Product Updates

As a continued commitment to helping our customers ship secure code, Snyk provides images provided by Snyk Images build tool chain to make it easier for customers to integrate Snyk into their build pipelines and other automations.

Snyk has published an update to our Snyk Images policy, announced earlier this year. As part of this policy update, Snyk will no longer remove images from Docker Hub, in order to prevent customer pipelines and automations from failing due to a removed image.

Snyk continues to recommend that customers use the most current and secure images available.

We are pleased to announce the latest stable releases for:

• Visual Studio Code v2.20.0

• Jetbrains v2.11.0

• Eclipse v3.0.0

• Visual Studio v2.0.0

As part of these releases, we are happy to introduce the following enhancements:

• We’re closing the gap on our coverage and Delta findings is now available in all IDEs (Early Access)

• We are launching a new major version for our Visual Studio plugin that we have modernized substantially and comes with new features like: Auto-scanning capability, IaC support and Delta findings.

• We are launching a new major version for our Eclipse plugin that we have modernized substantially and comes with new features like Delta findings.

• During OAuth authentication, the IDEs will automatically detect the API URL to be used for authentication.

In addition to significant features, these releases contain multiple fixes that can be consulted in the changelog for each of our plugins.

For more details about the Snyk IDE plugins, please reference our documentation:

• Visual Studio Code

• Jetbrains

• Eclipse

• Visual Studio

We encourage everyone to upgrade to the newest versions!

We are pleased to announce the latest stable Snyk CLI release v1.1295.0.

We are introducing the following new features in this version. To learn more about bug fixes beyond what is highlighted below, please reference the release notes.

Automatic region configuration during OAuth

During OAuth authentication, the CLI will automatically detect the API URL to be used for authentication.

Support for verbose Gradle graphs

When generating SBOMs via CLI for Gradle graphs, we’re removing pre-pruning of dependencies.

You can learn more about Snyk CLI release channels in the user documentation.

We would like to notify on an improvement related to the issues' Mean Time To Resolve (MTTR) measurements within the manage tab inside Snyk Analytics.

With the current implementation, issue resolutions of under a day are not being counted correctly during MTTR measurements. The planned release will solve it and provide a more accurate MTTR results.

Once the improved logic is released you should expect seeing slightly higher MTTR measurements, which will reflect a more accurate measurement.

This improvement is planned to be released on January, 21st. Please reach out to your account team for any questions.

One of the inconveniences of using Snyk's regional environments (EU, AU, or US) was that you had to use dedicated region-specific login pages to access the Web UI, e.g., app.eu.snyk.io for the EU instance. We have streamlined this login experience so customers using SSO do not need to remember or bookmark these region-specific login URLs.

Enterprise users can now access any of the login pages, and if they log in with their company SSO, they will automatically be redirected to the corresponding regional instance. This also works for CLI and IDE logins that trigger the OAuth flow through the web UI (available in the latest version of the CLI and IDE clients).

Learn more about regional hosting and data residency features at Snyk.

We are happy to announce a list of enhancements that are now available in the SLA Management Report!

The report provides a comprehensive status about the remediation performance against SLA targets, allowing you to surface performance gaps and prioritize your attention where it is needed most.

As part of the new edition, you can find several enhancements:

• “At Risk” setting - define when to consider an issue as at risk for breaching the SLA according to your own preferences.

• New SLA filters - filter the reported scope according to the SLA status, Time until breach and the Issue age (the new filters are available in the filter picker under the SLA category).

• Review all the issue attributes - a column picker was added to the Breached and at risk open issues table, allowing to add any issue attribute and achieve a more granular prioritization.

• CSV export support - the report tables were added with a CSV export functionality allowing to proceed the analysis externally.

• Expose the full SLA status - the report is no longer filtered on the last 90 days by default. This guarantees a view of the full SLA status. To narrow down on recent issues, please use the introduced date filter.

To learn more about the SLA Management report, please visit our product documentation.

For any questions, please contact your account team.

We are thrilled to update that the asset and application attributes are now available in Snyk Reports!

Please find below the list of new columns and filters that were added:

• Asset context

  • Asset name (and ID)

  • Parent Asset name (and ID)

  • Asset class

  • Asset type

  • Asset tags

  • Repository freshness

• Application context (learn about related integrations here):

  • Asset Application

  • Asset Owner

  • Asset Category

  • Asset Catalog Name

  • Asset Lifecycle

These enhancements unlock a wide range of new use-cases, such as:

• Enhance data-driven prioritization based on the asset business criticality and repository freshness.

• Drill into remediation performance (such as backlog burn down rate and MTTR) within specific applications and code owners.

• Identify prevalent CVEs in business critical assets or strategic applications.

For any questions, please contact your account team.

As part of our ongoing commitment to improving and making Snyk Code findings more accurate and relevant, we're improving our Anti-Forgery Token Validation detection for C#, particularly in cases where .NET MVC is used.

This updates changes the logic to only be triggered in specific instances where .NET MVC usage is detected, a change from the previous "blacklist" approach.

Supported classes include: System.Web.Mvc.Controller, System.Web.Mvc.ControllerBase, Microsoft.AspNetCore.Mvc.Controller, Microsoft.AspNetCore.Mvc.ControllerBase.

This update will be released Wednesday, January 15th. Customers should see a decrease in False-Positive results pertaining to the rule mentioned above.

Please do not hesitate to reach out to your account team with any questions or inquiries!

We are happy to introduce the Assets dataset to Snowflake Data Share via Snyk Analytics!

The Assets dataset, includes various attributes of code repositories, container images and packages. In addition, the Asset ID column will be added to the Issues__v_1_0 table, allowing to correlate issues to their assets.

The new dataset unlocks new use-cases, such as:

• Build your own coverage metrics and asset-based visualizations in reports and dashboards.

• Review risk exposure within business-critical assets, code owners, and strategic applications.

• Improve prioritization by considering the repository freshness, asset class and application.

The new dataset will be available in the Snowflake data share starting January, 8th.

If you have a Snowflake account and want to discover what you can achieve with the Snowflake data share, visit our product documentation and contact your account team to learn more.

We are pleased to announce version 4.0.0 of the Snyk Artifactory Gatekeeper Plugin 🎉

This update adds support for more repository types, newer versions of Artifactory and some new options for handling vulnerable packages.

• Support for Artifactory version 7.84 and above.

• Support for Ruby Gems, Cocoapods, and NuGet repositories

• A new “continuous” mode - access to packages can be revoked if a new vulnerability is discovered for a previously allowed package.

For more details, see the documentation.