Product Updates

Snyk Open Source Fix PRs are a key feature for helping Developers stay on top of vulnerabilities in their dependencies.

However, Fix PRs in projects using the Early Access improved .NET scanning feature could sometimes upgrade the wrong dependencies.

This bug fix will ensure that the correct dependencies are upgraded.

When is this coming?

• This fix will be gradually rolled out.

• Rollout begins on April 15th, and should finish by May 2nd.

• During the rollout customers using Early Access .NET scanning should expect to see fewer incorrect .NET Fix PRs being raised, with the problem eliminated entirely by the end date.

We are excited to announce upcoming improvements to Snyk Open Source Fix PRs to help you manage the overall risk posture of your applications.

Fix PRs are a key tool for helping Developers stay on top of new vulnerabilities in their dependencies. However, by upgrading a dependency our PRs might sometimes introduce new vulnerabilities that increase the overall risk posture of the project.

Snyk will now only raise a PR for a vulnerability if the change does not introduce additional vulnerabilities with higher severity than the one being fixed.

Users should expect to see on average a 10% reduction in Fix PRs as a result.

When is this coming?

Gradual rollout of these changes will begin on April 3rd, and finish by April 10th.

During the rollout, an increasing percentage of Fix PRs for all users will have the new risk aware checks applied.

No action is required to benefit from these improvements.

AppSec teams export Snyk datasets for various purposes, including:

• Build their own analytics and dashboards.

• Following company policies that requires specific customization

• Sharing data with external audience, such as the leadership team or security auditors.

The Export API enables cyclic data export of Snyk datasets into CSV files. Designed for efficiency and security, the API supports exporting large datasets in an organized, scalable manner, making it ideal for reporting and analytics workflows.

To learn more about the Export API, and how to get started right away, visit the API documentation.

For any question, please contact your account team.

We are thrilled to announce two new Snyk Reports in Early Access, that are available for the enterprise plan customers!

Repositories Tested in CI/CD Report:

AppSec teams need visibility on the Snyk tests that are executed during CI/CD pipelines and answer questions like:

• What portion of repos are being tested (against repos that had commits)?

• Are we adopting the practice of testing code in CI/CD pipelines as a company? and where are the gaps?

• What is the test success rate is it going up over time?

The new Repositories Tested in CI/CD Report answer all of those questions and more.

To learn more please visit the report documentation.

PCI-DSS v4.0.1 Report:

AppSec teams are tasked with ensuring a successful PCI-DSS audit, to prepare for the audit they need to:

• Estimate compliance readiness and share status with relevant stakeholders.

• Identify and mitigate compliance violations and gaps as early as possible.

• Provide evidence that the organization is meeting the PCI-DSS requirements.

The new PCI-DSS v4.0.1 Report is aimed to assist AppSec teams to tackle this challenge!

To learn more please visit the report documentation. For any question, please contact your account team.

We are announcing the Early Access release of PR Issue Summary Comment and SAST High-Context Inline Comments as part of our ongoing efforts to enhance the pull request experience. These features bring critical security insights directly into your PRs, reducing context switching and streamlining vulnerability remediation.

• PR Issue Summary Comment - With this feature, developers using Snyk PR Checks will receive a comment with a summary count of security, license, and code checks directly within their pull requests, categorized by severity (Critical, High, Medium, Low). This empowers developers to identify and address issues early, with detailed links provided for deeper investigation.

• High-Context Inline Comments display each SAST security finding alongside key information such as CWE (Common Weakness Enumeration) and priority score and a Snyk Learn link for further guidance—helping developers remediate issues faster without leaving their SCM. 🚀

This is part of a series of enhancements designed to improve your developers’ pull request experience with Snyk, and we remain committed to further improving it. If you’re interested in enabling this feature for your organization, you can self-opt in via the Pull Request Experience section in the SCM integration settings. Check out the user docs for more details. Try it out and connect with your account team to participate in feedback sessions to shape the future of your Snyk’s workflows.

To improve consistency within the Snyk app, we've moved the Broker client commit signing toggle from Snyk Preview to the Broker Settings page. The client commit signing to gives you the ability to enable access to commit signing using Broker clients.

This change centralizes related settings, making it easier for you to manage your commit signing preferences and ensuring a more predictable and unified experience.

We've released a hotfix for our Visual Studio extension (v2.1.1) to enhance clarity in multi-project setups.

Specifically, we've addressed the following:

• Enhanced Project Identification: The OSS file tree nodes now include the relative path to the project.assets.json file in addition to the project folder path. This change aims to provide a more intuitive and informative experience when working with multi-project workspaces.

If you have any questions, feel free to reach out to the Snyk support team.

We encourage everyone to upgrade to the latest version!

We've released version 2.12.1 of our IntelliJ plugin in order to address some API incompatibilities in order to ensure seamless support for the upcoming JetBrains 2025.1 release.

No changes are introduced from v2.12.0, previously announced here yesterday.

We recommend upgrading to v2.12.1 through the IntelliJ plugin marketplace for optimal compatibility!

If you have any questions, feel free to reach out to the Snyk support team!

We are pleased to announce the latest stable releases for:

• Visual Studio Code v2.21.0

• Jetbrains v2.12.0

• Eclipse v3.1.0

• Visual Studio v2.1.0

We're excited to announce significant updates designed to streamline your development workflow:

• We're pleased to announce the release of AI Fix in all IDEs, coming with more stability and enhanced fixes. Read more about AI Fix here.

• Stay focused on prevent with the General Availability of Delta Findings! We've simplified issue management with a new summary view and refined the user experience for seamless navigation. Learn more about the enhanced Delta Findings.

In addition to significant features, these releases contain multiple fixes that can be consulted in the changelog for each of our plugins.

For more details about the Snyk IDE plugins, please reference our documentation:

• Visual Studio Code

• Jetbrains

• Eclipse

• Visual Studio

  If you have any questions, feel free to reach out to the Snyk support team.

We'll soon update our learning page with new videos to give you a sense on how to use our IDEs!

We encourage everyone to upgrade to the newest versions!

Starting March 14th, our updated Snyk IDE plugins will feature the General Availability of Delta Findings, revolutionizing how you tackle code issues. Now, you'll see only the new issues introduced in your current branch, eliminating noise and allowing you to concentrate on your recent changes.

This targeted approach empowers you to prevent issues early, streamline your CI/CD pipeline, and accelerate delivery.

We've also enhanced the experience with a new Summary section for seamless navigation between "All" and "New" issues views. Plus, we've added reference folder comparison, enabling you to compare your work with other branches or folders—perfect for non-Git projects.

Supported Products: Snyk Code, Open Source, and IaC.

For more details about the Snyk IDE plugins, please reference our documentation:

• Visual Studio Code

• Jetbrains

• Eclipse

• Visual Studio

If you have any questions, feel free to reach out to the Snyk support team.