Product Updates

Currently, Snyk’s BitBucket Server integration reports on commit statuses (Snyk PR Checks) per project (i.e., per manifest file in the repo). This reporting approach consumes excessive SCM resources in large or complex repositories. To remedy this, the Snyk BitBucket Server integration will report per-product commit statuses beginning April 22, 2025.

By moving to per-product statuses, BitBucket Server integration users will benefit from:

• A more consistent UX with the rest of Snyk’s SCM integrations, which report their statuses on a per-product basis (Snyk Code, Snyk Open Source)

• Performance improvements through fewer calls made to their SCM by Snyk

• Access to existing features like Mark as Successful or new features such as PR Comments, which were not supported by per-project statuses.

We’ve released a CLI hotfix (v1.1296.1) to enhance the following use cases:

• Poetry 2 Open Source is now supported in the Snyk CLI, with the same features as for Poetry 1, as mentioned here. Upgrade to the new CLI version and run snyk test or snyk monitor as usual.

• Increase authentication resilience for OAuth connections.

• Fix duplicate Open Source Issues appearing only in a single IDE tree node, despite occurring in multiple files.

• Avoid that the trust dialog blocks the language server.

Release notes can be found here.

If you have any questions, feel free to reach out to the Snyk support team.

We encourage everyone to upgrade to the latest version!

Snyk Open Source Fix PRs are a key feature for helping Developers stay on top of vulnerabilities in their dependencies.

However, Fix PRs in projects using the Early Access improved .NET scanning feature could sometimes upgrade the wrong dependencies.

This bug fix will ensure that the correct dependencies are upgraded.

When is this coming?

• This fix will be gradually rolled out.

• Rollout begins on April 15th, and should finish by May 2nd.

• During the rollout customers using Early Access .NET scanning should expect to see fewer incorrect .NET Fix PRs being raised, with the problem eliminated entirely by the end date.

We are excited to announce upcoming improvements to Snyk Open Source Fix PRs to help you manage the overall risk posture of your applications.

Fix PRs are a key tool for helping Developers stay on top of new vulnerabilities in their dependencies. However, by upgrading a dependency our PRs might sometimes introduce new vulnerabilities that increase the overall risk posture of the project.

Snyk will now only raise a PR for a vulnerability if the change does not introduce additional vulnerabilities with higher severity than the one being fixed.

Users should expect to see on average a 10% reduction in Fix PRs as a result.

When is this coming?

Gradual rollout of these changes will begin on April 3rd, and finish by April 10th.

During the rollout, an increasing percentage of Fix PRs for all users will have the new risk aware checks applied.

No action is required to benefit from these improvements.

AppSec teams export Snyk datasets for various purposes, including:

• Build their own analytics and dashboards.

• Following company policies that requires specific customization

• Sharing data with external audience, such as the leadership team or security auditors.

The Export API enables cyclic data export of Snyk datasets into CSV files. Designed for efficiency and security, the API supports exporting large datasets in an organized, scalable manner, making it ideal for reporting and analytics workflows.

To learn more about the Export API, and how to get started right away, visit the API documentation.

For any question, please contact your account team.

We are thrilled to announce two new Snyk Reports in Early Access, that are available for the enterprise plan customers!

Repositories Tested in CI/CD Report:

AppSec teams need visibility on the Snyk tests that are executed during CI/CD pipelines and answer questions like:

• What portion of repos are being tested (against repos that had commits)?

• Are we adopting the practice of testing code in CI/CD pipelines as a company? and where are the gaps?

• What is the test success rate is it going up over time?

The new Repositories Tested in CI/CD Report answer all of those questions and more.

To learn more please visit the report documentation.

PCI-DSS v4.0.1 Report:

AppSec teams are tasked with ensuring a successful PCI-DSS audit, to prepare for the audit they need to:

• Estimate compliance readiness and share status with relevant stakeholders.

• Identify and mitigate compliance violations and gaps as early as possible.

• Provide evidence that the organization is meeting the PCI-DSS requirements.

The new PCI-DSS v4.0.1 Report is aimed to assist AppSec teams to tackle this challenge!

To learn more please visit the report documentation. For any question, please contact your account team.

We are announcing the Early Access release of PR Issue Summary Comment and SAST High-Context Inline Comments as part of our ongoing efforts to enhance the pull request experience. These features bring critical security insights directly into your PRs, reducing context switching and streamlining vulnerability remediation.

• PR Issue Summary Comment - With this feature, developers using Snyk PR Checks will receive a comment with a summary count of security, license, and code checks directly within their pull requests, categorized by severity (Critical, High, Medium, Low). This empowers developers to identify and address issues early, with detailed links provided for deeper investigation.

• High-Context Inline Comments display each SAST security finding alongside key information such as CWE (Common Weakness Enumeration) and priority score and a Snyk Learn link for further guidance—helping developers remediate issues faster without leaving their SCM. 🚀

This is part of a series of enhancements designed to improve your developers’ pull request experience with Snyk, and we remain committed to further improving it. If you’re interested in enabling this feature for your organization, you can self-opt in via the Pull Request Experience section in the SCM integration settings. Check out the user docs for more details. Try it out and connect with your account team to participate in feedback sessions to shape the future of your Snyk’s workflows.

To improve consistency within the Snyk app, we've moved the Broker client commit signing toggle from Snyk Preview to the Broker Settings page. The client commit signing to gives you the ability to enable access to commit signing using Broker clients.

This change centralizes related settings, making it easier for you to manage your commit signing preferences and ensuring a more predictable and unified experience.

We've released a hotfix for our Visual Studio extension (v2.1.1) to enhance clarity in multi-project setups.

Specifically, we've addressed the following:

• Enhanced Project Identification: The OSS file tree nodes now include the relative path to the project.assets.json file in addition to the project folder path. This change aims to provide a more intuitive and informative experience when working with multi-project workspaces.

If you have any questions, feel free to reach out to the Snyk support team.

We encourage everyone to upgrade to the latest version!

We've released version 2.12.1 of our IntelliJ plugin in order to address some API incompatibilities in order to ensure seamless support for the upcoming JetBrains 2025.1 release.

No changes are introduced from v2.12.0, previously announced here yesterday.

We recommend upgrading to v2.12.1 through the IntelliJ plugin marketplace for optimal compatibility!

If you have any questions, feel free to reach out to the Snyk support team!