Product Updates

As part of our ongoing efforts to improve performance and reliability of Snyk, we’ve made some changes to the database infrastructure behind the Dependencies tab UI and v1 List all dependencies API.

All requests will now be served by a read replica, rather than the primary database. Moving read-intensive APIs like this one dedicated database infrastructure helps ensure that our systems remain stable.

When importing a Project, it's expected that changes will be reflected in the Dependencies tab and API after 10 seconds. You should not notice this change on your end, and we expect the impact on your usage of Snyk to be negligible.

Over the next two weeks, we continue to enhance Snyk Code. As a result, the following improvements will be implemented:

• PHP, Go: Improving support for hardcoded-type rules, specifically CWE-798, CWE-259, and CWE-547. Customers should expect more issues

• Javascript: Improving React and Nest.js support. Customers should expect more issues

• Java, Scala, Kotlin: Implementing support for Jooq library. Customers should expect more issues

• Ruby: Implementing sanitizers for ActiveRecord. Customers should expect similar or fewer issues

• Java, C#: Implementing regex-style sanitizers. Customers should expect similar or fewer issues

If you have any questions, please reach out to your account teams.

On Monday, August 28th, we’re rolling out two exciting features to enhance your Snyk Code experience.

First, after months of development, thorough research, and valuable customer feedback, we're thrilled to announce that VB.NET will now be available in Open Beta.

Second, we're empowering our customers to explore the potential of additional languages – VB.NET, Kotlin, Swift, and Scala – through Snyk Preview. Snyk Preview is a feature that allows you to experiment with upcoming language support and features. To access Snyk Preview, log into app.snyk.io and navigate to Settings > Organization Settings > Snyk Preview.

Rest assured, these changes will not impact your existing issues. If you already use beta languages, your current settings will seamlessly carry over to Snyk Preview. For those who haven't yet opted into beta languages, Snyk Preview will have the default setting turned off. We encourage you to enable them and share your thoughts with us!

If you have any questions, please reach out to your account teams.

We are pleased to announce that Snyk Container can now scan and identify vulnerabilities in Chainguard Images and the Wolfi (un)distribution.

Scanning can be performed using the Snyk Container CLI, the Snyk Kubernetes Monitor integration, and the container registry integrations.

Base image recommendations and auto detection will be available in the near future.

See all distributions supported by Snyk Container here. If you have any questions or feedback, please contact us.

We've made a change to how we model Group Admin's roles in terms of the Orgs within their group. Previously they would always be explicitly assigned the Org Admin role for every single Org in their Group. Now this is no longer explicit, but implied by the fact that they have the Group Admin role. There is no change in their capabilities because of this, and no action is required. The only noticeable difference will be that they no longer appear on the list of Org members. We have also made the equivalent change for Service Accounts which were assigned the Group Admin Role.

Please contact support or your account representative if you have any questions or concerns.

We're excited to announce the open beta availability of Snyk’s new Risk Score!

The new Risk Score was designed to help you prioritize more effectively by providing you with an accurate and holistic understanding of the risk posed by a given security issue.

The Risk Score is powered by a new risk assessment model that leverages multiple objective and contextual risk factors to measure both the likelihood of a vulnerability being exploited as well as the impact it may have if exploited.

Examples of risk factors included in the new Risk Score: Reachability, Exploit Maturity, EPSS, Social Trends, CVSS metrics, transitive depth, business criticality, and more.

Please refer to our documentation for the full list of risk factors as well as information on how the score is calculated.

The new Risk Score is available, in open beta, for all Snyk users and only displayed for Snyk Open Source and Snyk Container projects. To enable the score, turn it on via Snyk Preview.

On August 29th, we're rolling out Snyk Code improvements to provide you with even better code analysis.

What to expect:

• PHP: Deeper coverage, a potential increase in issues.

• Apex, Swift, Go, C#, VB.NET: No change in issues, possible reduction in severity (high to med/low).

If you have any questions, please reach out to your account teams.

Following the June announcement of the end-of-life of the List all projects v1 API, we’re happy to announce that we’ve migrated the Snyk tools and integrations which use the List all projects v1 API to use the GA REST APIs.

The main benefit of the new version of the tools which uses the REST APIs is that the performance will improve greatly, and you’ll see that benefit when you upgrade your tools so we strongly encourage you to do so.

For a list of the tools that were using the older API and will now be using the REST APIs, check out our migration guide.

We are pleased to announce that Snyk is no longer making filters on the project listing page enabled by default. We originally added this default functionality to improve the performance on the project listing page but since the improvements we’ve made and with pagination in place, we no longer need to have default functionality that might confuse users. The filters in question are the "Without Issues" and the "Deactivated Projects" filters.

We are not removing the filter from the page and it will remain usable, but we are no longer enabling it by default when you create a new organization. As before, filters are part of the URL and so can be bookmarked or shared.