Product Updates

Snyk Learn has released an updated reporting interface that is now generally available for all Snyk Enterprise plan customers. This update offers enhanced visibility into developer security training progress for your Snyk Organizations. By default, Snyk Learn Reports are available to Org/Group Admin roles in Snyk.

What’s New?

• Improved Performance: Large download requests are now processed asynchronously, significantly boosting performance for large Snyk Organizations.

• Detailed Reports: Get an overview of learner progress across the Learn catalog, plus user-specific progress reports.

• Custom Role Support: Control who can see Snyk Learn reports for different Snyk Organizations via Custom Role permissions.

• API Access: Learner progress data is available via the Learn API (beta), part of the standard Snyk REST API.

Important Changes: As previously communicated in the Snyk Learn app (from August 2024), Free and Team plans no longer have access to Snyk Learn reporting.

We’re thrilled to announce the next step in our journey to improve security insights and prioritization—building on our previous update introducing CVSS 4.0. This enhancement adds support for CVSS 4.0 and Exploit Maturity (Threat Metrics) fields in the REST Issues API, delivering even more robust tools for vulnerability management.

The new default evaluation using CVSS v4.0 will improve the prioritization workflow and risk assessment, enabling you to focus on the most emerging threats.

In addition to CVSS 3.1 scores, you’ll now see CVSS 4.0 scores and exploit maturity fields when interacting with the REST Issues API.

Customers using data.effective_severity_level in their automations can now also use data.severities[].level for either CVSS 3.1 or CVSS 4.0 (based on data.severities[].version). Plus, gain access to all vector data and exploit details for each vulnerability for more granular automation and analysis.

For more information about CVSS v4.0's specifications, please refer to the blog post: What’s new in CVSS 4.0.

Stay secure,

In July, we kicked off the first official cadence of Snyk’s API end-of-life and set out to end-of-life the following endpoints:

• The experimental “Get all issues by Org and Group” REST endpoints (Experimental versions from 2023-03-10 inclusive up to 2023-09-29 exclusive)

• The v1 Get Group and Org level audit logs endpoints

We’re pleased to say that we have successfully end-of-life’d the experimental endpoint (and its respective version), and the v1 audit logs endpoints will be end-of-life’d on January 22nd.

For the next scheduled end-of-life cycle that is due to start on January 23rd 2025, there will be no endpoints slated for end-of-life. The next batch of APIs will be announced in June 2025.

However, we have just released a page in the user docs which is dedicated to v1, non-GA REST endpoints, and old GA REST endpoints that have GA REST equivalents that can be migrated to, and a migration guide to go with them.

The endpoints found in this page are candidates for future end-of-lifes but does not mean that they are included in an existing cadence or are guaranteed to be part of the next cadence. The purpose of this section is to enable you to be proactive and start migrating endpoints that align with our end-of-life process, ahead of an end-of-life announcement.

Following the release of the Targets API beta, we were given feedback that users had some issues with the naming conventions, would like to see the prefix updated to be consistent with standards used in other endpoints, and we were also given feedback that we’re missing various fields and filters which were supported in other versions of the API (including via the projects API).

With that, we're proud to announce that we've taken that feedback on board, addressed the points, and have released the GA version of the Targets API!

With the GA release of any API in Snyk, the GA release of this endpoint (which is a huge improvement on the beta) means the beta version is automatically deprecated, and users are highly recommended to upgrade to the GA version as soon as possible.

We are not removing the beta endpoint yet, and you can still continue using it.

However, after 90 days, we can remove the API endpoint. We will communicate regularly that the GA endpoint is available to upgrade to, and that we will remove the endpoint as we approach the time.

When we remove the beta API, you will be greeted by an http 404 error, and the simple fix is to upgrade to the latest version.

We are excited to announce the General Availability of the Unified Issues API, which unifies all Snyk issues (SCA, SAST, IaC+) across projects or orgs into one API call. The Unified Issues API approach offers several key benefits:

• Simplifies the user experience with one paginated API call across all projects or orgs

• Saves time by eliminating the need to stitch data across API calls and offering a consistent schema to parse responses with

• Highlights our commitment to building Snyk as a holistic security platform for our customers

The General Availability delivers:

• Uniform issue representation from Code to IaC+, with improved data quality and increased reliability

• Detailed representations for Open Source packages and fix information

• Improved pagination and response management, simplifying the API interaction

• New filters for tailored API responses, catering to specific querying needs

Please check out the API docs for listing all issues by group, and by org.

Note: the experimental versions of this endpoint will be deprecated in 30 days, while the beta version will be deprecated in 90 days. If you have any concerns with the deprecation timelines for experimental or beta endpoints of this API, please contact your account representative.