Product Updates

We're excited to announce the general availability of Snyk's latest report, "Snyk Generated Pull Requests."

Originally launched to early access late last year for Enterprise plans, this report sought to provide high-level visibility over your Snyk-generated manual and auto-fix PRs. The premise was simple: many Snyk accounts have hundreds, if not thousands, of projects within a single Group, which makes monitoring PRs near impossible.

Until now, AppSec teams have been left to their own devices to understand concepts such as PR volume, state, merge rates, and even mean time to merge. With the introduction of the 'Snyk Generated Pull Request' report, we make it simple to view this information and take action on it. Moreover, the report is available at both the organizational and group levels, allowing you to spend more time analyzing and less time filtering for the right granularity.

What's new in the general availability release:

• A new global filter for specific package managers (thanks for your feedback!)

• A new table in the drawer to track PRs created for a specific repo

• Performance enhancements in filtering, data population, and overall loading time

To view the report, select Reports in the left-hand navigation of Snyk's UI. At the top of the page, under the Change Report dropdown, select Snyk Generated Pull Request.

Happy Remediating!

We've rolled out an enhanced tenant-level Snyk Analytics experience! This update empowers you with more control and deeper insights into your security posture, making it easier than ever to manage risk across your organization.

What's New & Improved?

• Customizable Dashboards: You can now build your own analytics dashboards using a new set of widgets. This lets you focus on the metrics that matter most to you.

• Centralized Reporting Catalog: Access a new catalog of Snyk tenant-level reports. This central hub makes it simpler to find and access the reports you need, providing a unified view of your security data.

• Improved Data Access: Users with group reporting permissions now have direct access to tenant-level analytics for all the groups they are authorized to view, streamlining data visibility and collaboration.

Who Can Access This Early Access?

This exciting Early Access is currently available for our Enterprise plan customers who have group-level reporting permissions.

How to Opt-In:

Look for a banner link on your existing Tenant Analytics page to opt in. You can switch back to the current General Availability (GA) experience at any time.

Also, Now Generally Available!

As part of this release, we're also pleased to announce that the Repositories Tested in CI/CD report and the PCI-DSS v4.0.1 report have been moved to General Availability.

Go to Redesigned Analytics to learn more about this new Analytics page!

We've added a new asset policy template to easily keep up with new repositories discovered across all SCMs used within a specific Snyk Group.

The out-of-the-box logic is set notify on newly discovered repositories from the past 7 days that are not yet tested with Snyk. Customers only need to add the list of email recipients to save and start using it.

The template can be tweaked and adjusted as needed.

We are announcing the Early Access release of PR Issue Summary Comment and SAST High-Context Inline Comments as part of our ongoing efforts to enhance the pull request experience. These features bring critical security insights directly into your PRs, reducing context switching and streamlining vulnerability remediation.

• PR Issue Summary Comment - With this feature, developers using Snyk PR Checks will receive a comment with a summary count of security, license, and code checks directly within their pull requests, categorized by severity (Critical, High, Medium, Low). This empowers developers to identify and address issues early, with detailed links provided for deeper investigation.

• High-Context Inline Comments display each SAST security finding alongside key information such as CWE (Common Weakness Enumeration) and priority score and a Snyk Learn link for further guidance—helping developers remediate issues faster without leaving their SCM. 🚀

This is part of a series of enhancements designed to improve your developers’ pull request experience with Snyk, and we remain committed to further improving it. If you’re interested in enabling this feature for your organization, you can self-opt in via the Pull Request Experience section in the SCM integration settings. Check out the user docs for more details. Try it out and connect with your account team to participate in feedback sessions to shape the future of your Snyk’s workflows.

To improve consistency within the Snyk app, we've moved the Broker client commit signing toggle from Snyk Preview to the Broker Settings page. The client commit signing to gives you the ability to enable access to commit signing using Broker clients.

This change centralizes related settings, making it easier for you to manage your commit signing preferences and ensuring a more predictable and unified experience.