Product Updates

To enhance developer efficiency and optimize our security tools, Snyk is excited to introduce a new architecture for the Snyk integrations public documentation. This centralized documentation section offers a dedicated and organized area for all Snyk CLI, IDE, and CI/CD integrations.

The objective is to integrate security seamlessly into the software development lifecycle. This update directly supports that goal by offering a cohesive discovery point of the developer tools, clearly distinct from SCM and other platform integrations. The result is a more logical and intuitive user experience.

This change provides the following advantages:

• Improved usability: By creating a dedicated section for developer-centric integrations, users can locate and configure the necessary tools with greater precision and fewer errors.

• Accelerated tool adoption: The centralized documentation section simplifies the discovery process, allowing development and security teams to implement and deploy Snyk more quickly across their workflow environments.

• Increased efficiency: Users can save considerable time when accessing and managing the integrations essential to their daily development and security workflows.

To ensure continuity, all bookmarks and links to previous integration pages will be automatically redirected to their new locations within the public documentation, preventing any disruption to user workflows.

This information architecture change will officially come into effect on July 9, 2025.

We are releasing Snyk CLI v1.1297.3, a follow-up hotfix to our recent v1.1297.2 announcement. This update further enhances the security of debug logging.

We encourage all users to upgrade to v1.1297.3 to benefit from these important security enhancements. Release notes can be found here.

CVE-2025-6624 has been published to address this vulnerability.

Important: This hotfix resolves a potential vulnerability. Please review the details below.

By default, the Snyk CLI sanitizes sensitive credential information from logs. However, previous versions of the Snyk container CLI tool had potential vulnerabilities in this sanitization, where sensitive credentials could potentially be written into local Snyk CLI debug logs, if the Snyk CLI is executed in DEBUG or DEBUG/TRACE mode. There is no exposure to these vulnerabilities if the DEBUG flag is not used when executing Snyk CLI commands. Exact details are listed below.

Although these logs are only stored locally where the CLI is invoked, debug logs might have been manually sent as part of support queries to Snyk Support Engineers or copied/backed up to other locations by your processes.

Snyk has already proactively reached out to any customers we believe may have been exposed to this vulnerability, based on our internal usage logs. However, we recommend that users of Snyk CLI upgrade to this hotfix to avoid any future exposure.

This hotfix resolves the following vulnerabilities:

• When the snyk container test or snyk container monitor commands are run against a container registry, with debug mode enabled, the container registry credentials could previously be written into the local Snyk CLI debug log in some circumstances. This only happens with credentials specified in environment variables (SNYK_REGISTRY_USERNAME and SNYK_REGISTRY_PASSWORD), or in the CLI (--password/-p and --username/-u).

• When the snyk auth command is executed with debug mode enabled AND the log level is set to TRACE, the access / refresh credential tokens used to connect the CLI to Snyk could previously be written into the local CLI debug logs.

• When the snyk iac test is executed with a Remote IAC Custom rules bundle, debug mode enabled AND the log level is set to TRACE, the docker registry token could previously be written into the local CLI debug logs.

Snyk Code Consistent Ignores is now Generally Available (GA) for all Snyk Code customers.

This capability ensures ignores are consistently applied in all surfaces throughout the development lifecycle, helping your teams eliminate distractions and focus on the risks that matter most. This means ignores are now respected across projects, branches, and integrations within a repository, notably in the IDE plugins, the Snyk CLI, and native PR checks.

For existing customers, Snyk Code Consistent Ignores can be enabled by toggling this on in your Group or Org settings. Any newly created groups or orgs will have this functionality enabled by default going forward.

We're thrilled to bring this powerful capability as a core offering of the Snyk platform, bringing a new level of focus and efficiency to your security workflows. For more detailed information on how Snyk Code Consistent Ignores works, check out the documentation and the Snyk Learn lesson.

We’ve released a CLI hotfix (v1.1297.2) to enhance security and resolve the following issues:

• Improved Debug Logging Security for Scans: Improves the sanitization of credentials in local debug logs.

• IDE Connectivity for Proxy Users: Fixes an issue where IDE plugins could fail to connect when operating behind an NTLM proxy.

• Snyk Code Local Engine Fix: Addresses a regression that prevented the Snyk Code Local Engine (SCLE) from functioning correctly within the IDEs. As this release is focused on security and stability, no change in behavior or new features are expected.

Release notes can be found here.

If you have any questions, feel free to reach out to the Snyk support team. We encourage everyone to upgrade to the latest version to benefit from these important security and reliability fixes!

We're providing an important update regarding an upcoming enhancement to the Snyk CLI that will impact Linux environments. To ensure the Snyk CLI operates as smoothly and securely as possible, providing the strongest security and stability for your development environments, we are updating an internal component.

What's Changing for Linux Users?

Effective with the Snyk CLI release 1.1298.0 targeted for July 16, 2025, the minimum required GNU C Library (glibc) versions on Linux will be updated as follows:

• For Linux x64 environments: glibc version 2.28 or higher

• For Linux arm64 environments: glibc version 2.31 or higher

This change only affects Linux environments. Users on macOS and Windows are not impacted by this specific glibc update.

Why Are We Making This Change?

This update is driven by our commitment to ensure all components within the Snyk CLI are current and supported, preventing the use of components that may no longer receive critical security patches or bug fixes. This transition is crucial for:

• Enhanced Security & Stability: Via this upgrade, we ensure our CLI remains protected against emerging vulnerabilities and benefits from ongoing improvements, addressing potential risks.

• Modern Dependency Compatibility: The broader software ecosystem continually evolves. This upgrade allows us to integrate essential library updates, bug fixes, and new features more effectively and reliably.

Meeting these glibc requirements also means your Linux environments will likely be running on operating system versions that are fully supported and not past their own end-of-support dates, further enhancing your overall security posture.

Timeline and Your Environment Readiness:

We are introducing these new requirements in the Snyk CLI 1.1298.0 release scheduled for July 16, 2025. This provides a window for you to assess and, if necessary, update your Linux environments.What if You Need More Time?We understand that updating your environments might require planning and coordination. If you anticipate needing more time to meet these new glibc requirements beyond the July 16, 2025 release, we recommend the following temporary solutions to continue using the Snyk CLI without interruption:

• Pin your Snyk CLI version: You can temporarily pin your Snyk CLI to version 1.1297.1 (the last version before these new requirements take effect) to allow more time for your glibc upgrade.

• Utilize Snyk CLI Docker Images: Our official Snyk CLI Docker images come with compatible glibc versions and can be a good alternative.

• The CLI preview version was updated starting June 4th to contain the new glibc requirements for testing the coming changes in time.

Our primary goal is to provide you with the most secure and reliable tools, and this update is a key step in that direction.Thank you for your understanding and partnership in maintaining a secure development lifecycle!

We’ve released CLI hotfix v1.1297.1.

This version rolls back specific changes related to Gradle dependency resolution that were introduced in v1.1297.0.

We are taking this step to ensure stability for all users while we continue to refine this functionality. We plan to reintroduce these improvements for Gradle resolution in a future stable version once further enhancements are complete.

Release notes can be found here.

If you have any questions, feel free to reach out to the Snyk support team.

We encourage everyone to upgrade to the latest version!

We are pleased to announce the latest stable Snyk CLI release v1.1297.0.

We are introducing the following new features and improvements in this version. To learn more about bug fixes and additional enhancements beyond what is highlighted below, please reference the release notes.

Container Enhancements

We've made scanning container image archives more straightforward. You can now directly scan image archives (e.g., image.tar) using snyk container test image.tar or snyk container monitor image.tar without needing to specify the image type as a prefix. This simplifies the command structure and streamlines your container security workflows.

Open Source Enhancements

This release brings significant improvements to Gradle module resolutions. The Snyk CLI's Gradle dependency resolution will now default to finding all artifacts against resolved dependencies. You can read more about this here.

Release notes can be found here.

If you have any questions, feel free to reach out to the Snyk support team.

We encourage everyone to upgrade to the latest version to benefit from these new features and improvements!

We are pleased to announce a bug fix for Snyk Open Source PHP support in the Snyk CLI.

With this update CLI support for PHP will be improved as follows:

• Today, Snyk CLI test and monitor commands may fail for users who only have composer.phar locally, and no global composer. With this bug fix, these scans will now succeed

How will my scan results change?

• CI/CD pipelines that were failing due to this error may now succeed after upgrading to the new CLI version

• New issues may be found when the projects are scanned successfully

What are the next steps?

The changes are available now in the preview channel of the CLI, and will be included in the stable channel on 14 May 2025.

We are pleased to announce two Snyk Open Source bug fixes for Gradle support in the CLI.

With this update CLI support for Gradle will be improved as follows:

• Multiple packages with the same artifactId will be included in the dependency graph correctly.

• platform dependencies will no longer be included in the dependency graph. Platform dependencies are not regular dependencies of the project, and do not result in an artifact. Rather they control the versions of other dependencies, in a similar way to dependency management BOMs in Maven.

How will my scan results change?

Overall, this release should not lead to an increase in vulns or issues.

• artifactId change - we might find more paths in the dependency graph, but the packages and issues should remain the same.

• platform change - potentially fewer issues.

What are the next steps?

The changes are available now in the preview channel of the CLI, and will be included in the stable channel on 14 May 2025.

We’ve released a CLI hotfix (v1.1296.2) to enhance the following use cases and introduce new capabilities:

• Experimental Model Context Protocol (MCP) Integration: Enables integrating Snyk scans (Open Source & Code) into MCP-compatible tools using the new snyk mcp --experimental command. This allows the CLI to act as an MCP server for these integrations. Note: This feature is experimental and may evolve. You can read more about Snyk MCP here.

• Routine enhancements: Incorporates routine enhancements for security and reliability.

Release notes can be found here.

If you have any questions, feel free to reach out to the Snyk support team.

We encourage everyone to upgrade to the latest version!