Product Updates

Snyk Code now enhances security scan coverage by automatically identifying which implementation belongs to an interface in Java.

This update improves vulnerability detection, especially for Dependency Injection (DI) frameworks and common design patterns that rely on interfaces.

Customers using these patterns may see an increase in detected vulnerabilities.

What’s New?

• Resolves an interface to its first and only detected implementation class.

• Improves scan accuracy for DI-heavy frameworks and reusable design patterns.

• Shipped as part of our ongoing improvements—already available!

Snyk Learn has released an updated reporting interface that is now generally available for all Snyk Enterprise plan customers. This update offers enhanced visibility into developer security training progress for your Snyk Organizations. By default, Snyk Learn Reports are available to Org/Group Admin roles in Snyk.

What’s New?

• Improved Performance: Large download requests are now processed asynchronously, significantly boosting performance for large Snyk Organizations.

• Detailed Reports: Get an overview of learner progress across the Learn catalog, plus user-specific progress reports.

• Custom Role Support: Control who can see Snyk Learn reports for different Snyk Organizations via Custom Role permissions.

• API Access: Learner progress data is available via the Learn API (beta), part of the standard Snyk REST API.

Important Changes: As previously communicated in the Snyk Learn app (from August 2024), Free and Team plans no longer have access to Snyk Learn reporting.

We’re excited to announce that Snyk Code will support Rust and Groovy in early access, with the rollout starting on March 3. Customers will be able to enable Rust and Groovy support inside Snyk Preview to scan their source code for security issues.

For Rust, Snyk Code will detect security vulnerabilities in backend web applications, covering issues in common frameworks, HTTP handling, async runtimes, and database interactions.

For Groovy, Snyk Code will identify security risks in backend web applications, including those using standard libraries and major web frameworks.

Public documentation at docs.snyk.io will be updated by the launch date.

Asset context has been proven to be well adopted and useful to make better prioritization decisions across the platform. With that, we will be removing some of the hard-coded system tags so that users can control directly through an asset policy how and under what conditions those tags apply.

The system tags that will be removed are all based on the repo name and can be created with an asset policy as demonstrated in the tagging policy use case.

The system tags that will be removed are: payment, infrastructure, ecommerce, scanned artifact: packages, scanned artifact: repositories, upload, demo, billing, account, attachment.

In addition, we're introducing in the UI the 'type' of each asset tag - this information will be available through the Inventory view and also when inspecting a specific asset.

This update rolls out on February 26, 2025.

Snyk Code is improving its Jakarta EE and Java EE coverage to enhance vulnerability detection in enterprise Java applications. This update expands support for key frameworks, increasing accuracy and improving security insights.

What’s New?

• Additional Data Sources: Now includes JMS messaging, WebSocket, and Mail as sources of user-controlled data.

• Broader Sink & Sanitizer Coverage: Expanded detection across Jakarta EE components.

• ConstraintValidator Support: Recognizes sanitizers defined via ConstraintValidator annotations within the same repository.

This update will be available as part of our Java language support on March 1, 2025.

Snyk Code will soon provide a more focused dataflow view for taint vulnerability reports. By removing unnecessary steps, this update makes it easier to trace relevant flows, improving clarity and speeding up issue reviews.

The update rolls out on February 19.

We are excited to announce improvements to the Snyk Container base image recommendation algorithm.

Previously we would sometime recommend upgrades to alpha and beta images, this particularly affected Python base images.

This has now been fixed and we no longer recommend updating to these types of image.

PR Checks for Snyk Code are now Generally Available. Customers using Snyk Code to secure their applications can enable PR Checks to automatically scan their pull requests and provide a mechanism to gate those changes from being merged when new security vulnerabilities are discovered.

How do I enable PR Checks for Code?

Snyk Code PR Checks are available for all supported SCM integrations.

To turn them on for Snyk Code projects, navigate to the Pull Request Status Checks section under your organization’s integration settings and look for Code Analysis. From there, you can enable PR Checks and select your preferred failure condition (Low, Medium, or High severity issues).

You can then use PR Checks, along with your SCM’s configuration, to decide whether to prevent changes from being merged while the commit status check is in a failed state.

We’ve released a CLI hotfix (v1.1295.3) to enhance the following use cases:

• Improved memory usage when executing code scans on large projects

• Fix incorrect filtering of files when executing code scans which could fail the analysis

• Fix unexpected logouts that were reported when using OAuth2 authentication

Release notes can be found here.

If you have any questions, feel free to reach out to the Snyk support team.

We encourage everyone to upgrade to the latest version!

We have released Broker version 4.205.1. In this version, all ACCEPT rule flags will be enabled by default. This update reduces the need for user configuration, resulting in an enhanced Broker experience.

In the case that you do not want a specific ACCEPT rule flag enabled, customers can easily opt-out of the default ACCEPT all behavior by adding ACCEPT_<FLAGNAME>=false to your Broker client configuration.

As best practice, we recommend using the latest version and regularly updating the Broker, preferably through automation.

Please contact support with any questions.