Product Updates

We’re thrilled to announce Probely is now Snyk API & Web, a next-generation Dynamic Application Security Testing (DAST) & API Security solution! 🎉

Snyk API & Web offers:

• 0.1% false positive rate, evidence-based reporting and detailed instructions on how to fix vulnerabilities, so you can focus on what really matters,

• ways of integrating with your preferred CI/CD tools, issue trackers, and messaging apps,

• customizable scanning configurations, scheduled scanning, partial scanning, scanning behind the login, and configuration of blackout scanning periods,

• ways of showcasing your compliance, by testing against a series of detailed requirement checklists,

• among many others.

Snyk API & Web's powerful security testing engine helps revolutionize the way APIs and web apps are tested, mapping companies’ ever-growing attack surface, automating the scanning of vulnerabilities, and providing quick and detailed fixes for them.

By integrating Snyk API & Web within the rest of Snyk’s portfolio, and leveraging AI capabilities, we thrive where others falter. And this is just the beginning; our ambitious roadmap is paving the way for much more to come!

If you wish to learn more about Snyk API & Web, please visit the Product page and Snyk API & Web course over Snyk Learn.

Once again, Snyk reinforces its commitment to help companies innovate securely and confidently at the accelerated pace the world requires.

For any suggestions, questions or concerns, please reach out to the Snyk support team.

We’ve released a hotfix for our Visual Studio Code IDE plugin (v2.21.1) to address the following issues:

• Improved handling of local certificates in environments configured with a network proxy. This resolves potential failures, such as when the IDE downloads required components.

• Routine enhancements: Incorporates routine enhancements for reliability.

Release notes can be found here.

If you have any questions, feel free to reach out to the Snyk support team.

We encourage everyone to upgrade to the latest version!

Probely's upcoming release (April 22nd) brings forth a new feature for Enterprise customers: Managed reports! 🎉

Managed reports (or Saved reports) allow you to generate PDF reports of findings from multiple targets at the same time, based on a specific search/filter criteria; e.g. you can generate a report of all High findings across all targets from your account or from a specific team!

With this release, all Enterprise accounts should be able to see the Reports button on the top right corner of the Findings page and perform 1 of 3 tasks:

• Generate a new report of the findings listed, taking into account the search and filters applied on the interface

• Save a report that will take into account the search and filters applied on the interface, and that can be automatically emailed based on a set recurrence, or manually downloaded when needed

• Manage previously saved reports, allowing for easier access to previous filters/searches or download of existing reports

For any suggestions, questions or concerns please reach out to the Snyk support team.

We are updating the default landing page after users log into Snyk to surface the most useful insights - easily.

💡 Users with access to group-level reporting and Snyk Essentials will land on the Inventory Overview tab. This includes all users that have the default roles of Group Admin or Group Viewer.

💡 Otherwise, users will land on the org-level Projects tab.

This update will be rolled out on May 29.

We’ve released a CLI hotfix (v1.1296.2) to enhance the following use cases and introduce new capabilities:

• Experimental Model Context Protocol (MCP) Integration: Enables integrating Snyk scans (Open Source & Code) into MCP-compatible tools using the new snyk mcp --experimental command. This allows the CLI to act as an MCP server for these integrations. Note: This feature is experimental and may evolve. You can read more about Snyk MCP here.

• Routine enhancements: Incorporates routine enhancements for security and reliability.

Release notes can be found here.

If you have any questions, feel free to reach out to the Snyk support team.

We encourage everyone to upgrade to the latest version!

We’re excited to announce that Reachability for C# is now available in Early Access! 🎉

With this release, you gain an essential signal for assessing risk & prioritizing vulnerabilities in NuGet dependencies across all of your .NET projects.

Reachability for Snyk Open Source works by analyzing your source code with Snyk's DeepCode AI Engine to determine whether a path to vulnerable code can be found, whether directly or transitively.

This insight helps you gauge the likelihood of exploitation and enables you to make more informed decisions about how to address vulnerabilities.

Whether used independently or as part of a comprehensive risk-based prioritization strategy with Risk Score, Reachability helps you focus on the vulnerabilities that matter most.

Visit Snyk Preview to enable this feature and start gaining deeper insights into your C# codebase today.

Snyk users without a configured Snyk Essentials Group-level integration will soon benefit from Automatic Repository Discovery, which provides visibility into the users' security coverage, out of the box. This feature helps users identify which repositories have been imported and are being tested in Snyk—and which have not. The discovered repositories will appear in the Snyk Essentials Inventory tab.

Automatic Repository Discovery will be available to users with GitHub Cloud App and GitHub Enterprise Organization-level integrations, including brokered setups.

We’ll begin rolling this out to all Enterprise plan customers starting May 5th, 2025. If you’d like early access, please reach out to your account team.

In 2025, Snyk Code will improve PR check performance for Java and C#, enabling faster scans.

As a preparation, this update restructures some rules, simplifying the result set while maintaining detection accuracy.

What’s New?

• Java CSRF/XSS Detection: Focuses on pom.xml and selected Java classes to better understand global application context.

• C# Config Lookup: Limits security configuration checks to key files like web.config and Startup.cs.

This update will roll out as part of our Java and C# language support on April 29, 2025.

Starting May 1, 2025, Snyk Code will support Java 21 across all integrations, enabling full project scanning and improved accuracy.

• Java 21: Support for new language features including record patterns and sealed classes.

• Analysis Engine: Enhanced program analysis to align with Java 21 syntax and semantics.

• Ruleset: Updated to cover security-relevant classes introduced in Java 21.

These updates will roll out as part of Snyk Code’s GA support for Java 21 and may result in changes to findings.

We’re thrilled to announce the integration of Snyk’s AI-powered security platform with Google Gemini Code Assist, a cutting-edge AI coding assistant.

This collaboration brings together Snyk’s trusted application security capabilities and Gemini’s advanced AI coding tools to revolutionize secure software development.

With this integration, developers can now:

• Seamlessly secure code within their IDE: Access Snyk’s powerful Snyk Code, Snyk Open Source, and Infrastructure as Code scanning directly through Gemini Code Assist.

• Leverage natural language prompts: Type @Snyk in Gemini to scan code, prioritize vulnerabilities, and even auto-remediate issues using Snyk’s DeepCode AI Fix—all without leaving your workflow.

• Streamline productivity without compromising security: No more switching between tools—security insights are now embedded directly into your coding environment.

Why It Matters

AI-generated code transforms development, but studies show that 40% of such code contains vulnerabilities. This integration ensures that security is embedded early in the development process, enabling teams to innovate confidently while mitigating risks.

This integration is part of our commitment to empowering developers and security teams with tools that make secure development effortless and efficient.

See more in our blog article.