Product Updates

We're excited to introduce two new filters to AppRisk Policies - “Repository Freshness” and “Source”. The two new filters unlock new use cases for policy creation. For example, users can now fine-tune policies with “repository freshness” condition to ignore inactive repositories. Additionally, they can take different actions for assets originating from different sources.

Previously available only in Asset Inventory, these two filters are now seamlessly integrated into AppRisk Policies as well. For more information, please refer to Snyk documentation.

In about a week time, Snyk will update the logic for counting license issues in both Reports and Enterprise Analytics pages to better align with the way license issues are counted in Snyk projects page and Issues API. This will provide customers with a more consistent user experience across Snyk platform and ensure that license issue counts received from different Snyk interfaces are aligned. Customers using Snyk Open Source will see fewer issues in reporting once this change is applied, as the paths by which an issue is introduced will no longer be counted separately. Please reach out to your account team with any questions.

We are happy to share the availability of a new report - CWE TOP 10 KEV (Known Exploited Vulnerabilities).

CISA:

• In 2021, the Cybersecurity and Infrastructure Security Agency (CISA) began publishing the Known Exploited Vulnerabilities (KEV) Catalog.

• The CVEs in this catalog are vulnerabilities reported as actively exploited. CISA recommends that organizations monitor the KEV catalog and use its content to help prioritize remediation activities in their systems to reduce the likelihood of compromise.

The new KEV report:

• In December 2023, MITRE published an analysis of the TOP 10 exploitable CWEs for the first time. For each CWE, MITRE looked at how many CVEs are assigned to it in the KEV catalog and their average CVSS score.

• The list contains 10 prioritized CWEs that, if addressed, can reduce the risk of exploitation.

The new report provides an additional approach to managing and prioritizing risk according to industry standards in addition to the OWASP TOP 10 (2021) and the CWE TOP 25 (2023) reports.

Learn more by reading the documentation available here.

Following the release of the Targets API beta, we were given feedback that users had some issues with the naming conventions, would like to see the prefix updated to be consistent with standards used in other endpoints, and we were also given feedback that we’re missing various fields and filters which were supported in other versions of the API (including via the projects API).

With that, we're proud to announce that we've taken that feedback on board, addressed the points, and have released the GA version of the Targets API!

With the GA release of any API in Snyk, the GA release of this endpoint (which is a huge improvement on the beta) means the beta version is automatically deprecated, and users are highly recommended to upgrade to the GA version as soon as possible.

We are not removing the beta endpoint yet, and you can still continue using it.

However, after 90 days, we can remove the API endpoint. We will communicate regularly that the GA endpoint is available to upgrade to, and that we will remove the endpoint as we approach the time.

When we remove the beta API, you will be greeted by an http 404 error, and the simple fix is to upgrade to the latest version.

The Group Organizations page for Enterprise customers just got a facelift!

The new cleaner look makes viewing your Organizations and joining new ones a breeze. The new page is faster and includes a brand-new workflow for joining Organizations without the need for manual emails.

Read more about how to request access to an Organization.

We are excited to announce the GA release of the Custom Base Image Recommendations feature of Snyk Container, bringing a more customized experience to our enterprise customers, allowing developers to utilize the most secure images from their organizations' internal pool of approved images (often referred to as “golden images”).

The General Availability version delivers:

• API endpoints for all custom base image actions to allow automation and smooth integration into existing processes.

• All API functionality is now also available in the browser GUI, allowing users to define custom versioning schemas from the project’s settings.

• Removed feature flag - by default, Custom Base Image Recommendations settings will be shown in the project’s settings.

Please note that this feature is only available for customers on the Snyk Enterprise plan. More details on the feature are available in the public and API documentation.

We are happy to announce Policy Templates for Snyk AppRisk.

Policy Templates help AppRisk users create policies by offering ready-to-use templates that cover common use cases. In addition to creating a policy from scratch, users can now start with one of four out-of-the-box templates and tailor it to their unique requirements.

For more information, please refer to Snyk documentation and watch the Policy Templates overview video.

We are excited to announce the General Availability of the Unified Issues API, which unifies all Snyk issues (SCA, SAST, IaC+) across projects or orgs into one API call. The Unified Issues API approach offers several key benefits:

• Simplifies the user experience with one paginated API call across all projects or orgs

• Saves time by eliminating the need to stitch data across API calls and offering a consistent schema to parse responses with

• Highlights our commitment to building Snyk as a holistic security platform for our customers

The General Availability delivers:

• Uniform issue representation from Code to IaC+, with improved data quality and increased reliability

• Detailed representations for Open Source packages and fix information

• Improved pagination and response management, simplifying the API interaction

• New filters for tailored API responses, catering to specific querying needs

Please check out the API docs for listing all issues by group, and by org.

Note: the experimental versions of this endpoint will be deprecated in 30 days, while the beta version will be deprecated in 90 days. If you have any concerns with the deprecation timelines for experimental or beta endpoints of this API, please contact your account representative.

We are please to announce that the Snyk AppRisk support View Only permission.

View Only permission for Snyk AppRisk will enable you to give view only permission to Snyk AppRisk, so it is minimizes the need for the you to give full access to Snyk AppRisk to your team members.

For more details see the documentation available here

DeepCode AI Fix helps you automatically fix security issues identified by Snyk Code in the IDE (VS Code and Eclipse) using Snyk's DeepCode AI model.

Over the last few months, the team has been continuously adding depth to JS/TS fixes, and we are excited to share the support for 6 additional languages. DeepCode AI Fix now supports:

• Javascript and Typescript

• Java

• Python

• C/C++

• Go (Limited support)

• C# (Limited support)

• APEX (Limited support)

Visit our documentation to learn how to try it out!