Product Updates

We are announcing the anticipated deprecation of Code-Agent. The official deprecation of Code-Agent will be on 20 Dec 2024. Code-Agent was used to enable access from Synk to customer’s locally hosted SCM. Now, the preferred method for running Code analysis is using Snyk Broker through Brokered Code (Git Cloning through Broker).

This can be enabled through the UI; the Snyk Broker toggle in the organization and/or group Broker settings page allows customers to enable Git Cloning through Broker for Snyk Code. Now, existing organizations and groups have the ability for self service and enable this capability at the time of their choosing (new organizations and groups are automatically enabled with this). Turning on this feature effectively disables Code Agent.

If you are still using Code-Agent, you have been emailed and/or reached out to by your support team; please check your email or work with the support team if you run into any issues switching off of Code-Agent.

We’re excited to announce that Reachability for Python is now available in Early Access! 🐍 🎉

This new capability provides an essential signal for assessing risk in your pip, Poetry, and Pipenv projects within Snyk.

Snyk Reachability analyzes your source code using Snyk's DeepCode AI Engine to determine whether a path exists to a vulnerable code element. This insight helps you gauge the likelihood of exploitation, enabling you to make more informed decisions about addressing vulnerabilities.

Whether used independently or as part of a comprehensive risk-based prioritization strategy with Risk Score, Reachability helps you focus on the vulnerabilities that matter most.

Reachability data is seamlessly integrated across multiple Snyk’s product surfaces: Projects, Risk Score, Reporting, and API, and is available for all supported source code management (SCM) integrations.

To enable this feature, see Snyk Preview and start gaining deeper insights into your Python projects.

Over the following weeks, we will roll out an updated navigation menu for all Enterprise customers in the Snyk web app. Besides browsing Organizations and Groups, the left-side navigation menu will now include the Tenant that brings together all the Snyk entities of the customer:

View image description

The Tenant entry in the hierarchical nav menu will not give visibility into everything inside the Tenant. Customers will continue to see only the Groups and Organizations they’re a member of. The new Tenant-level nav menu will include:

• A new “Members” page for managing all the Tenant users and assigning Tenant-level admin rights.

• Access to Snyk Analytics for Analytics Early Access customers.

More details will follow in the upcoming week when the rollout will begin.

We are announcing the Early access release of High-Context Inline Comments as part of our ongoing initiatives to enhance the pull request experience. This feature brings detailed security findings directly into your PRs, streamlining the process of identifying and fixing vulnerabilities without leaving your SCM.

With High-Context Inline Comments, you’ll see each SAST security finding alongside key information such as CWE (Common Weakness Enumeration) and priority score which makes it easier to act on vulnerabilities quickly, reducing the need for developers to switch between platforms and improving your team’s workflow. You can also access relevant Snyk Learn lessons, and see an embedded data flow to introspect on your findings.

If you’re interested in enabling this feature for your organization, you can now directly enable it from integration settings for the supported SCMs.

Inline comments are available in Early Access for the following SCM integrations:

• GitHub: GitHub OAuth, GitHub Enterprise (PAT), and GitHub Cloud App

• Bitbucket: Bitbucket Cloud (PAT), Bitbucket Cloud App

Please refer to our user documentation for more details and start streamlining your workflows today!

We’re excited to announce the General Availability of the GitHub Cloud App! This milestone follows extensive improvements, including a comprehensive threat modeling exercise and the mitigation of identified risks. 🎉

The GitHub Cloud App represents a significant advancement from our existing GitHub integrations, introducing key features like role-based, granular access control and increased API rate limits. These enhancements provide a more secure and scalable way to integrate with GitHub, laying a strong foundation for a richer developer experience in the future. Unlike PAT and OAuth-based integrations, the GitHub Cloud App uses short-lived tokens for authentication, eliminating the need to manually handle or store sensitive personal access tokens. This not only simplifies setup but also significantly reduces security risks, offering a modern and more efficient alternative aligned with GitHub’s best practices. 🚀

Please refer to our user documentation and Snyk Learn for more details.

Support for Snyk’s Docker Desktop integration will officially end on June 20th, 2025. After this date the extension will no longer receive updates or technical support. From now until the end-of-support date, updates will only address known high severity security vulnerabilities.

To avoid disruption, we encourage all our customers and users who rely on this integration to transition to scanning their container images via our Command Line Interface (CLI) tool. The CLI offers enhanced functionality, greater flexibility, and improved performance compared to the Docker Desktop extension.

Our documentation provides a comprehensive guide on how to get started, and our support team is here to assist with any questions or challenges you might face during the transition

We are confident that the CLI will provide you with a superior experience, and we look forward to continuing to serve your needs with our robust set of tools.

Please reach out to support with any questions.

Dear customers,

We want to inform you of upcoming changes which may impact your development workflows.

Starting June 24, 2025, Snyk will implement an official 12-month Support Policy for our IDE, Language Server, and CLI versions. Additionally, we are announcing the deprecation of certain IDE features, detailed herein: Code Quality Findings in Snyk Code (both WebUI and IDE Plugins), Javascript CDN Library Detection in HTML Files, and Container Image Detection in Kubernetes YAML Files.

12-month Support Policy

Establishing an official 12-month Support Policy for IDE, Language Service, and CLI will enable us to provide a more consistent experience throughout the feature lifecycle, enabling customers to adopt new innovative features sooner and providing more clarity to customers about what they can expect in terms of supportability.

What this means: Each version of our IDE plugins, CLI, and Language Server will be supported for 12 months from its release date. Clear support timelines allow you to plan upgrades confidently, reducing unexpected disruptions.

To continue receiving support and access to the latest features, please upgrade your IDE plugin, Language Server, and CLI to a version released within the last 12 months by June 24, 2025. We encourage you to schedule regular updates to stay within our support window.

For guidance on upgrading, please refer to our Documentation for IDE, Language Server, and CLI, respectively. If you need assistance, please contact our support team.

IDE plugin feature deprecations effective June 24, 2025

Snyk previously supported a basic set of code quality features that only appeared in the IDE experience and some experimental security features found only in singular IDE platforms. This functionality was used only by a small number of customers, and the feedback we received from most customers was that this feature set needed to be revised to meet their needs and obscured relevant findings. After careful consideration, we have decided that removing this functionality is the best outcome for all of our customers.

Deprecation of Code Quality Findings in Snyk Code (WebUI and IDE Plugins) Snyk Code Quality findings will no longer be provided in versions of the IDE plugins. Earlier plugin versions may still show the Code Quality findings section but the results will be empty. Affected integrations: Web UI, all Snyk IDE Plugins

Deprecation of JavaScript CDN Library Detecting in HTML Files This feature surfaced security vulnerabilities in JavaScript packages from well-known CDNs (Content Delivery Networks) within HTML files in your projects. Affected integrations: Visual Studio Code and Language Server

Deprecation of Container Image Detection in Kubernetes YAML Files This was an experimental feature available in the the Snyk JetBrains IDE that scans Kubernetes configuration files and searches for container images . Affected integrations: Snyk JetBrains IDE Integration

We value your partnership and are committed to supporting your success. If you have any questions or need assistance, we’re here to help.

Thank you for your continued support.

Best regards,

We're excited to announce a significant upgrade to the Eclipse IDE extension. This release focuses on the User Interface consistency with Snyk VSC and JetBrains extensions.

What’s new

• New custom Snyk panel with issues tree, filters, and suggestion details, similar to VSC and JetBrains IDEs.

• Delta findings

Eclipse 2024-03 (4.31) or newer is required.

Planned release on January 09.

We're excited to announce a significant upgrade to the Snyk Visual Studio IDE extension. This release aims to ensure feature parity and consistency with Snyk VSC and JetBrains extensions.

What’s new

• UI improvements and standardization

• Auto-scanning capability

• IaC support

• Delta findings

• Snyk Learn integration

Things you should know

• Prerequisites: Visual Studio 2022 (17.5+)

• A special preview version is live and available on the official MS marketplace

Planned release on January 09.

We are pleased to announce further improvements to scanning Gradle projects with Snyk Open Source.

Gradle projects often include secondary build files using the apply from syntax to manage dependencies, repositories, extra properties and other configuration.

From December 12th, Snyk's improved Gradle scanner (available in Snyk Preview) will support analyzing these kinds of additional build files.

The following forms will be supported.

• Groovy: apply from: "dependencies.gradle"

• Kotlin: apply(from = "dependencies.gradle.kts")

Note that any file names may be used, those above are just for example.

Existing users of the new scanner should see the improved results in the next re-scan of their projects. Or to start using the new scanner, see the documentation.