Product Updates

Following the previous announcement, we have completed the rollout of the updated navigation menu for all Enterprise customers.

The left-side navigation menu will now include the Tenant that brings together all the Snyk entities of each Enterprise customer. Read more about Snyk Tenants and the new Tenant-level roles.

Accessing the Tenant entry in the hierarchical navigation menu does not automatically provide visibility into everything within the Tenant. Customers will continue to see only the Groups and Organizations of which they are a member.

Learn more about how to set up your Snyk Tenant in our updated Snyk Learn training.

We’re thrilled to announce the next step in our journey to improve security insights and prioritization—building on our previous update introducing CVSS 4.0. This enhancement adds support for CVSS 4.0 and Exploit Maturity (Threat Metrics) fields in the REST Issues API, delivering even more robust tools for vulnerability management.

The new default evaluation using CVSS v4.0 will improve the prioritization workflow and risk assessment, enabling you to focus on the most emerging threats.

In addition to CVSS 3.1 scores, you’ll now see CVSS 4.0 scores and exploit maturity fields when interacting with the REST Issues API.

Customers using data.effective_severity_level in their automations can now also use data.severities[].level for either CVSS 3.1 or CVSS 4.0 (based on data.severities[].version). Plus, gain access to all vector data and exploit details for each vulnerability for more granular automation and analysis.

For more information about CVSS v4.0's specifications, please refer to the blog post: What’s new in CVSS 4.0.

Stay secure,

As a continued commitment to helping our customers ship secure code, Snyk provides images provided by Snyk Images build tool chain to make it easier for customers to integrate Snyk into their build pipelines and other automations.

Snyk has published an update to our Snyk Images policy, announced earlier this year. As part of this policy update, Snyk will no longer remove images from Docker Hub, in order to prevent customer pipelines and automations from failing due to a removed image.

Snyk continues to recommend that customers use the most current and secure images available.

We are pleased to announce the latest stable releases for:

• Visual Studio Code v2.20.0

• Jetbrains v2.11.0

• Eclipse v3.0.0

• Visual Studio v2.0.0

As part of these releases, we are happy to introduce the following enhancements:

• We’re closing the gap on our coverage and Delta findings is now available in all IDEs (Early Access)

• We are launching a new major version for our Visual Studio plugin that we have modernized substantially and comes with new features like: Auto-scanning capability, IaC support and Delta findings.

• We are launching a new major version for our Eclipse plugin that we have modernized substantially and comes with new features like Delta findings.

• During OAuth authentication, the IDEs will automatically detect the API URL to be used for authentication.

In addition to significant features, these releases contain multiple fixes that can be consulted in the changelog for each of our plugins.

For more details about the Snyk IDE plugins, please reference our documentation:

• Visual Studio Code

• Jetbrains

• Eclipse

• Visual Studio

We encourage everyone to upgrade to the newest versions!

We are pleased to announce the latest stable Snyk CLI release v1.1295.0.

We are introducing the following new features in this version. To learn more about bug fixes beyond what is highlighted below, please reference the release notes.

Automatic region configuration during OAuth

During OAuth authentication, the CLI will automatically detect the API URL to be used for authentication.

Support for verbose Gradle graphs

When generating SBOMs via CLI for Gradle graphs, we’re removing pre-pruning of dependencies.

You can learn more about Snyk CLI release channels in the user documentation.

We would like to notify on an improvement related to the issues' Mean Time To Resolve (MTTR) measurements within the manage tab inside Snyk Analytics.

With the current implementation, issue resolutions of under a day are not being counted correctly during MTTR measurements. The planned release will solve it and provide a more accurate MTTR results.

Once the improved logic is released you should expect seeing slightly higher MTTR measurements, which will reflect a more accurate measurement.

This improvement is planned to be released on January, 21st. Please reach out to your account team for any questions.

One of the inconveniences of using Snyk's regional environments (EU, AU, or US) was that you had to use dedicated region-specific login pages to access the Web UI, e.g., app.eu.snyk.io for the EU instance. We have streamlined this login experience so customers using SSO do not need to remember or bookmark these region-specific login URLs.

Enterprise users can now access any of the login pages, and if they log in with their company SSO, they will automatically be redirected to the corresponding regional instance. This also works for CLI and IDE logins that trigger the OAuth flow through the web UI (available in the latest version of the CLI and IDE clients).

Learn more about regional hosting and data residency features at Snyk.

We are happy to announce a list of enhancements that are now available in the SLA Management Report!

The report provides a comprehensive status about the remediation performance against SLA targets, allowing you to surface performance gaps and prioritize your attention where it is needed most.

As part of the new edition, you can find several enhancements:

• “At Risk” setting - define when to consider an issue as at risk for breaching the SLA according to your own preferences.

• New SLA filters - filter the reported scope according to the SLA status, Time until breach and the Issue age (the new filters are available in the filter picker under the SLA category).

• Review all the issue attributes - a column picker was added to the Breached and at risk open issues table, allowing to add any issue attribute and achieve a more granular prioritization.

• CSV export support - the report tables were added with a CSV export functionality allowing to proceed the analysis externally.

• Expose the full SLA status - the report is no longer filtered on the last 90 days by default. This guarantees a view of the full SLA status. To narrow down on recent issues, please use the introduced date filter.

To learn more about the SLA Management report, please visit our product documentation.

For any questions, please contact your account team.

We are thrilled to update that the asset and application attributes are now available in Snyk Reports!

Please find below the list of new columns and filters that were added:

• Asset context

  • Asset name (and ID)

  • Parent Asset name (and ID)

  • Asset class

  • Asset type

  • Asset tags

  • Repository freshness

• Application context (learn about related integrations here):

  • Asset Application

  • Asset Owner

  • Asset Category

  • Asset Catalog Name

  • Asset Lifecycle

These enhancements unlock a wide range of new use-cases, such as:

• Enhance data-driven prioritization based on the asset business criticality and repository freshness.

• Drill into remediation performance (such as backlog burn down rate and MTTR) within specific applications and code owners.

• Identify prevalent CVEs in business critical assets or strategic applications.

For any questions, please contact your account team.

As part of our ongoing commitment to improving and making Snyk Code findings more accurate and relevant, we're improving our Anti-Forgery Token Validation detection for C#, particularly in cases where .NET MVC is used.

This updates changes the logic to only be triggered in specific instances where .NET MVC usage is detected, a change from the previous "blacklist" approach.

Supported classes include: System.Web.Mvc.Controller, System.Web.Mvc.ControllerBase, Microsoft.AspNetCore.Mvc.Controller, Microsoft.AspNetCore.Mvc.ControllerBase.

This update will be released Wednesday, January 15th. Customers should see a decrease in False-Positive results pertaining to the rule mentioned above.

Please do not hesitate to reach out to your account team with any questions or inquiries!