Product Updates

Starting May 1, 2025, Snyk Code will support Java 21 across all integrations, enabling full project scanning and improved accuracy.

• Java 21: Support for new language features including record patterns and sealed classes.

• Analysis Engine: Enhanced program analysis to align with Java 21 syntax and semantics.

• Ruleset: Updated to cover security-relevant classes introduced in Java 21.

These updates will roll out as part of Snyk Code’s GA support for Java 21 and may result in changes to findings.

We’re thrilled to announce the integration of Snyk’s AI-powered security platform with Google Gemini Code Assist, a cutting-edge AI coding assistant.

This collaboration brings together Snyk’s trusted application security capabilities and Gemini’s advanced AI coding tools to revolutionize secure software development.

With this integration, developers can now:

• Seamlessly secure code within their IDE: Access Snyk’s powerful Snyk Code, Snyk Open Source, and Infrastructure as Code scanning directly through Gemini Code Assist.

• Leverage natural language prompts: Type @Snyk in Gemini to scan code, prioritize vulnerabilities, and even auto-remediate issues using Snyk’s DeepCode AI Fix—all without leaving your workflow.

• Streamline productivity without compromising security: No more switching between tools—security insights are now embedded directly into your coding environment.

Why It Matters

AI-generated code transforms development, but studies show that 40% of such code contains vulnerabilities. This integration ensures that security is embedded early in the development process, enabling teams to innovate confidently while mitigating risks.

This integration is part of our commitment to empowering developers and security teams with tools that make secure development effortless and efficient.

See more in our blog article.

Snyk Code Consistent Ignores is now available in Early Access via Snyk Preview.

Snyk Code Consistent Ignores helps your teams focus on the important risk by filtering out distractions, ensuring that once an ignore is created, it is consistently respected regardless of how and where the test is run.

Snyk Code ignores span across branches, integrations, and Snyk Projects within a repository. Notably, this means that ignores are respected and won’t fail tests throughout the SDLC, including in IDE plugins, the CLI, and native PR checks.

Documentation outlining the details of this new functionality is available here.

From April 23rd 2025, Snyk Open Source will support SCM integration scanning of pip and pipenv applications using Python 3.13, as follows:

• pip: Snyk will use Python 3.13 for SCM scans when specified in Organisation settings, or .snyk files.

• pipenv: Snyk will scan using Python 3.13 if specified in the projects Pipfile.

In both cases, the updated results will be available after the projects next retest.

⚠️ Note that for relevant projects, the numbers of dependencies and issues may increase.

FAQ

Q: How do I specify Python version for pip projects?

This can be defined in Organization settings, or on a per-repo basis using .snyk files. See documentation.

Q: How do I specify Python version for pipenv projects?

Snyk will use the Python version specified in the projects Pipfile

Before this release, a Pipfile specifying Python 3.13 (or any other unsupported version) would be scanned with a default version of 3.10 instead.

Q: How does Python version affect accuracy of Snyk scans?

Some Python packages depend on specific Python versions, and developers must build these apps in an environment with a compatible Python version for them to be installed correctly.

Similarly, to provide the most accurate results, Snyk must be configured to use the same Python version used by your application.

The Inventory Overview is a new tab offering both insights as well as prescriptive guidance related to operationalizing your AppSec program with Snyk.

Some of its highlights include:

• Which repositories are not being tested with Snyk

• Coverage gaps as defined by your asset policies

• Dormant repositories with high and critical vulnerabilities

• Languages with most issues, that can be prevented through education modules in Snyk Learn

• Class A repositories with the highest number of critical & high issues

And more.

Each widget links directly to the relevant filters so that it's easier to follow up and take an action.

We will begin rolling out the Inventory Overview to all customers on the Enterprise plan starting April 9, 2025. If you would like to get access earlier, please contact your account team.

From April 17th 2025, Snyk's improved Gradle scanner (available in Snyk Preview) will support allprojects and subprojects building blocks.

Existing users of the new scanner should see the improved results in the next re-scan of their projects. Or, to start using the new scanner, see the documentation.

How will my scan results change?

⚠️ For relevant projects, the numbers of dependencies and issues may increase.

For projects with these types of blocks, the new scanner may have previously reported unknown versions for some dependencies. It will now return the correct version.

In addition, it will include their transitive dependencies, resulting in fewer false negatives.

What are allprojects and subprojects?

Gradle provides special blocks called allprojects and subprojects which enable sharing code and configuration across projects.

Here is an example of an allprojects block in a Gradle build file.

// build.gradle
allprojects {
  apply plugin: 'java'
  repositories {
    mavenCentral()
  }
  dependencies {
    implementation 'org.apache.commons:commons-collections4:4.2'
  }
}

In the past few months, Probely’s interface has been changing with the goal of providing users a more unified and improved experience. We have been working hard to bring new elements to life, and now we have a new side menu, severity badges, buttons, tables, tabs, filters and search fields similar to Snyk’s own, among others.

With the latest release, we’re bringing the new details panels into view for all the main sections of the app (Discovery, Targets, Findings, and Scans).

• You can click on the item’s name to open the full view of its details, where all the information is visible and all actions related to that element can be performed, or you can click on a row from the list to open a small panel with some details without losing focus from the list itself.

• In either view, you can use the navigation arrows on the bottom of the screen to scroll through the list in an effortless way.

Additionally, we’re also updating the way bulk actions are displayed in the app, to be more in line with the ones from Snyk.

We will continue to update the app in an ongoing effort to reduce friction and improve the experience for our users, and we encourage everyone to explore Probely and interact with the new interface.

For any suggestions, questions or concerns please reach out to the Snyk support team.

The accuracy of the Computed Fixability column in Snyk Analytics is planned to be improved. This column Indicates whether an issue can be fixed based on the vulnerability remediation paths, that are based on the dependency tree, and thus only applicable for SCA vulnerabilities.

As of now, any issue that is not an SCA vulnerability, like Snyk Code and Snyk IaC issues, is assigned with the value of "No fix supported", which cause confusion among users.

Starting April 16th, a new value, "Not Applicable", will be introduced for all issues that are not related to SCA vulnerabilities.

This change will impact the Computed Fixability value of the following issues:

• Snyk Open Source (only License issues)

• Snyk Code

• Snyk IaC

In the following components:

• Snyk Reports

• Snowflake data share

• Export API

If your internal processes rely on this data, please update your logic accordingly and be ready to apply relevant changes by April 16th.

For any questions or concerns please contact your account team.

Dear Customers,

In our December announcement regarding the upcoming 12-month Support Policy (effective June 24, 2025), we outlined changes impacting our IDE, Language Server, and CLI versions. We'd like to provide an important clarification regarding the scope of this policy.

We are confirming that the 12-month Support Policy will also apply to Snyk's CI/CD plugins, which are highly dependant on the Snyk CLI.

This means that, starting June 24, 2025, each version of our CI/CD plugins will be supported for 12 months from its release date, in line with the policy for IDE plugins, CLI, and Language Server.

Why this clarification is important:

• Consistency: This ensures a unified support experience across the Snyk developer tools.

• Planning: It allows you to plan your upgrades for CI/CD integrations with the same confidence and clarity as other Snyk tools.

• Security & Stability: Staying within the support window ensures you have access to the latest security updates and stability improvements.

We encourage you to schedule regular updates to stay within our support window for all Snyk tools, including CI/CD plugins.

For more guidance, please refer to our Documentation for CI/CD plugins, IDE, Language Server, and CLI, respectively. If you need assistance, please contact our support team.

We apologize for any oversight in our initial announcement and appreciate your understanding. We are committed to providing clear and comprehensive information to help you manage your development workflows effectively.

Update: The rollout has officially started on April 22 and will proceed gradually through to May 1.

We are excited to announce that Issue Summary comment and High Context Inline comments are coming to General Availability soon! As part of this exciting milestone, we're taking the next step by enabling these capabilities by default for all customers who use PR checks on April 22nd, 2025. With this update, all GitHub and Bitbucket (except Bitbucket Server) repositories with PR checks enabled will automatically include both the Issue Summary comment and SAST High Context Inline comments, revolutionizing how your developers identify and address vulnerabilities without ever leaving the SCM.

The repositories onboarded via the following SCM integrations are in scope of this change:

• GitHub: GitHub OAuth*, GitHub Enterprise (PAT), and GitHub Cloud App

• Bitbucket: Bitbucket Cloud (PAT), Bitbucket Cloud App

Key highlights ​​of this release

On April 22nd, 2025, all repositories with PR checks enabled will automatically activate the following capabilities:

• Issue Summary comment for both PR check success and failure cases, covering Snyk Code and Open Source security & license checks.

• High Context Inline comments for Snyk Code findings.

Repositories that have either (1) manually disabled either of the comments after initial enablement or (2) disabled summary comments for success scenarios during Early Access will remain unchanged, ensuring prior preferences are respected.

Opt-Out Requests

• Opt-out requests can be submitted via our dedicated form or through your Snyk POC (include Group/Org IDs)

• Opt-out submissions received before April 21st, 2025 will not be default enabled

To customize your preferences at any time after default enablement, you can simply visit your integration settings in the Snyk WebUI where you can toggle comments off.

This milestone represents our ongoing commitment to transforming the developer experience with Snyk, making security an integrated, intuitive part of your development workflow 🚀

*Note: For GitHub OAuth integrations, a PAT token with the right permissions will need to be added to start receiving PR comments.