Product Updates

Project Tags are a lightweight and easy way to organise your Projects into bespoke criteria. They also have great synergy with Project Collections to help you visualise your grouping criteria (such as teams or services), focus work, and generate reports.

However, there has traditionally been a couple of points of friction when it comes to using tags at scale:

• You could only create 1000 tags per group, which meant that you might hit your limit quickly (even with good tag management).

• Different permissions were required to create a tag within a group, and assign a tag to a Project, so even if you had an org role that would allow you to work with tags on a project, you might not have the group permission that allowed you to create the tag.

Ultimately, users want the ability to group their Projects by any criteria without any limits, and to not work inefficiently because they're blocked by permission issues. So we're pleased to announce that we have removed the group tag limit, and we're making tag permissions more predictable in behaviour.

The org permission to assign and remove a tag to a project is now sufficient for all tags and will be applied to group admin, org admin, and collaborator roles whilst the permissions for custom roles will remain as they were before this work was delivered. The two differences to your experience will be:

• When you create a custom role, you do not require separate group permission to work with tags, which also helps improve security as you don't need to provide users with group permissions to enable org level functionality.

• The concept of creating and deleting a tag no longer exists. If a tag isn't assigned to a Project, it will not exist.

All of the Project Tag APIs will continue to work as they currently do today.

We're excited to share an update for the Slack app, introducing a new method for configuring channels to receive notifications. This addresses slow loading times for channel lists by enabling users to input Channel IDs directly. This enhancement ensures a quick verification process and immediate access to channel information, such as the name, right after entering the ID. Experience improved efficiency and responsiveness with this update.

For more details, please refer to our User docs.

We are very pleased to announce that Snyk Open Source support for scanning Pipenv projects via Git integrations is now GA!

The Open Beta for Pipenv Git support has been enabled by default since September, and we are now happy that this is now working well enough to be promoted to GA.

For more details, head over to the docs.

We announced on June 22nd that we will end-of-life the v1 List All Projects API on December 22nd. Alongside the announcement, we have shared a migration guide and have released enhancements to our GA REST APIs to help facilitate the migration. These APIs will provide more consistent versioning, pagination and caching, and improved performance for you.

In addition, we have had two brownouts in October and November, and there is one more to go on December 6th for 4 hours starting 17:00 UTC.

During this time window, the API will return 410 Gone for all requests. If you require further support during these windows, please raise a support ticket. Review the migration guide below and move all your automations over before December 22, 2023!

We recently released a minor change to the Import Targets API. This asynchronous API spawns a separate import job, and returns a 201 Created response and a Location header which should be followed to fetch additional progress details about the import job.

Previously, the Location header was only valid on Snyk’s US-based region. But following this change, the Location header is now a valid URL across all available regions.

If you are performing validation on the Location header, e.g. to verify it is a domain owned by Snyk before following the URL, please update your validation for your appropriate region URL. Snyk’s region-specific URLs are available here.

For any additional questions, please contact support.

Over the next two weeks, we continue to enhance Snyk Code. As a result, we will be making the following improvements:

• APEX: Enabling interfile support. Potential increase in all issues. This will be released week of December 11th

• Go: Source improvements to add buffers and refactoring CMDI sources. Potential increase in all issues

• Java: Sanitizer improvements enabling detection of ContentType. Potential decrease in CWE-79 issues

• PHP: Additional improvements released for PHP interfile. Potential increase in issues

• Python: Sanitizer improvements enabling detection of ContentType for frameworks including Django and Flask. Potential decrease in CWE-79 issues

• Ruby: General sanitizer improvements. Potential decrease in all issues

If you have any questions, please reach out to your account teams.

Snyk Open Source product’s copyright feature provides the copyright information of your open source dependencies. Please note that access to such copyright data via the Dependencies API and Dependencies Report will not be available from January 8th, 2024.

Dependencies Report screenshot below for reference:

From January 8th, 2024, the Dependencies report, the csv export from this report, and the Dependencies API will no longer display copyright data per dependency. Snyk’s License text tool will also no longer produce the copyright information.

Please keep in mind that only the copyright data per dependency is being EOL’d. License data per dependency will continue to exist.

We are actively exploring ways to reintegrate this data in future iterations of our roadmap.

Thank you for your continued support of our services. If you have any questions or concerns, please do not hesitate to reach out to our customer support team.

We are excited to announce that on Tuesday, December 5th, we will officially launch GA support for C/C++, enabled for all customers. This milestone follows substantial improvements driven by valuable feedback from customer support tickets, calls, and improvements through benchmark applications and open-source repositories. Note that we do not currently support macros and code quality.

For customers with C/C++ code, please anticipate a potential increase in issues.

If you have any questions, please reach out to your account teams.

As your organisation grows, the number and variety of Project types in your system also scales, so the ability to find the Projects you work with can become more difficult. Features such as Project Collections improve the ability to organise and work with Projects at scale, so it's important to improve how they can be created.

We're pleased to announce that we've added a "Project Type" filter to the Project Listing page which will improve a user's ability to find the Projects they need to work with. By filtering your Projects by type, you can perform actions such as tagging and creating Project Collections more easily.

Over the next two weeks, we continue to enhance Snyk Code. As a result, we will be making the following improvements in the next few weeks:

• JavaScript: Adding support for node-forge npm library. Potential increase in results, specifically increase Increase in results pertaining CWEs that represent cryptographic weaknesses: CWE-310, CWE-547, CWE-916, CWE-327

• PHP: Adding PHP Drupal support. Potential increase in all issues

If you have any questions, please reach out to your account teams.