Showing 411 - 420 of 433 updates
We're pleased to share that the Snyk SBOM CLI Extension now supports additional options for working with Maven, npm, Gradle, Python, Yarn, and NuGet projects.
These will help you produce a more accurate CycloneDX or SPDX SBOM based on your project's configuration. These options are available in CLI version 1.1228.0 and beyond.
Please see our User Docs for more details.
Ryan Searle | Director, Product Management
Today, Snyk is pleased to announce open beta availability of Git repository cloning – a new, and more scalable way for Snyk to provide code security and code quality improvements via SCM integrations – helping you develop fast and stay secure.
The open beta is rolling out to all customers, and across all of Snyk’s deployments in the coming days, and will be available – via Snyk Preview – for all SCM integrations (GitHub, GitHub Enterprise, GitLab, Bitbucket Server, Bitbucket Cloud App, Bitbucket Cloud (Legacy), and Azure Repos), and SCM “flows” (import, PR checks, recurring tests).
When enabled by a Snyk Organization administrator, these flows will be backed by a temporary and shallow Git clone of repository contents, helping Snyk perform its security analyses more reliably and more accurately. This capability has particular benefit for customers using SCM integrations at scale, as it protects against a breach of SCM API rate- and content- limits, and improves Snyk’s analysis of very large repos (sometimes referred to as “monorepos”), by surfacing previously unreachable contents.
Be on the lookout for this new capability, scheduled to land in your Snyk Organization in the coming days.
Meanwhile, you can read more in the docs.
Steve Winton | Principal Product Manager
Over the next two weeks, we continue to enhance Snyk Code. As a result, the following improvements will be implemented:
Java: Improve support for Micronaut and adding support for "unsafe reflection" vulnerabilities. Potential increase in issues, and issues affecting CWE-470
JavaScript: add support for FS/Promise Node.js APIs and sanitizer alignment. Potential increase in issues
.NET (C#): Improved Type Sanitization. Potential decrease in issues
Python: Improvements to sanitizers. Potential decrease in issues
Ruby: Improved support for ActiveRecord. Potential increase in issues
All Languages: Improvement for Path Traversal Sanitizers. Potential decrease in issues affecting CWE-22
If you have any questions, please reach out to your account teams.
We're pleased to announce a significant expansion of the Snyk Vulnerability Database's coverage of malicious packages.
Following our work to mitigate software supply chain attacks, we've added thousands of new malicious packages to the Snyk Vulnerability Database.
As a result, you may notice new Critical severity issues categorized as CWE-506 during your project scans if the newly added malicious packages are detected.
Malicious packages represent a rising threat in software supply chain attacks. We recommend visiting our user documentation to stay informed about this crucial security aspect. Here, you can learn more about what malicious packages are, how Snyk detects them, and the recommended actions to take when encountering malicious package issues in your projects.
Neha Shenoy | Senior Product Manager
We are excited to announce that on Thursday, September 28th, we will officially launch GA support for Kotlin and VB.NET, enabled for all customers. This milestone is a result of months of development, including feedback from 275 customers who conducted scans, significant enhancements driven by input received through customer calls and support tickets, the assessment of benchmark applications and open-source repositories, as well as a comprehensive review of industry and competitor research findings.
For customers with Kotlin or VB.NET code, please anticipate a potential increase in issues.
If you have any questions, please reach out to your account teams.
We're excited to share that Snyk now supports generating CycloneDX/SPDX SBOMs for images using the Snyk Container CLI.
Use the snyk container sbom --format=<cyclonedx1.4+json|cyclonedx1.4+xml|spdx2.3+json> <IMAGE> command to generate SBOM for your image.
This change is available in CLI version 1.1226.0.
To learn more, check out our user documentation. If you have any questions or feedback, please reach out to your account team.
Hadar Mutai | Senior Product Manager
Over the next two weeks, we continue to enhance Snyk Code. As a result, the following improvements will be implemented:
C#, Java, Python: aligning issue severity across languages for consistency. Customers should expect similar or fewer issues
Java: improving java sanitizers. Customers should expect similar or fewer issues
Java/JSP: re-enabling processing of JSP taglib directives. Customers should expect potential increase in issues (released Wed, 9/27)
If you have any questions, please reach out to your account teams.
Snyk Code has been at the forefront of PHP static analysis since its launch 2 years ago.
In 2 weeks time we will roll out a new PHP analysis engine that is smarter. From our benchmarks, we expect a similar number of matches overall, but of much higher quality. This is due to three improvements:
The new engine is capable of deeper analysis, and so doesn’t use approximations as often. This removes many false positive matches.
Object-orientated code that makes use of classes, methods and properties is analysed much better, adding new correct matches.
Interfile analysis is enabled, which detects vulnerabilities across multiple source files.
If you have any questions, please contact support or your account manager.
We are very pleased to announce that Snyk Open Source now supports scanning Pipenv projects via Git integrations!
With this update, you can now import your Pipenv projects into the Snyk web UI simply by connecting your existing Git repositories.
We'll do the hard work of discovering all the dependencies and reporting all related vulnerabilities and licenses.
To get started, head over to the docs or just re/import your repos and check out your shiny new Pipenv projects 🤗
We are excited to announce that on Wednesday, September 6th, we will officially launch GA support for Swift and Scala, enabled for all customers. This milestone follows substantial improvements driven by valuable feedback from customer support tickets, calls, and improvements through benchmark applications and open-source repositories.
For customers with Swift or Scala code, please anticipate a potential increase in issues.
If you have any questions, please reach out to your account teams.