Product Updates

Once discovery of repositories takes place and is available on the Inventory view, the coverage gap asset policy will be applied out of the box to identify repositories not tested with Snyk OS and Snyk Code. Based on this policy, coverage gaps will be identified and repositories that don't meet the coverage requirements will be marked as such.

The policy can be edited to meet each customer's coverage requirements.

The default coverage gap asset policy will be rolled out to new groups starting June 4. It is also available as an asset policy template for all customers.

We are announcing the Early Access release of Issue Summary Comment and Inline Comments for Bitbucket Server. These features bring critical security insights directly into your PRs, reducing context switching and streamlining vulnerability remediation.

• Issue Summary Comment (SCA and SAST) - Developers receive a comment within their pull request displaying the count of security findings by severity directly in the SCM when PR checks are active. This empowers developers to identify and address issues early, with detailed links provided for deeper investigation.

• Inline Comments (SAST only) - Developers receive specific inline comments for each SAST security finding directly within their pull requests in the SCM, accelerating PR merge times and proactively surfacing issues within the development workflow. The SAST finding displays the CWE, and Priority Score, and includes a Snyk Learn URL for reference.

This is part of a series of enhancements designed to improve your developers’ pull request experience with Snyk, and we remain committed to further improving it.

If you’re interested in enabling this feature for your organization, you can now self-opt in via the Pull Request Experience section in the SCM integration settings. Check out the user docs for more details. Try it out and connect with your account team to participate in feedback sessions to shape the future of your Snyk’s workflows.

Snyk users without a configured Snyk Essentials Group-level integration will soon benefit from Automatic Repository Discovery, which provides visibility into the users' security coverage, out of the box. This feature helps users identify which repositories have been imported and are being tested in Snyk, and which have not. The discovered repositories will appear in the Snyk Essentials Inventory tab.

Automatic Repository Discovery is currently available for users with GitHub Cloud App and GitHub Enterprise Org-level integrations, and will soon be available to users with GitLab and Azure DevOps Organization-level integrations, including brokered setups.

We’ll begin gradually rolling this out to all Enterprise plan customers starting June 9th, 2025. If you’d like early access, please reach out to your account team.

We're happy to announce a new filter and column for Snyk Analytics that will allow you to prioritize the remediation of vulnerabilities based on their presence in a direct dependency.

Key benefits:

• Laser Focus: Zero in on vulnerabilities that are simpler to fix.

• Reduced Noise: Significantly decrease the volume of vulnerabilities needing immediate attention.

• Faster Triage: Make quicker, more informed decisions about which vulnerabilities to prioritize.

The new "In Direct Dependency" column and filter will be available in:

• Snyk Reports - across issues-centered reports, such as Issues Detail, Issues Summary, Vulnerabilities Detail, SLA Management, etc.

• Snowflake Data Share - introduced in a new table.

• Export API - as part of the Issues dataset.

This important capability is planned to be released on June 5th. Please contact your account team for any questions.

We're excited to announce the gradual release of a new drill-down experience designed to help you explore the underlying data behind key metrics without ever leaving your current view.

How does it work?

• Imagine you're looking at a metric like "resolved issues" or "MTTR" and want to understand exactly which issues contribute to that number.

• Clicking on the metric will unfold an expandable panel, displaying the specific issues used in that calculation, providing immediate context and detail.

• From this point, you can either fold back the panel and review other metrics in the same report or click to drill-down further and proceed to the Issues Detail or Asset Inventory screens.

We're planning to begin the gradual release starting next week, aiming to extend this enhanced experience across all issue-related reports in the coming weeks.

Please contact your account team for any question.

We’ve released hotfix v2.13.1 for our JetBrains IDE plugin.

This update solely addresses a scenario where special characters within file paths would create errors within the JetBrains plugin. There are no other functional changes or enhancements, so your experience using the plugin will remain the same.

If you have any questions, feel free to reach out to the Snyk support team.

We encourage everyone to upgrade to the latest version!

We're excited to announce several enhancements in the Issues Summary Report!

The planned enhancements include:

• Enhanced measurement clarity:

  • The report metrics (#open issues, #new issues, #resolved issues, MTTR) will include a percentage of progress indication.

  • The new indications will help you to quickly assess your AppSec health posture progress and ensure that you’re moving in the right direction.

• Table Dimension Picker in the Risk Breakdown table:

  • The dimension picker enables new powerful comparative analysis.

  • Comparing impact per asset class to ensure efforts are prioritized to secure the most sensitive assets first.

  • Comparing introduction category to quickly conclude if preventable issues are handled properly, as well as assessing the impact of new monitored assets over your AppSec Program.

• Expandable issues view

  • The expandable view provides on-demand drill-down capability, allowing you to click on selected metrics in the Risk Breakdown table and instantly explore the underlying issues without navigating away.

  • The view includes a link to the Issues Detail report, which allows further in-depth exploration.

• Default filters:

  • "Issues Severity" and "Asset Class" will become default filters, allowing quick visibility to high-risk vulnerabilities in business-critical assets.

  • These improvements will help you make more informed security decisions and better prioritize your remediation efforts.

The release is planned to take place at the 3rd of June.
We will update the user docs right after the release. For any question, please contact your account team.

We’ve released CLI hotfix v1.1297.1.

This version rolls back specific changes related to Gradle dependency resolution that were introduced in v1.1297.0.

We are taking this step to ensure stability for all users while we continue to refine this functionality. We plan to reintroduce these improvements for Gradle resolution in a future stable version once further enhancements are complete.

Release notes can be found here.

If you have any questions, feel free to reach out to the Snyk support team.

We encourage everyone to upgrade to the latest version!

We are pleased to announce the latest stable releases for:

• Visual Studio Code v2.22.0

• JetBrains v2.13.0

• Eclipse v3.2.0

• Visual Studio v2.2.1

The releases include notable bug fixes and enhancements:

• Fixed an issue where additionalParameters and baseBranch were not persisted when the opened workspace folder was not a Git repository.

• Addressed various persistence issues related to folderConfig.

Please consult the changelog for each of our plugins for a more detailed list of other bug fixes.

If you have any questions, feel free to reach out to the Snyk support team.

We encourage everyone to upgrade to the newest versions!

We are happy to announce that Snyk Open Source now supports Conan packages, available through SBOM workflows and the package issues API!

Conan, a popular package manager for C and C++ projects, is now included in Snyk’s growing list of supported ecosystems. Customers can now detect vulnerabilities and license intelligence in their Conan projects CycloneDX or SPDX SBOMs.

With this update:

• You can submit Conan packages via SBOM Test (CLI/API) and the package issues API (pkg:conan) for precise vulnerability detection.

• Access available fixed version information for Conan vulnerabilities.

• Identify and manage license information for Conan packages.

The feature will be generally available starting May 22, 2025. For any questions, please reach out to the Snyk Support team.