Product Updates

We're excited to introduce new REST versions of our Group and Organization membership APIs.

As we mentioned in past updates, Snyk’s API landscape is evolving, and we’re making efforts toward sunsetting our v1 and non-GA REST APIs. These new endpoints provide a more robust and efficient alternative to the v1 Membership ones, which are not going away for now.

The new endpoints have improved functionality under the hood, such as cascading membership checks and updated responses (hello pagination 🙌). You can find all the details in our REST API docs: Group memberships & Organization memberships.

Effective October 4th, we will be adjusting the testing frequency for free projects to a weekly cadence. This change is designed to optimize resource allocation and ensure equitable access to our services for all users.

Please note that this adjustment will not impact your ability to initiate via manual retest in app.snyk.io or CLI.

This update will be released on Friday, October 4th.

For increases in test limits and the ability to use daily project test frequencies, upgrade to a paid plan by visiting https://snyk.io/plans/.

As Snyk's API landscape is evolving through efforts to end-of-life v1 and non-GA REST APIs, we need to also evolve our approach to REST API versioning. Therefore we are excited to announce an upcoming simplification to our API versioning scheme, aimed at reducing customer confusion while not introducing any breaking changes.

Please note that existing APIs and documentation will remain unchanged. Your existing integrations should be unaffected by this new versioning strategy.

After October 17th, no new experimental endpoints will be created. Instead, we are introducing new “/closed-beta” endpoints. The purpose of these endpoints will be to provide a handful of users with a tech preview, giving them a sneak peek at new API features we're considering to ship to GA in the future. Closed beta endpoints will not be appropriate for integrations or major workloads.

For these new closed beta and beta endpoints, we will be enforcing our API deprecation policy at the sunset date. Removing outdated endpoints will simplify our API landscape further and hopefully reduce confusion when customers are trying to find the endpoint that fits their use case.

As part of versioning simplification, Snyk will expose one API specification per version-date, rather than one for each stability. New versions of the Snyk API will only be published when necessitated by breaking changes. For newer versions, you should only specify the date for beta versions, i.e 2024-08-02 rather than 2024-08-02~beta. It's important to note that existing versions won't be affected by these changes; this new approach only applies to upcoming new versions.

We hope that this simplified API Versioning strategy will reduce customer confusion and make it easier to find the best endpoint for your use case.

The Developer IDE and CLI usage Report was enhanced with new filters, enabling deeper insights into Snyk IDE and CLI adoption in your company. The new filters include:

• Environment filter: analyze usage for specific coding environments, such as VS Code, IntelliJ, Visual Studio, Eclipse, and CLI.

• Snyk product filter: refine the viewed metrics by focusing on the specific Snyk Products that executed the scan.

With these new filters, you can explore additional use-cases, such as:

• Comparing scan adoption by organizations for specific Snyk products or IDEs.

• Reviewing developers usage trend by Snyk product within selected IDEs.

• Measuring IDE usage according to the Snyk product of interest.

To learn more about the Developer IDE and CLI usage Report visit our product docs. For any question, please contact your Snyk account team.

We are pleased to announce the Broker improvement; Universal Broker!

The Universal Broker is an innovative improvement to the Broker, providing a more scalable, secure, and user-friendly platform to alleviate management of Snyk Broker deployments and connections.

Previously, Snyk customers encountered difficulties managing multiple broker connections, leading to configuration challenges and risks. Universal Broker simplifies this process by allowing customers to consolidate all system types into a single Broker instance. Additionally, by implementing authenticated clients and abstracting sensitive values from the user interface, Snyk reaffirms its commitment to security.

By safeguarding credentials and providing a more intuitive user experience, this update aims to enhance overall efficiency and security for our customers.

The Universal Broker is particularly beneficial for customers who prioritize Github Server App or find managing multiple broker clients cumbersome.

To learn more about Universal Broker check out the user docs here! For any questions, please contact your Snyk Support team.

We are pleased to announce that improved accuracy for Gradle projects imported via git integrations is now in Early Access 🙌

Gradle is a powerful build tool with complex configuration and dependency management features, which has traditionally meant the only way to get good SCA results is to scan in CI/CD pipelines.

With this Early Access release, you can now also reliably scan your Gradle applications simply by connecting Snyk to your git repositories.

This makes it easier to roll out at scale across your organisation, and to benefit from shift-left, developer friendly features such as pull request checks.

For more details on improved Gradle scanning, and how to get started, see our documentation.

We are pleased to announce the latest stable releases for each supported IDE plugin:

• Visual Studio Code v2.18.1

• JetBrains v2.9.0

• Eclipse 2.0.2

• Visual Studio 1.1.63

  (only VS 2022)

As part of these releases, we are happy to conclude the work announced previously:

• OAuth 2.0 authentication

• Severity change annotations

In addition to big features, these releases contain multiple bug fixes and performance improvements:

• Significantly improved JetBrains performance by moving business logic from the UI thread to the separate one on the background

• Unified and Improved rendering of IAC findings in all VSC and JetBrains

Snyk documentation has been updated with How-to pages about authentication. For example, JetBrains authentication

We encourage everyone to upgrade to the newest versions.

We are pleased to announce the latest stable Snyk CLI release v1.1293.0.

We are introducing the following new features in this version. To learn more about bug fixes, please reference the release notes.

Introducing OAuth by default for standalone installation

OAuth support has been available since v.1.1267.0 and from v.1.1293.0 onwards, Snyk CLI will authenticate a local user via OAuth by default. This change strengthens security and access controls, and can be used in both local development as well as where the CLI is integrated directly into CI/CD pipelines. See user docs for more information.

Improved environment configuration

Introducing a new config subcommand, the experience is now easier and more consistent to configure the environment used in the CLI. By default, the Snyk CLI connects to https://api.snyk.io/ and for users using regional hosting or on premise instances, it’s as simple as calling snyk config environment . For more information and to understand how this reduces the impact of misconfiguration, see the docs here.

Support for license issues and improved error details in SBOM test

We now support returning license issues in addition to vulnerabilities when using sbom test. When scanning a CycloneDX or SPDX SBOM, Snyk will detect the license for each component in the SBOM and return issues according to the defined or default license policy for your organization. In addition, we’ve made improvements to CLI errors returned when SBOMs cannot be processed by Snyk.

Improved SBOM generation for Container application dependencies

We have improved the accuracy of SBOM generation for Snyk Container. When using snyk container sbom, Snyk scans and generates an SBOM for operating system dependencies as well as application dependencies in your image by default. Prior to this improvement, there were limitations in the underlying analysis causing application dependencies to be omitted under certain conditions.

Enrich CLI results for IaC+ with successful items

The CLI output for Snyk IaC tests now displays not only the failed rules but also the successful rules, providing visibility into the comprehensive scan coverage and reassurance that configurations are correctly defined (for validation purposes).

pnpm CLI support in Early Access

We now support testing and monitoring of pnpm projects using the Snyk CLI. Customers wanting to try this Early Access feature can enable it using Snyk Preview. Details are available in user docs.

You can learn more about Snyk CLI release channels in user documentation.

We wanted to share an update on how users can interact with issue details from within the Vulnerabilities Detail report. To improve usability and consistency across the product, the nested table pattern previously used in this report has been replaced with a drawer. Clicking the vulnerability name in the report table will now activate a drawer with increased area to display details, pagination, and affected projects. Also within the drawer is an additional link to the Issue Details report, with included context, for deeper exploration.

We are pleased to announce that CLI support for pnpm is now available in Early Access 🎉

pnpm is a fast, efficient Node.js package manager, with excellent support for managing large monorepos. Managing security risks in pnpm projects is as vital as with any other tool, and we are excited to begin supporting it.

When the feature is enabled via Snyk Preview, you can scan pnpm projects with the Snyk CLI stable version v1.1293.0 and higher.

Here's a summary of what's supported, see the docs for more details…

• pnpm versions 7, 8 and 9

• snyk test and snyk monitor CLI commands

• pnpm catalogs

• pnpm workspaces, using the --all-projects CLI option

• Standard CLI options for Node.js projects, e.g. --dev for dev dependencies

Have fun! 🤗