with the IntelliJ 2025.1 release. This hotfix addresses compatibility only; there are no other functional changes or enhancements, so your experience using the plugin will remain the same.

If you have any questions, feel free to reach out to the Snyk support team.

We encourage everyone to upgrade to the latest version!