Product Updates

We’re excited to announce that Snyk Code will support Rust and Groovy in early access, with the rollout starting on March 3. Customers will be able to enable Rust and Groovy support inside Snyk Preview to scan their source code for security issues.

For Rust, Snyk Code will detect security vulnerabilities in backend web applications, covering issues in common frameworks, HTTP handling, async runtimes, and database interactions.

For Groovy, Snyk Code will identify security risks in backend web applications, including those using standard libraries and major web frameworks.

Public documentation at docs.snyk.io will be updated by the launch date.

Asset context has been proven to be well adopted and useful to make better prioritization decisions across the platform. With that, we will be removing some of the hard-coded system tags so that users can control directly through an asset policy how and under what conditions those tags apply.

The system tags that will be removed are all based on the repo name and can be created with an asset policy as demonstrated in the tagging policy use case.

The system tags that will be removed are: payment, infrastructure, ecommerce, scanned artifact: packages, scanned artifact: repositories, upload, demo, billing, account, attachment.

In addition, we're introducing in the UI the 'type' of each asset tag - this information will be available through the Inventory view and also when inspecting a specific asset.

This update rolls out on February 26, 2025.

Snyk Code is improving its Jakarta EE and Java EE coverage to enhance vulnerability detection in enterprise Java applications. This update expands support for key frameworks, increasing accuracy and improving security insights.

What’s New?

• Additional Data Sources: Now includes JMS messaging, WebSocket, and Mail as sources of user-controlled data.

• Broader Sink & Sanitizer Coverage: Expanded detection across Jakarta EE components.

• ConstraintValidator Support: Recognizes sanitizers defined via ConstraintValidator annotations within the same repository.

This update will be available as part of our Java language support on March 1, 2025.

Snyk Code will soon provide a more focused dataflow view for taint vulnerability reports. By removing unnecessary steps, this update makes it easier to trace relevant flows, improving clarity and speeding up issue reviews.

The update rolls out on February 19.

We are excited to announce improvements to the Snyk Container base image recommendation algorithm.

Previously we would sometime recommend upgrades to alpha and beta images, this particularly affected Python base images.

This has now been fixed and we no longer recommend updating to these types of image.

PR Checks for Snyk Code are now Generally Available. Customers using Snyk Code to secure their applications can enable PR Checks to automatically scan their pull requests and provide a mechanism to gate those changes from being merged when new security vulnerabilities are discovered.

How do I enable PR Checks for Code?

Snyk Code PR Checks are available for all supported SCM integrations.

To turn them on for Snyk Code projects, navigate to the Pull Request Status Checks section under your organization’s integration settings and look for Code Analysis. From there, you can enable PR Checks and select your preferred failure condition (Low, Medium, or High severity issues).

You can then use PR Checks, along with your SCM’s configuration, to decide whether to prevent changes from being merged while the commit status check is in a failed state.

We’ve released a CLI hotfix (v1.1295.3) to enhance the following use cases:

• Improved memory usage when executing code scans on large projects

• Fix incorrect filtering of files when executing code scans which could fail the analysis

• Fix unexpected logouts that were reported when using OAuth2 authentication

Release notes can be found here.

If you have any questions, feel free to reach out to the Snyk support team.

We encourage everyone to upgrade to the latest version!

We have released Broker version 4.205.1. In this version, all ACCEPT rule flags will be enabled by default. This update reduces the need for user configuration, resulting in an enhanced Broker experience.

In the case that you do not want a specific ACCEPT rule flag enabled, customers can easily opt-out of the default ACCEPT all behavior by adding ACCEPT_<FLAGNAME>=false to your Broker client configuration.

As best practice, we recommend using the latest version and regularly updating the Broker, preferably through automation.

Please contact support with any questions.

We’re pleased to announce an integration with Google Cloud Security Command Center (SCC), which enables security teams to monitor and manage application security vulnerabilities and misconfigurations from the Snyk platform - all within SCC interfaces, alongside other findings from Google Cloud. The integration is in Early Access, and is available to all Snyk customers on an Enterprise plan.

The combination of Snyk with Google SCC enables security teams to:

• Centralize findings with a comprehensive view in SCC of application and cloud security findings from Snyk and Google Cloud.

• Detect and respond to new vulnerabilities and misconfigurations as they emerge at any point of the SDLC - by viewing all findings in SCC, and fixing priority findings in code with Snyk.

Please reference our documentation for more information on setting up the integration.

We’ve released a hotfix for our Visual Studio IDE plugin (v2.0.1) to address the following issues:

• When scanning projects that contained non-ASCII characters in their path, results were not displayed.

• UI freezes caused by either the authentication flow or the ignoring trust mechanism.

Release notes can be found here.

If you have any questions, feel free to reach out to the Snyk support team.

We encourage everyone to upgrade to the latest version!