Product Updates

We are excited to announce the GA release of the Custom Base Image Recommendations feature of Snyk Container, bringing a more customized experience to our enterprise customers, allowing developers to utilize the most secure images from their organizations' internal pool of approved images (often referred to as “golden images”).

The General Availability version delivers:

• API endpoints for all custom base image actions to allow automation and smooth integration into existing processes.

• All API functionality is now also available in the browser GUI, allowing users to define custom versioning schemas from the project’s settings.

• Removed feature flag - by default, Custom Base Image Recommendations settings will be shown in the project’s settings.

Please note that this feature is only available for customers on the Snyk Enterprise plan. More details on the feature are available in the public and API documentation.

We are happy to announce Policy Templates for Snyk AppRisk.

Policy Templates help AppRisk users create policies by offering ready-to-use templates that cover common use cases. In addition to creating a policy from scratch, users can now start with one of four out-of-the-box templates and tailor it to their unique requirements.

For more information, please refer to Snyk documentation and watch the Policy Templates overview video.

We are excited to announce the General Availability of the Unified Issues API, which unifies all Snyk issues (SCA, SAST, IaC+) across projects or orgs into one API call. The Unified Issues API approach offers several key benefits:

• Simplifies the user experience with one paginated API call across all projects or orgs

• Saves time by eliminating the need to stitch data across API calls and offering a consistent schema to parse responses with

• Highlights our commitment to building Snyk as a holistic security platform for our customers

The General Availability delivers:

• Uniform issue representation from Code to IaC+, with improved data quality and increased reliability

• Detailed representations for Open Source packages and fix information

• Improved pagination and response management, simplifying the API interaction

• New filters for tailored API responses, catering to specific querying needs

Please check out the API docs for listing all issues by group, and by org.

Note: the experimental versions of this endpoint will be deprecated in 30 days, while the beta version will be deprecated in 90 days. If you have any concerns with the deprecation timelines for experimental or beta endpoints of this API, please contact your account representative.

We are please to announce that the Snyk AppRisk support View Only permission.

View Only permission for Snyk AppRisk will enable you to give view only permission to Snyk AppRisk, so it is minimizes the need for the you to give full access to Snyk AppRisk to your team members.

For more details see the documentation available here

DeepCode AI Fix helps you automatically fix security issues identified by Snyk Code in the IDE (VS Code and Eclipse) using Snyk's DeepCode AI model.

Over the last few months, the team has been continuously adding depth to JS/TS fixes, and we are excited to share the support for 6 additional languages. DeepCode AI Fix now supports:

• Javascript and Typescript

• Java

• Python

• C/C++

• Go (Limited support)

• C# (Limited support)

• APEX (Limited support)

Visit our documentation to learn how to try it out!

We are pleased to announce that the Snyk CLI now supports scanning Gradle 8 projects!

Previously, when scanning version 8 projects in the CLI, some operations might fail due to incompatibility with the Gradle configuration cache. This has now been resolved, and Gradle 8 is officially supported in the Snyk CLI. 🎉

Upgrade to CLI v1.1273.0 or above to scan your Gradle 8 applications.

With our customers and users security in mind, from version v1.1268.0 onwards, Snyk CLI will redact Snyk API authentication tokens from its debug logs.

Once upgraded, when Snyk users run the following commands to enable Snyk CLI debug logs,

DEBUG=* snyk test -d

or

DEBUG=snyk* snyk test -d

they will see API authentication redacted and displayed as ***.

An example of this change is inline:

Snyk API authentication tokens will be redacted from Snyk CLI debug logs for both service as well as individual Snyk accounts.

We recommend upgrading to v1.1268.0 to benefit from this change.

We are very pleased to announce that you can now define the Python version used when scanning pip projects imported via Git integrations in Snyk Open Source!

Until now, Snyk would always use either Python 2.7 or 3.7 which could lead to some dependencies being omitted from results if they require newer versions.

You can now specify the minor version of Python to use in scans.

To try this out go to your Organization Settings. First enable the beta listed in Snyk Preview. Next, go to Languages > Python and specify the Python version to use.

For more details see the documentation available here.

Snyk AppRisk Essentials is Snyk’s new ASPM product, and is now available for qualified customers.

Snyk AppRisk Essentials supports the following use cases:

Automate application asset discovery: Continually discover application assets and classify them by business context, ensuring a security program is fully in sync with developers. Manage security coverage: Define and manage appropriate security and compliance requirements while verifying applications have the correct controls in place., Prioritize based on risk: Blend business and application context with best-in-class security and fix analysis to quantify risk and create an evidence graph, ensuring developer remediation efforts are focused on the issues that matter most to the business.

You can learn more by reading our blog post and public documentation and training, and by reaching out to your account team.

Project Tags are a lightweight and easy way to organise your Projects into bespoke criteria. They also have great synergy with Project Collections to help you visualise your grouping criteria (such as teams or services), focus work, and generate reports.

However, there has traditionally been a couple of points of friction when it comes to using tags at scale:

• You could only create 1000 tags per group, which meant that you might hit your limit quickly (even with good tag management).

• Different permissions were required to create a tag within a group, and assign a tag to a Project, so even if you had an org role that would allow you to work with tags on a project, you might not have the group permission that allowed you to create the tag.

Ultimately, users want the ability to group their Projects by any criteria without any limits, and to not work inefficiently because they're blocked by permission issues. So we're pleased to announce that we have removed the group tag limit, and we're making tag permissions more predictable in behaviour.

The org permission to assign and remove a tag to a project is now sufficient for all tags and will be applied to group admin, org admin, and collaborator roles whilst the permissions for custom roles will remain as they were before this work was delivered. The two differences to your experience will be:

• When you create a custom role, you do not require separate group permission to work with tags, which also helps improve security as you don't need to provide users with group permissions to enable org level functionality.

• The concept of creating and deleting a tag no longer exists. If a tag isn't assigned to a Project, it will not exist.

All of the Project Tag APIs will continue to work as they currently do today.