Product Updates

Currently, Snyk can automatically create pull requests (PRs) on your behalf to upgrade your dependencies based on the relevant scan results. These can help you pay down your security vulnerability backlog, introduce fixes for newly discovered issues, or keep your dependencies up to date with new versions.

With our new "Snyk Generated Pull Requests" report now available in Early Access, you can visually track and measure the impact of these fix PRs. This report enables you to review how many Snyk Fix, Backlog, and Upgrade PRs were opened, merged, or closed across your repositories, and observe the overall mean time to merge. This report, available for all supported SCM integrations, can be filtered by organization, repository, project, or source and is refreshed every 90 minutes.

To view this report, simply navigate to the Reports section of your Group or Organization and choose “Snyk Generated Pull Requests” from the "Change Report" drop-down menu.

For more information, visit our reports documentation.

As part of our commitment to improving the pull request experience, we’ve introduced key enhancements to Inline Comments which boost developers' productivity by bringing detailed security findings directly into their PRs.

What’s new:

✅ Inline Comments are now capped at 10, prioritizing the most critical vulnerabilities by severity to prevent clutter and avoid SCM rate limits. If more than 10 findings exist, a note in the PR Summary Comment will notify you.

✅ Smarter vulnerability placement ensures that findings reported outside the PR diff are mapped to the nearest relevant changed line, keeping security issues visible even when the exact location isn’t commentable.

These updates streamline security reviews, reducing distractions while ensuring developers can quickly act on vulnerabilities within PRs.

PR Checks for Snyk Code are now Generally Available. Customers using Snyk Code to secure their applications can enable PR Checks to automatically scan their pull requests and provide a mechanism to gate those changes from being merged when new security vulnerabilities are discovered.

How do I enable PR Checks for Code?

Snyk Code PR Checks are available for all supported SCM integrations.

To turn them on for Snyk Code projects, navigate to the Pull Request Status Checks section under your organization’s integration settings and look for Code Analysis. From there, you can enable PR Checks and select your preferred failure condition (Low, Medium, or High severity issues).

You can then use PR Checks, along with your SCM’s configuration, to decide whether to prevent changes from being merged while the commit status check is in a failed state.