Product Updates

Snyk Open Source product’s copyright feature provides the copyright information of your open source dependencies. Please note that access to such copyright data via the Dependencies API and Dependencies Report will not be available from January 8th, 2024.

Dependencies Report screenshot below for reference:

From January 8th, 2024, the Dependencies report, the csv export from this report, and the Dependencies API will no longer display copyright data per dependency. Snyk’s License text tool will also no longer produce the copyright information.

Please keep in mind that only the copyright data per dependency is being EOL’d. License data per dependency will continue to exist.

We are actively exploring ways to reintegrate this data in future iterations of our roadmap.

Thank you for your continued support of our services. If you have any questions or concerns, please do not hesitate to reach out to our customer support team.

We are excited to announce that on Tuesday, December 5th, we will officially launch GA support for C/C++, enabled for all customers. This milestone follows substantial improvements driven by valuable feedback from customer support tickets, calls, and improvements through benchmark applications and open-source repositories. Note that we do not currently support macros and code quality.

For customers with C/C++ code, please anticipate a potential increase in issues.

If you have any questions, please reach out to your account teams.

As your organisation grows, the number and variety of Project types in your system also scales, so the ability to find the Projects you work with can become more difficult. Features such as Project Collections improve the ability to organise and work with Projects at scale, so it's important to improve how they can be created.

We're pleased to announce that we've added a "Project Type" filter to the Project Listing page which will improve a user's ability to find the Projects they need to work with. By filtering your Projects by type, you can perform actions such as tagging and creating Project Collections more easily.

Over the next two weeks, we continue to enhance Snyk Code. As a result, we will be making the following improvements in the next few weeks:

• JavaScript: Adding support for node-forge npm library. Potential increase in results, specifically increase Increase in results pertaining CWEs that represent cryptographic weaknesses: CWE-310, CWE-547, CWE-916, CWE-327

• PHP: Adding PHP Drupal support. Potential increase in all issues

If you have any questions, please reach out to your account teams.

Today, Snyk is announcing the Open Beta availability of the GitHub Cloud app. The GitHub Cloud App represents a significant advancement over our current GitHub integrations, offering enhanced features such as role-based, granular access control, increased API rate limits, and serving as a foundation for expanded and enriched developer experiences.

After we make this generally available next year, our intention is that this app will replace the existing OAuth (aka "GitHub Enterprise") and PAT (aka "GitHub") based GitHub integrations on our platform.

The Open Beta kicks off with customers in the US-based instance (app.snyk.io) using GitHub Cloud, and supports a single GitHub Org for a Snyk Org. Over the next month, we are committed to further refining the Cloud app, introducing the following improvements:

• In the upcoming month, we plan to extend support to EU and AU environments and enable a single GitHub Org to connect with multiple Snyk Orgs.

• By the end of the year, we will extend this functionality to customers using GitHub Server (on-prem).

We encourage you to connect with your account teams to opt-in, refer to our User Docs for more detailed information. Please don't hesitate to reach out if you have any questions.

At Snyk Code we have been focused on improving the reliability of Snyk Code PR Checks. We released at the end of October an update to one of our most error-prone services, and we have seen major improvements in the reliability, with the service going from being part of 50% of all errors, to close to none. Today, we have rolled out this improvement to all environments.

For customers using Snyk Code PR Checks through the Snyk Broker:

• Please update the Broker to version 4.168.4 or higher (recommended to go to the latest version.

• If you are using a custom accept.json, update to the latest rules.

• If you are using Bitbucket, please make sure you are using Bitbucket 7.0 or above.

We continue to improve the overall reliability and scalability of Snyk Code, and we will have more updates in the coming months. If you have any questions, please reach out to your account teams. Thank you.

Over the past few weeks, we’ve been working to find the root cause and to update internal testing to ensure we identify these type of issues prior to production. As of today, we have turned on the first batch of rules for PHP interfile.

We are rolling out changes in how the analysis handles data flow which will result in significantly shorter and more accurate data flow in complex cases. From our testing, we expect this will change between 0.5-1% of issues across all languages.

After this step, pending positive internal testing, all the PHP interfile rules will be re-enabled over the next two weeks.

If you have any questions, please reach out to your account teams.

Earlier this year, we migrated the ability to perform bulk actions in the Project Listing Page from the Usage page. Another bulk action which was available on the usage page was the "Change Test Frequency" functionality.

To remove friction where you'd have to jump between pages to perform bulk actions on Projects, we've migrated the Change Test Frequency functionality to the Project Listing Page.

For more information on the functionality, check out the user documentation.

In June, we announced the general availability of Project Collections. Since then, we've been gathering feedback on the feature's usability as we aim to go deeper on the experience with automatically created Project Collections.

Based on the feedback, we needed to improve the discoverability of the feature and the experience for users who work on the Target-level. Therefore, we've just released a couple of improvements to the existing functionality:

1. Collections are now present in the Projects area as a standalone tab so that anyone can dive into them quickly and easily.

2. You can see at a glance which Target a Project belongs to within a Collection as we have added a sortable Target column. In addition, we've enabled the ability to filter by Target within a Collection.

We'll be adding more usability improvements to the feature over time, so your feedback is valued. For more information, head to the user documentation.

We announced on June 22nd that we will end-of-life the v1 List All Projects API on December 22nd. Alongside the announcement, we have shared a migration guide and have released enhancements to our GA REST APIs to help facilitate the migration. These APIs will provide more consistent versioning, pagination and caching, and improved performance for you.

In addition, we have two brownouts scheduled where we will be periodically removing this endpoint for a set period of time:

• November 16th for 2 hours starting at 6:00 UTC

• December 6th for 4 hours starting 17:00 UTC

During this time window, the API will return 410 Gonefor all requests. If you require further support during these windows, please raise a support ticket. Review the migration guide below and move all your automations over before December 22, 2023!