Product Updates

As of January 28th, 2026, 6 months from today, Snyk will require customers to use Bitbucket Server version 7.4 or higher, or Bitbucket Data Center 8 or higher to continue using Snyk PR Checks, and Snyk Broker version 4.218.0 or higher when using a brokered connection.

We are making this change to provide consistent operation across our integrations, and to ensure customers have access to the latest Pull Request experience from Snyk.

With this change going into effect, the minimum requirements for using Snyk PR Checks with Bitbucket Server/Data Center are as follows:

1. Bitbucket Server version 7.4 or higher, or Bitbucket Data Center version 8 or higher

2. The integration must have been set up in accordance with Snyk's documented requirements, including the necessary scopes for the token associated with your Snyk Bitbucket Server/Data Center integration.

   This includes webhooks read and write scopes, for continued feature support

3. When using a brokered connection, Snyk Broker version 4.218.0 or higher is required

If you have any questions, please reach out to Snyk's support team.

Useful Links

• Prerequisites for automated PR checks

• Bitbucket Cloud and Bitbucket Data Center/Server token permissions

• Update the Snyk Broker client

Get ready to supercharge your security prioritization! Snyk API & Web is rolling out a new Critical severity level for findings. This enhancement brings our platform even closer to industry standards, helping you zero in on the most urgent vulnerabilities that demand immediate attention.

Key Dates

• September 2, 2025: The Critical severity level will become visible within the Snyk API & Web UI. While no findings will be assigned this severity yet, this is your prime opportunity to prepare your systems. Read this article for more information.

• September 16, 2025: Snyk API & Web will begin automatically assigning the Critical severity to all eligible findings (those with a CVSS score of 9.0 or higher). Existing finding severities won't change unless they are detected in a new scan after September 16th.

This update empowers you to focus on what matters most in safeguarding your applications. If you have any questions, please reach out to Snyk’s support team.

We’ve released a new CLI hotfix (v1.1298.2) to address several bugs and improve the overall user experience.

This update includes the following:

• MCP: Streamlines local project testing by preventing unnecessary security prompts for folders you have already trusted. This category also includes security hardening to improve the container scanning tool’s resilience against potential prompt injection.

• Snyk Code: Resolves an issue where running the snyk code test --report command could fail in environments where a PROJECT_ID environment variable is set.

• Snyk Agent Fix: Resolves an issue that could prevent Snyk Agent Fix from being available in IDE plugins for users whose default organization didn't have the feature enabled.

As this is a targeted hotfix, no other changes in behavior or new features are expected.

Release notes are available here.

We encourage everyone to upgrade to the latest version to ensure stability and benefit from these important fixes.

If you have any questions, please don’t hesitate to reach out to the Snyk support team.

We’ve released hotfix v2.23.1 for our Visual Studio Code extension.

This update addresses two use cases that improve stability and the overall user experience. We have enhanced how the plugin handles network proxies and certificates, which will reduce download errors within the IDE. This release also fixes a bug that prevented the GCA integration from working correctly in some cases.

There are no other functional changes in this version, so your day-to-day experience using the extension will remain the same.

If you have any questions, feel free to reach out to our support team.

We encourage everyone to upgrade to the latest version to benefit from these improvements!

We are excited to announce the release of Snyk Azure DevOps Task v1.9.0. This update introduces a key improvement that simplifies the experience for users in complex network environments.

This release includes the following enhancement:

• Automatic Proxy Detection: The Snyk task will now automatically detect and use the HTTP/HTTPS proxy configuration from the Azure DevOps agent it is running on. This removes the need for any manual setup, streamlining pipeline configuration in restricted environments.

To enable this feature, simply update to version 1.9.0 in your Azure DevOps pipelines. No other configuration is required.

If you have any questions, please don’t hesitate to reach out to the Snyk support team.

We’re excited to announce that Issue Summary Comments and High-Context Inline Comments will be coming to General Availability for the second wave of SCMs. Starting August 26, 2025, these capabilities will be enabled by default for all customers using PR checks. The rollout will complete by September 8, 2025.

The following SCM integrations are in scope:

• GitLab

• Azure Repos

• Bitbucket Server
  

What’s included in this release

Repositories with PR checks enabled will automatically receive:

• Issue Summary Comments for both success and failure cases (covering Snyk Code + Open Source security and license findings)

• High-Context Inline Comments for Snyk Code issues

Repositories that have either been (1) manually disabled either of the comments after initial enablement or (2) disabled summary comments for success scenarios during Early Access will remain unchanged, ensuring prior preferences are respected.

🛑 Opt-Out Requests

Opt-out requests can be submitted via our dedicated form or through your Snyk POC (include Group/Org IDs). Submissions received on or before Aug 25, 2025 will not be default enabled. To customize your preferences at any time after default enablement, you can simply visit your integration settings in the Snyk WebUI where you can toggle comments off.

This release will be a big step forward in our mission to make security native to the developer experience and we’re excited to see how this helps your teams fix issues faster. Please reach out to your account team if you’d like to join upcoming feedback sessions and help shape the future of Snyk’s Pull Request experience.

We're excited to announce the general availability of Snyk's latest report, "Snyk Generated Pull Requests."

Originally launched to early access late last year for Enterprise plans, this report sought to provide high-level visibility over your Snyk-generated manual and auto-fix PRs. The premise was simple: many Snyk accounts have hundreds, if not thousands, of projects within a single Group, which makes monitoring PRs near impossible.

Until now, AppSec teams have been left to their own devices to understand concepts such as PR volume, state, merge rates, and even mean time to merge. With the introduction of the 'Snyk Generated Pull Request' report, we make it simple to view this information and take action on it. Moreover, the report is available at both the organizational and group levels, allowing you to spend more time analyzing and less time filtering for the right granularity.

What's new in the general availability release:

• A new global filter for specific package managers (thanks for your feedback!)

• A new table in the drawer to track PRs created for a specific repo

• Performance enhancements in filtering, data population, and overall loading time

To view the report, select Reports in the left-hand navigation of Snyk's UI. At the top of the page, under the Change Report dropdown, select Snyk Generated Pull Request.

Happy Remediating!

We are excited to announce that a couple of new asset enrichments from the SCM will be available beginning July 30th!

The new asset context properties introduced are:

1. SCM Project from BitBucket and Azure DevOps

2. SCM Organization from all SCMs (representing the SCM Organization in GitHub & Azure DevOps,Workspace in BitBucket, and Group in GitLab)

With additional asset context, it is possible to better prioritize and classify repositories based also on their SCM properties. Additionally this enables users to enforce coverage controls based on the SCM properties.

We are constantly working to provide additional asset context! If you have any asset context that you would like to see in Snyk or have any questions, contact the Snyk Support Team.

Following our Early Access launch of Snyk MCP for Agentic Workflows, we are excited to introduce powerful new visibility into how your teams are adopting Snyk in their local and AI-driven development environments.

We are rolling out key new metrics to the Developer IDE and CLI usage report to capture detailed MCP usage. This update will provide deeper insights into developer adoption with three key additions:

• Top-Level MCP Scan Count: A high-level summary of the total number of MCP scans performed by your team.

• Usage Breakdown Chart: A new chart that visualizes the usage split between the Snyk CLI, our various IDE plugins, and Agentic Scans (MCP), helping you clearly see which platforms developers leverage.

• MCP Host Breakdown Chart: To offer more granular insights, a new chart will break down Agentic Scans by the specific host application, such as Windsurf, Cursor, and others.

These new reporting features will allow security teams to demonstrate strong shift-left behavior and identify teams that are successfully adopting Snyk locally as a model for the rest of the organization.

To enable this new level of insight, it is required for users to update to the latest versions of the Snyk CLI (v1.1298.1).

Please reference our documentation for all the details and prerequisites to use the report.

Finding and providing up-to-date API schemas for security scanning is a common challenge. To solve this, Snyk API & Web now integrates with Akamai to simplify and automate your API security workflow, helping you maintain comprehensive coverage with significantly less manual effort.

This integration connects directly to your Akamai account to automatically discover your complete API inventory and import the corresponding schemas required for security testing.

Key Features

• Automated API Discovery: The integration automatically imports your API inventory and schemas from Akamai, eliminating the manual work of finding and uploading them.

• Increased Scan Coverage: By discovering all your Akamai-managed APIs, you can ensure broader security testing coverage across your application portfolio.

• One-Click Onboarding: Add discovered APIs as targets with a single click, with their schemas pre-populated and ready for testing.

How to Get Started

Availability: This feature will be available in your Snyk API & Web account on August 4, 2025.

Once available, you can begin using the integration by following these steps:

1. Connect to Akamai: Go to Settings > Integrations in your Snyk API & Web account to configure the new Akamai integration.

2. View Imported Domains: After a successful connection, Snyk API & Web imports your domains from Akamai. You can see these new domains under Targets > Domains.

3. Discover and Scan Your APIs: Snyk API & Web then automatically scans these domains to find the associated API assets. When the scan is complete, your discovered APIs are displayed when you select the Discovery menu option. From there, you can add them as targets and begin scanning immediately.

To find specific API assets, use the following filters:

• Filter by Type > API to display only API assets.

• Filter by Source > Akamai to display assets imported from this integration.

Need Help?

If you have any questions or need assistance with the new integration, please contact the Snyk support team.