Product Updates

We’re excited to announce the General Availability of the GitHub Cloud App! This milestone follows extensive improvements, including a comprehensive threat modeling exercise and the mitigation of identified risks. 🎉

The GitHub Cloud App represents a significant advancement from our existing GitHub integrations, introducing key features like role-based, granular access control and increased API rate limits. These enhancements provide a more secure and scalable way to integrate with GitHub, laying a strong foundation for a richer developer experience in the future. Unlike PAT and OAuth-based integrations, the GitHub Cloud App uses short-lived tokens for authentication, eliminating the need to manually handle or store sensitive personal access tokens. This not only simplifies setup but also significantly reduces security risks, offering a modern and more efficient alternative aligned with GitHub’s best practices. 🚀

Please refer to our user documentation and Snyk Learn for more details.

Support for Snyk’s Docker Desktop integration will officially end on June 20th, 2025. After this date the extension will no longer receive updates or technical support. From now until the end-of-support date, updates will only address known high severity security vulnerabilities.

To avoid disruption, we encourage all our customers and users who rely on this integration to transition to scanning their container images via our Command Line Interface (CLI) tool. The CLI offers enhanced functionality, greater flexibility, and improved performance compared to the Docker Desktop extension.

Our documentation provides a comprehensive guide on how to get started, and our support team is here to assist with any questions or challenges you might face during the transition

We are confident that the CLI will provide you with a superior experience, and we look forward to continuing to serve your needs with our robust set of tools.

Please reach out to support with any questions.

Dear customers,

We want to inform you of upcoming changes which may impact your development workflows.

Starting June 24, 2025, Snyk will implement an official 12-month Support Policy for our IDE, Language Server, and CLI versions. Additionally, we are announcing the deprecation of certain IDE features, detailed herein: Code Quality Findings in Snyk Code (both WebUI and IDE Plugins), Javascript CDN Library Detection in HTML Files, and Container Image Detection in Kubernetes YAML Files.

12-month Support Policy

Establishing an official 12-month Support Policy for IDE, Language Service, and CLI will enable us to provide a more consistent experience throughout the feature lifecycle, enabling customers to adopt new innovative features sooner and providing more clarity to customers about what they can expect in terms of supportability.

What this means: Each version of our IDE plugins, CLI, and Language Server will be supported for 12 months from its release date. Clear support timelines allow you to plan upgrades confidently, reducing unexpected disruptions.

To continue receiving support and access to the latest features, please upgrade your IDE plugin, Language Server, and CLI to a version released within the last 12 months by June 24, 2025. We encourage you to schedule regular updates to stay within our support window.

For guidance on upgrading, please refer to our Documentation for IDE, Language Server, and CLI, respectively. If you need assistance, please contact our support team.

IDE plugin feature deprecations effective June 24, 2025

Snyk previously supported a basic set of code quality features that only appeared in the IDE experience and some experimental security features found only in singular IDE platforms. This functionality was used only by a small number of customers, and the feedback we received from most customers was that this feature set needed to be revised to meet their needs and obscured relevant findings. After careful consideration, we have decided that removing this functionality is the best outcome for all of our customers.

Deprecation of Code Quality Findings in Snyk Code (WebUI and IDE Plugins) Snyk Code Quality findings will no longer be provided in versions of the IDE plugins. Earlier plugin versions may still show the Code Quality findings section but the results will be empty. Affected integrations: Web UI, all Snyk IDE Plugins

Deprecation of JavaScript CDN Library Detecting in HTML Files This feature surfaced security vulnerabilities in JavaScript packages from well-known CDNs (Content Delivery Networks) within HTML files in your projects. Affected integrations: Visual Studio Code and Language Server

Deprecation of Container Image Detection in Kubernetes YAML Files This was an experimental feature available in the the Snyk JetBrains IDE that scans Kubernetes configuration files and searches for container images . Affected integrations: Snyk JetBrains IDE Integration

We value your partnership and are committed to supporting your success. If you have any questions or need assistance, we’re here to help.

Thank you for your continued support.

Best regards,

We're excited to announce a significant upgrade to the Eclipse IDE extension. This release focuses on the User Interface consistency with Snyk VSC and JetBrains extensions.

What’s new

• New custom Snyk panel with issues tree, filters, and suggestion details, similar to VSC and JetBrains IDEs.

• Delta findings

Eclipse 2024-03 (4.31) or newer is required.

Planned release on January 09.

We're excited to announce a significant upgrade to the Snyk Visual Studio IDE extension. This release aims to ensure feature parity and consistency with Snyk VSC and JetBrains extensions.

What’s new

• UI improvements and standardization

• Auto-scanning capability

• IaC support

• Delta findings

• Snyk Learn integration

Things you should know

• Prerequisites: Visual Studio 2022 (17.5+)

• A special preview version is live and available on the official MS marketplace

Planned release on January 09.

We are pleased to announce further improvements to scanning Gradle projects with Snyk Open Source.

Gradle projects often include secondary build files using the apply from syntax to manage dependencies, repositories, extra properties and other configuration.

From December 12th, Snyk's improved Gradle scanner (available in Snyk Preview) will support analyzing these kinds of additional build files.

The following forms will be supported.

• Groovy: apply from: "dependencies.gradle"

• Kotlin: apply(from = "dependencies.gradle.kts")

Note that any file names may be used, those above are just for example.

Existing users of the new scanner should see the improved results in the next re-scan of their projects. Or to start using the new scanner, see the documentation.

The PR Issue Summary Comment feature (previously in Closed Beta) for Snyk PR Checks is now available in Early Access! With this feature, developers using Snyk PR Checks will receive a comment with a summary count of security, license, and code checks directly within their pull requests, categorized by severity (Critical, High, Medium, Low). This empowers developers to identify and address issues early, with detailed links provided for deeper investigation.

To enable this experience, a new Pull request experience section is now available in the SCM integration settings for supported SCMs. This allows you to directly opt-in to the experience and manage whether to omit the summary comment in cases of PR Check success.

PR Comments are available in Early Access for the following SCM integrations:

• GitHub: GitHub OAuth, GitHub Enterprise (PAT), and GitHub Cloud App

• Bitbucket: Bitbucket Cloud (PAT), Bitbucket Cloud App

Start streamlining your workflows today!

We’re excited to share that supported license data in the form of expressions will now automatically be included in all SBOMs produced by Snyk.

Until now, license information has been available in other parts of Snyk—but not in our CycloneDX or SPDX software bill of materials.

We hope this release makes it easier than ever to share key legal context about your supply chain with relevant audiences.

Although no changes are required, we recommend exploring how you can begin using license data in your SBOM-related integrations and workflows.

This release is coming soon, and could be available as early as November 28th. Keep an eye out for updates to Snyk's User Docs with more information.

We are excited to announce a significant enhancement to Snyk Automatic Fix Pull Requests, furthering our mission in designing workflows that match different projects needs.

Starting December 5th, you will be able to set Fix Pull Requests thresholds by either severity or score. We understand in some projects, fixing all vulnerabilities constantly is extremely important, whereas in others focusing on specific types boosts velocity. That's why, you'll be able to configure two types of rules for the Automatic Fix Pull Requests:

• by score (priority or risk score) - set a threshold from 0 to 1000

• by severity - select among critical, high, medium or low

Snyk will take into account your preferences and raise Automatic Fix Pull Requests only for the issues matching your preferences. Please keep in mind that this option will not influence our Backlog PR capability at the moment.

New organizations created in Snyk will experience a default score of 700 for this capability, which will also represent our default starting June 5th 2025 for all organizations that do not set a specific preference by that point.

Enjoy Snyk Fix PRs!

We discovered a bug in the handling of applications using npm lockfile v3 in Snyk Container, causing transitive dependencies to be omitted from results.

A fix has been identified. Once this has been applied, Snyk Container npm projects using v3 lockfiles are likely to see an increase in identified dependencies. This may lead to an increase in vulnerabilities when re-scanning existing repositories, even if repository contents are unchanged.

The fix will be rolled out to both the Kubernetes integration and next Snyk CLI stable release on December 18th.

The fix is already available in Container Registry integrations.

If you have any questions or need assistance, please don’t hesitate to reach out to us.