Product Updates

We're updating the "Code Analysis" popup in Snyk Code to provide a more detailed and accurate breakdown of your scanned repositories. Previously, this view showed general language names (e.g., JavaScript).

After this update, it will display the specific file extensions that were analyzed (e.g., .js, .jsx, .ts).

This change provides greater transparency, removing the ambiguity that can occur in complex, polyglot projects. By seeing the exact file types Snyk has scanned, you can more easily verify scan coverage and gain a better understanding of your repository's composition.

This update will roll out to all customers on Sep 22, 2025.

We are pleased to announce the new stable releases for our IDE plugins. The new versions are:

• Visual Studio Code v2.24.0

• JetBrains v2.16.0

• Visual Studio v2.4.0

• Eclipse v3.4.0

This release is focused on enhancing stability and reliability, with key updates including:

• Improved Proxy & Certificate Handling (VS Code): We've enhanced the CLI download process to better respect proxy settings and custom certificates set in the IDE. -This will reduce download failures for users in corporate environments.

• Enhanced Security (Visual Studio): Fixed an issue where the folder trust prompt could be bypassed when auto-scan was enabled.

• More Accurate Scans (All IDEs): We have improved the detection of Git branches, leading to more accurate scan results.

• Custom Endpoint Authentication (All IDEs): Resolved an issue that could prevent users from correctly authenticating with a custom Snyk endpoint.

Please consult the changelog for each of our plugins for a more detailed list of other bug fixes and enhancements.

You can learn more about the Snyk IDE plugins in our Learn resources.

If you have any questions, feel free to reach out to the Snyk support team.

We encourage everyone to upgrade to the newest versions!

We are pleased to announce the latest stable Snyk CLI release, v1.1299.0.

We are introducing the following key improvements in this version. To learn more about bug fixes and additional enhancements beyond what is highlighted below, please reference the full release notes.

General Enhancements

• Personal Access Token (PAT) Authentication: When using a Personal Access Token (PAT), the CLI will now automatically detect and configure the correct region during authentication. This improvement simplifies the setup process and ensures a smoother authentication experience without manual configuration.

• Stability and Performance: This release also includes numerous bug fixes and enhancements to improve the overall stability and performance of the CLI.

Release notes can be found here.

If you have any questions, feel free to reach out to the Snyk support team.

We encourage everyone to upgrade to the latest version to benefit from these new features and improvements!

We know that AppSec teams need to track and report on how Snyk is being used throughout your development lifecycle. Understanding where and how often Snyk tests are run helps you promote early testing, prevent more vulnerabilities, and see the value you're getting from Snyk. We're excited to announce the availability of the Test Usage Data in the Export API!

What's New?

Currently, detailed pre-deployment CLI test data is only available through Snowflake data share or limited CSV exports. The new dataset will provide a more direct and flexible way to access this critical information.

The Test Usage Dataset will give you programmatic access to comprehensive data on your Snyk test activities, including details like:

• When and where tests are run: See timestamps and the environment (e.g., IDE, CLI, CI/CD).

• Test outcomes: Understand interaction statuses and exit codes.

• User and organization details: Identify which users and organizations are performing tests.

• Product usage: See which Snyk products (Open Source, Container, IaC, Code) are being used for tests.

How Does It Help You?

This new Test Usage Dataset unlocks crucial data that was previously harder to access, allowing you to:

• Boost Pre-Deployment Testing: By easily monitoring CLI test adoption, you can identify opportunities to encourage developers to test earlier and more often, leading to better vulnerability prevention.

• Measure Snyk's ROI: Gain clearer insights into how Snyk is being utilized across your teams, helping you demonstrate the value and justify your security investments.

• Integrate Data Easily: Pull test usage data directly into your internal dashboards, reporting tools, or custom analytics solutions without manual exports or Snowflake integration.

We're improving our product update communication experience to help keep you aware and in control. We heard your feedback that it can be hard to keep up with all the changes, so we're introducing new ways to help you find the information that's most relevant to you.

From September 11th, you'll see a new RSS feed link to notify you of all new product update announcements as they are published. You'll be able to filter product updates using tags like Open Source CLI or MCP to find exactly what you're looking for.

We know how important it is for you to be aware of new features and changes that impact your work. Our goal is to give you more control and a better way to get the right information at the right time. We also want to ensure our communications are consistent with our Snyk brand for you to enjoy.

The product updates link in our platform web user interface will take you directly to the new product updates page. The red notification dot on the bell icon will be paused for approximately one week following the launch, before returning to its usual function of alerting you to new updates. The existing RSS feed link will not change. We plan to introduce a search feature for product updates in a later phase and we are currently assessing how best to display product updates within our platform.

Atlassian will deprecate App Passwords in Bitbucket Cloud and transition to API tokens, which provide a more secure authentication method, increased admin flexibility, and additional expiry controls. To align and support this change, Snyk Essentials will be supporting API tokens starting September 9th.

Main highlights include:

• Support of the API Key

• Users who integrate on or after September 9th, 2025, will need to provide user email and API Key

• Existing integrations that are already using app passwords will continue to function without interruption until June 9th, 2026, when app passwords will stop working entirely (or if the app password expires before June 9th).

Users are advised to migrate to the API key starting September 9th, 2025. For any questions, don't hesitate to reach out to the Snyk support team.

We are excited to announce the UI enhancement to have a clearer empty state in Inventory! This provides clarification to why the enrichments might be empty. Main highlights include:

• Ensure that no cell is empty without a reason; this change removes all guesswork.

• To provide clarity on why the fields are missing, the Inventory page will display a defined empty state, including informative tooltips to guide users.

This update is scheduled to be rolled out across all Snyk environments on September 3rd. No actions are needed to enable these changes.

We are excited to announce a new Snyk Code update, bringing increased findings and improved inline documentation to our customers.

What's New?

• Improved Crypto Cipher Detection: In Java, Kotlin, and Scala, we've enhanced our detection for insecure crypto ciphers.

• New Python Rule: A new rule has been added for XXE (XML External Entity Injection), which covers CWE-330.

• Expanded JavaScript Coverage: We've added new coverage for popular JavaScript frameworks, including Angular's ActivatedRoutes and react-router-dom.

• Javalin Web Framework Support: We have added new coverage for the Javalin web framework in Java and Kotlin

• Enhanced Issue Descriptions: The descriptions and titles for security issues have been updated to provide clearer, more specific information. For example, "Cleartext Transmission of Sensitive Information" will now be appropriately categorized into more granular findings like:

  • Cleartext Transmission via Unencrypted Socket

  • Cleartext Transmission via Unencrypted Email

  • Cleartext Transmission via Unencrypted WebSocket

  • Cleartext Transmission via HTTP Instead of HTTPS

This update is scheduled to be rolled out across all Snyk environments on September 15.

Over the coming weeks we will be releasing a number of exciting improvements for JavaScript developers across the npm, pnpm, and Yarn ecosystems.

✨ pnpm general availability (GA)

pnpm is a fast and efficient JavaScript package manager often used for large monorepos. We’re excited that our support for pnpm will be generally available across CLI and SCM integrations in October 2025.

Starting on September 10th, we will begin gradually rolling out support to all customers. During this time, Snyk Projects previously misidentified as npm due to the presence of a package.json will be migrated to pnpm, maintaining all history and ignores.

Here's a summary of what's supported, but please keep an eye on our User Docs for more details:

• pnpm versions 7-10, including workspaces

• All Snyk SCM integrations

• Snyk CLI

• Snyk CI plug-ins

• PR Checks

• Fix PRs

✨ npm & Yarn improvements (GA)

npm and Yarn are two of the most extensively used package managers in the JavaScript ecosystem.

Over the next month, we will be gradually rolling out some minor improvements to how we scan Projects from these ecosystems in our SCM integrations—improving accuracy and offering consistency with our CLI.

Stay tuned for the following changes:

• Snyk now supports using multiple versions of the same dependency with Yarn through our SCM integrations. Previously, this would lead to errors.

• Snyk now correctly throws errors for out-of-sync Yarn manifest files using resolutions, when running under the default strict out of sync mode. Previously, this setting would get ignored for Yarn resolutions.

• Snyk now supports dependency aliases with Yarn and npm through our SCM integrations. Previously, aliases were not supported and could lead to false negatives.

• Snyk now offers more accurate results for npm projects using top level Bundled Dependencies.

These improvements have the potential to change the number of dependencies and issues detected in the project.

As part of our continued effort to improve developer productivity, we have released several enhancements to High-Context Inline Comments today. These updates aim to reduce context switching by delivering contextual and actionable security findings directly within your workflow.

What’s new:

• Data Flow support for GitLab & Azure Repos - Data flows are now supported for both GitLab and Azure Repos, helping developers trace how a vulnerability travels from source to sink in their code, making investigation and fixes faster. For users leveraging Snyk Broker, they are supported for the following versions:

  • Gitlab: Broker version 4.215.2 or higher

  • Azure Repos: Broker version 4.218.2 or higher

• We’ve resolved an issue for GitHub and Bitbucket users leveraging Snyk Broker. Data flows will now correctly point to the intended commit reference for the following versions:

  • GitHub: Broker version 4.216.1 or higher

  • Bitbucket: Broker version 4.217.3 or higher

No action is required to enable these changes. You can find more details in the user docs.