Product Updates

We're excited to share that new improvements to the DeepCode AI Fix experience are now available across all Snyk-supported IDE plugins! Since launching the general availability of DeepCode AI Fix in the IDE last November, we’ve been continuously enhancing the experience to help developers fix Code issues more seamlessly.

What’s New?

• Expanded IDE support: DeepCode AI Fix is now available on Eclipse and Visual Studio, in addition to existing IDEs.

• Prevent repetitive fixes: Once a fix is applied, it can no longer be applied repeatedly, preventing redundant changes.

• Improved messaging: Clearer notifications when AI Fix cannot generate a quality fix.

• Quick feedback option: Developers can now provide thumbs up/down feedback immediately after applying a fix, helping us further enhance the experience.

How to Access

If you have Snyk Code and DeepCode AI Fix enabled, simply upgrade to the latest IDE version to start using the new enhancements.

Starting April 3, 2025, Snyk Code will enhance gRPC support across multiple languages, improving vulnerability detection in Python, Java, PHP, Ruby, Go, C++, JavaScript, Kotlin, and C#.

With this update, gRPC data sources are now included in taint flow analysis, helping teams uncover more security issues in gRPC-based applications.

These improvements will roll out as part of Snyk Code's GA support for these languages and may lead to changes in findings.

We are pleased to announce the latest stable Snyk CLI release v1.1296.0

Important reminder: Snyk's primary distribution channel for CLI is downloads.snyk.io rather than static.snyk.io. Please ensure you whitelist this domain to ensure seamless updates with npm, Homebrew, Scoop, and CI/CD integrations.

We are introducing the following new features in this version. To learn more about bug fixes beyond what is highlighted below, please reference the release notes.

Error handling enhancements

We've made significant improvements to our error handling for Snyk scans. You'll now see consistent error code formatting for exit codes 2 and 3 across all scan commands. To simplify troubleshooting, we've also enhanced our debug logs, making them easier to interpret. In the event of an error, a unique Interaction ID will be displayed in the main CLI output, facilitating faster issue tracking and more efficient communication with our support team.

Container enhancements

We're empowering you with more control over container scanning. The Snyk CLI now supports scans for Kaniko generated images, and you can optimize scan times by excluding node_modules directories within Node.js containers.

Open Source enhancements

We've made significant improvements to open source analysis. snyk test --scan-all-unmanaged now identifies all possible package identities based on SHA1 hashes for JAR, WAR, and AAR files, providing more comprehensive coverage.

Release notes can be found here.

If you have any questions, feel free to reach out to the Snyk support team.

We encourage everyone to upgrade to the latest version!

Starting March 25, 2025, Snyk Code will enhance JavaScript, TypeScript, Java & Ruby analysis, improving detection accuracy.

• JavaScript/TypeScript: Better handling of method calls within lambdas.

• Java: Correct modeling of implicit toString() calls in string concatenation.

• Ruby: Improve analysis accuracy for object oriented Ruby code, including ERB template use cases as found in Ruby on Rails apps.

These improvements will roll out as part of Snyk Code’s GA support for these languages and may lead to changes in findings.

From March 18th 2025, Snyk's improved Gradle scanner (available in Snyk Preview) will support Spring Boot plugin BOMs.

Existing users of the new scanner should see the improved results in the next re-scan of their projects. Or, to start using the new scanner, see the documentation.

What are Spring Boot plugin BOMs?

Here is an example of a plugin BOM in Gradle build file.

// build.gradle
plugins {
  id 'org.springframework.boot' version '3.3.1'
  id 'io.spring.dependency-management' version '1.1.4'
}
dependencies {
  implementation 'org.springframework.boot:spring-boot-starter-actuator'
  implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
  implementation 'org.springframework.boot:spring-boot-starter-security'
  implementation 'org.springframework.boot:spring-boot-starter-web'
}

Although the versions of all the dependencies in the dependencies block are omitted, Gradle revolves them to 3.3.1 because the plugins org.springframework.boot and io.spring.dependency-management implicitly introduces a BOM into the build that guides version resolution.

How will my scan results be improved?

For projects with these types of plugin BOM, the new scanner previously reported unknown versions for the relevant dependencies. It will now return the correct version as specified by the plugin.

In addition, it will include their transitive dependencies, resulting in fewer false negatives.

We are happy to update that new columns for Snyk Code Issues will become available in Snyk Reports and in the Snowflake Data Share!

The following columns and filters will be added in the main reports in both the Org and Group levels, as well as in Snowflake Data Share:

• File Path - trace all Snyk Code issues within a specific file.

• Code Region - identify the specific line and column numbers in the file where the issue was found.

• Commit ID - correlate the issue to the associated code version.

• Asset Finding ID - uniquely identify Snyk Code issues within a repository. The ID can help to dedupe issues that are found in several targets for the same repository.

The new column descriptions will be updated in the issue column dictionary and in Snowflake data share dictionary as part of the release.

This update will become available for enterprise customers on March, 19th.

For any further question, please contact your account team.

We're excited to announce a significant improvement to our platform's open source vulnerability management capabilities. Starting March 17th, we'll begin a progressive rollout of a new feature that simplifies how you view and address vulnerabilities: the ability to group issues by library. This enhancement directly addresses the challenge of navigating overwhelming lists of individual vulnerabilities, providing a clearer and more insightful view of your project's security landscape.

By selecting the "Group by Library" option on your Open Source project's vulnerability dashboard, you'll instantly see vulnerabilities organized by the specific library responsible. This allows you to quickly understand the impact of a single library upgrade, visualizing how many vulnerabilities it will resolve. This enhanced visibility empowers you to make informed decisions and prioritize fixes effectively.

Additionally, the final Fix PR creation page will also reflect this grouped view, ensuring a consistent and streamlined experience throughout your workflow.

This feature is designed to provide a more intuitive and efficient way to manage open source vulnerabilities, enabling you to focus on the libraries that matter most.

We're confident that grouping by library will significantly improve your ability to understand and address security concerns, leading to more secure and well-maintained open source projects!

We’re excited to announce the General Availability of the GitHub Server App!

The app is designed specifically for organizations using self-hosted or private cloud deployments of GitHub Enterprise Server, offering a secure and simplified integration with Snyk as an alternative to the existing integration with personal access tokens (PATs).

With features like Role-Based Access Control (RBAC) and granular repository-level permissions, you can manage access efficiently, ensuring your users only see the data they need. These benefits not only simplify policy management but also align with modern security practices, eliminating the need for managing individual accounts. The app is compatible with the newly introduced Universal Broker. You can access the app directly through the integration page—check out the user docs for more details! 🚀

We are pleased to announce upcoming support for Poetry 2 in Snyk Open Source.

Poetry 2.0.0 was released on Jan 5th, with a number of functional improvements including support for the standard PEP 621 format for declaring dependencies in the pyproject.toml manifest file.

From March 26th, Poetry 2 will be supported in both the Snyk CLI and SCM integrations, with the same features as for Poetry 1.

After this update, to see results for Poetry 2 projects you should take the following actions:

• SCM: Re-import any git repositories containing Poetry 2 projects

• CLI: Upgrade to the new CLI version and run snyk test or snyk monitor as usual.

Customers using the --all-projects CLI param in their CI/CD pipelines may see new findings when Poetry 2 projects are detected as a result of this enhancement.

🔄 More Reliable License Data, Fewer Surprises

We’re rolling out an upgrade to our license data acquisition system for Maven and NPM, bringing fresher, more accurate data and better control over license overrides when needed.

What’s Changing?

✅ More accurate & fresher license data

✅ Previously undetected licenses may now appear, enabling greater compliance

Why It Matters?

This update enhances data reliability and streamlines license overrides, making it easier to manage license compliance with confidence.

📅 Rolling out March 19th! Most customers won't notice this change, but in some cases you may see an increase in High or Critical License Issues depending on your configured License Policies.