Product Updates

Over the following weeks, we will roll out an updated navigation menu for all Enterprise customers in the Snyk web app. Besides browsing Organizations and Groups, the left-side navigation menu will now include the Tenant that brings together all the Snyk entities of the customer:

View image description

The Tenant entry in the hierarchical nav menu will not give visibility into everything inside the Tenant. Customers will continue to see only the Groups and Organizations they’re a member of. The new Tenant-level nav menu will include:

• A new “Members” page for managing all the Tenant users and assigning Tenant-level admin rights.

• Access to Snyk Analytics for Analytics Early Access customers.

More details will follow in the upcoming week when the rollout will begin.

We are announcing the Early access release of High-Context Inline Comments as part of our ongoing initiatives to enhance the pull request experience. This feature brings detailed security findings directly into your PRs, streamlining the process of identifying and fixing vulnerabilities without leaving your SCM.

With High-Context Inline Comments, you’ll see each SAST security finding alongside key information such as CWE (Common Weakness Enumeration) and priority score which makes it easier to act on vulnerabilities quickly, reducing the need for developers to switch between platforms and improving your team’s workflow. You can also access relevant Snyk Learn lessons, and see an embedded data flow to introspect on your findings.

If you’re interested in enabling this feature for your organization, you can now directly enable it from integration settings for the supported SCMs.

Inline comments are available in Early Access for the following SCM integrations:

• GitHub: GitHub OAuth, GitHub Enterprise (PAT), and GitHub Cloud App

• Bitbucket: Bitbucket Cloud (PAT), Bitbucket Cloud App

Please refer to our user documentation for more details and start streamlining your workflows today!

We’re excited to announce the General Availability of the GitHub Cloud App! This milestone follows extensive improvements, including a comprehensive threat modeling exercise and the mitigation of identified risks. 🎉

The GitHub Cloud App represents a significant advancement from our existing GitHub integrations, introducing key features like role-based, granular access control and increased API rate limits. These enhancements provide a more secure and scalable way to integrate with GitHub, laying a strong foundation for a richer developer experience in the future. Unlike PAT and OAuth-based integrations, the GitHub Cloud App uses short-lived tokens for authentication, eliminating the need to manually handle or store sensitive personal access tokens. This not only simplifies setup but also significantly reduces security risks, offering a modern and more efficient alternative aligned with GitHub’s best practices. 🚀

Please refer to our user documentation and Snyk Learn for more details.

Support for Snyk’s Docker Desktop integration will officially end on June 20th, 2025. After this date the extension will no longer receive updates or technical support. From now until the end-of-support date, updates will only address known high severity security vulnerabilities.

To avoid disruption, we encourage all our customers and users who rely on this integration to transition to scanning their container images via our Command Line Interface (CLI) tool. The CLI offers enhanced functionality, greater flexibility, and improved performance compared to the Docker Desktop extension.

Our documentation provides a comprehensive guide on how to get started, and our support team is here to assist with any questions or challenges you might face during the transition

We are confident that the CLI will provide you with a superior experience, and we look forward to continuing to serve your needs with our robust set of tools.

Please reach out to support with any questions.

Dear customers,

We want to inform you of upcoming changes which may impact your development workflows.

Starting June 24, 2025, Snyk will implement an official 12-month Support Policy for our IDE, Language Server, and CLI versions. Additionally, we are announcing the deprecation of certain IDE features, detailed herein: Code Quality Findings in Snyk Code (both WebUI and IDE Plugins), Javascript CDN Library Detection in HTML Files, and Container Image Detection in Kubernetes YAML Files.

12-month Support Policy

Establishing an official 12-month Support Policy for IDE, Language Service, and CLI will enable us to provide a more consistent experience throughout the feature lifecycle, enabling customers to adopt new innovative features sooner and providing more clarity to customers about what they can expect in terms of supportability.

What this means: Each version of our IDE plugins, CLI, and Language Server will be supported for 12 months from its release date. Clear support timelines allow you to plan upgrades confidently, reducing unexpected disruptions.

To continue receiving support and access to the latest features, please upgrade your IDE plugin, Language Server, and CLI to a version released within the last 12 months by June 24, 2025. We encourage you to schedule regular updates to stay within our support window.

For guidance on upgrading, please refer to our Documentation for IDE, Language Server, and CLI, respectively. If you need assistance, please contact our support team.

IDE plugin feature deprecations effective June 24, 2025

Snyk previously supported a basic set of code quality features that only appeared in the IDE experience and some experimental security features found only in singular IDE platforms. This functionality was used only by a small number of customers, and the feedback we received from most customers was that this feature set needed to be revised to meet their needs and obscured relevant findings. After careful consideration, we have decided that removing this functionality is the best outcome for all of our customers.

Deprecation of Code Quality Findings in Snyk Code (WebUI and IDE Plugins) Snyk Code Quality findings will no longer be provided in versions of the IDE plugins. Earlier plugin versions may still show the Code Quality findings section but the results will be empty. Affected integrations: Web UI, all Snyk IDE Plugins

Deprecation of JavaScript CDN Library Detecting in HTML Files This feature surfaced security vulnerabilities in JavaScript packages from well-known CDNs (Content Delivery Networks) within HTML files in your projects. Affected integrations: Visual Studio Code and Language Server

Deprecation of Container Image Detection in Kubernetes YAML Files This was an experimental feature available in the the Snyk JetBrains IDE that scans Kubernetes configuration files and searches for container images . Affected integrations: Snyk JetBrains IDE Integration

We value your partnership and are committed to supporting your success. If you have any questions or need assistance, we’re here to help.

Thank you for your continued support.

Best regards,

We're excited to announce a significant upgrade to the Eclipse IDE extension. This release focuses on the User Interface consistency with Snyk VSC and JetBrains extensions.

What’s new

• New custom Snyk panel with issues tree, filters, and suggestion details, similar to VSC and JetBrains IDEs.

• Delta findings

Eclipse 2024-03 (4.31) or newer is required.

Planned release on January 09.

We're excited to announce a significant upgrade to the Snyk Visual Studio IDE extension. This release aims to ensure feature parity and consistency with Snyk VSC and JetBrains extensions.

What’s new

• UI improvements and standardization

• Auto-scanning capability

• IaC support

• Delta findings

• Snyk Learn integration

Things you should know

• Prerequisites: Visual Studio 2022 (17.5+)

• A special preview version is live and available on the official MS marketplace

Planned release on January 09.

We are pleased to announce further improvements to scanning Gradle projects with Snyk Open Source.

Gradle projects often include secondary build files using the apply from syntax to manage dependencies, repositories, extra properties and other configuration.

From December 12th, Snyk's improved Gradle scanner (available in Snyk Preview) will support analyzing these kinds of additional build files.

The following forms will be supported.

• Groovy: apply from: "dependencies.gradle"

• Kotlin: apply(from = "dependencies.gradle.kts")

Note that any file names may be used, those above are just for example.

Existing users of the new scanner should see the improved results in the next re-scan of their projects. Or to start using the new scanner, see the documentation.

The PR Issue Summary Comment feature (previously in Closed Beta) for Snyk PR Checks is now available in Early Access! With this feature, developers using Snyk PR Checks will receive a comment with a summary count of security, license, and code checks directly within their pull requests, categorized by severity (Critical, High, Medium, Low). This empowers developers to identify and address issues early, with detailed links provided for deeper investigation.

To enable this experience, a new Pull request experience section is now available in the SCM integration settings for supported SCMs. This allows you to directly opt-in to the experience and manage whether to omit the summary comment in cases of PR Check success.

PR Comments are available in Early Access for the following SCM integrations:

• GitHub: GitHub OAuth, GitHub Enterprise (PAT), and GitHub Cloud App

• Bitbucket: Bitbucket Cloud (PAT), Bitbucket Cloud App

Start streamlining your workflows today!

We’re excited to share that supported license data in the form of expressions will now automatically be included in all SBOMs produced by Snyk.

Until now, license information has been available in other parts of Snyk—but not in our CycloneDX or SPDX software bill of materials.

We hope this release makes it easier than ever to share key legal context about your supply chain with relevant audiences.

Although no changes are required, we recommend exploring how you can begin using license data in your SBOM-related integrations and workflows.

This release is coming soon, and could be available as early as November 28th. Keep an eye out for updates to Snyk's User Docs with more information.