Product Updates

Experience greater flexibility in authenticating your scans with the new Signature capabilities for API targets. With Snyk API & Web, you can now configure signed requests using your own algorithms.

We added this feature to support complex authentication requirements that require signed requests. By providing a dedicated space to manage these signatures, we're making it easier for you to run automated security scans against protected API endpoints that verify message integrity and authenticity.

If you have the message signature feature enabled, you can now navigate to your API target settings to set up signing methods. This ensures your scans can successfully authenticate with APIs that require cryptographic signatures for every request.

To enable this feature, please contact the Sales team.

To learn more, visit How to configure Signed Requests for API Targets in our user documentation.

We added support for mutual TLS (mTLS) configuration for Web, OpenAPI, and Postman targets in Snyk API & Web. This allows you to extend your security testing to cover even your most strictly secured and authenticated endpoints.

We implemented this feature to support organizations that required higher levels of security or mutual trust between client and server. This allows our crawler and scanner to authenticate successfully with services that enforce strict mTLS requirements, ensuring comprehensive security coverage for your protected targets.

In the authentication tab for your Web and API targets, you will see a new CLIENT AUTHENTICATION CERTIFICATE module under your target Settings. You can use this to upload the necessary certificates for authentication. This change allows you to scan targets that were previously inaccessible due to mutual TLS requirements.

To enable this feature, please contact the Sales team.

To learn more, visit How To Configure Mutual TLS Authentication in our user documentation.

We’ve introduced an improved search and discovery experience on security.snyk.io, making it easier to explore open source packages, vulnerabilities, and security insights - all in one place.

Following the delivery of the improved package experience, this update introduces a refreshed homepage and unified search on security.snyk.io.

The updated experience features a cleaner interface, enhanced navigation, and expanded discovery options, providing a more seamless way to explore packages and vulnerabilities across security.snyk.io.

What’s new

• A redesigned homepage with clearer entry points into ecosystems, vulnerabilities, and package data.

• New unified search results for packages and vulnerabilities, offering faster and more intuitive discovery across supported ecosystems.

These updates deliver greater clarity and consistency in how security information is explored, supported by the same trusted data that powers security.snyk.io.

To explore the updated experience, visit security.snyk.io and try searching for any package or vulnerability.

Customize your dashboard with the new analytics experience. We’re launching the general availability of the redesigned Snyk Analytics experience. You now have access to a customizable tenant-level landing page featuring a widget inventory, allowing you to arrange widgets for a personalized dashboard. This update also includes Saved views, a centralized Report catalog for discovering reports, and enhanced drill-down capabilities for issues and assets.

We want to provide a more flexible way to visualize your security posture. These changes ensure you can surface the metrics most relevant to your organization and access critical data faster through a centralized view.

You can create a dashboard tailored to your specific monitoring needs by selecting widgets from the inventory. The new experience simplifies how you find pre-built reports and allows you to investigate specific security topics directly from your customized view.

To learn more, check out our Redesigned Analytics docs.

We have released a new CLI hotfix (v1.1301.2) to address a bug when using Snyk with agentic integrations such as Amazon Kiro:

• MCP: Ensure compliance with the model context protocol specification

Release notes can be found here.

If you have any questions, feel free to reach out to the Snyk Support team.

We are happy to announce that GitHub Cloud App Support for Snyk Essentials is now in Early Access.
Users with the GitHub Cloud App integration on the Snyk Organization level will now have full asset discoverability and enrichments in inventory.

This means users will no longer need to set up the GitHub Snyk Group level integration using a Personal Access Token. The GitHub Cloud App integration on the Snyk Organization level will discover, enrich, and test your repositories. Enrichments include:

• Repository visibility

• Developers

• Reposiotry freshness

• GitHub custom properties

• and more!

To enable the feature, go to the Group level settings page, click Snyk Preview, and enable the feature.

For more information, see the documentation.
If you have any questions, feel free to reach out to the Snyk Support team.

We've enhanced our Docker Hub integrations by adding GitHub App support. This update allows you to attach a Dockerfile to your Snyk Container images directly through your GitHub Cloud and GitHub Server App integrations.

Attaching a Dockerfile gives you more precise fix advice, including smarter base image recommendations for both major and minor upgrades, and a wider range of alternative upgrade paths. This new capability means Snyk gains deeper context about your image during scans, leading to more actionable and tailored recommendations.

No explicit action is required to enable this feature. To start, simply navigate to your Snyk Container image Project settings. There, you can use the Configure Dockerfile option to select the appropriate Dockerfile via your GitHub App integration.

To learn more, visit Detect Vulnerable Base Images from your Dockerfile.

We have been listening to your feedback regarding the upcoming improvements to Snyk Code analysis for the Java, Kotlin, and .NET ecosystems.

To ensure the best possible experience and minimize disruption during the busy end-of-year season, we have decided to reschedule this rollout. These updates, including support for the Netty framework and ASPX inline code expression blocks, will now go live on January 12.

Thank you for your feedback as we work to improve the accuracy of your scan results.

We’re releasing support for the Dart programming language in Snyk Code, now available in Snyk Preview. This update allows you to scan your Dart code, which is frequently used with the Flutter framework, for security vulnerabilities. We have added detection capabilities for a variety of issues, including insecure data handling, authentication flaws, and injection risks.

We added this language support to help you secure mobile and offline storage, ensure robust authentication flows, and harden network communications within your Dart applications. By expanding Snyk Code capabilities, we aim to provide better coverage for modern mobile development stacks and help you prevent critical risks like cleartext logging and SSL/TLS validation failures.

To start scanning Dart applications, you must enable the feature manually. Navigate to Settings > Snyk Preview and enable the Dart support option. Once enabled, we will include Dart files in any future tests and retests, identifying vulnerabilities such as SQL injection and path handling issues.

To learn more, visit Snyk Code language and framework support in our user documentation.

We have released a new version of Snyk’s JetBrains IDE plugin to address bugs and improve the overall user experience:

• Fixed a bug where Agent Fix would not apply edits for file paths containing spaces or special characters

This release can be found here.

If you have any questions, feel free to reach out to the Snyk Support team.