Product Updates

We have updated Snyk Container to support scanning for stripped Go binaries and those built using CGo. We have enhanced the scanner to use module-level analysis via .go.buildinfo, allowing Snyk to accurately identify dependencies even when debug information is removed or C libraries are used.

Historically, stripped binaries and CGo builds made it difficult for scanners to accurately parse dependencies, potentially leaving vulnerabilities undetectable. This update closes that visibility gap.

Users scanning Go containers may now see new vulnerabilities that were previously hidden due to the limitations of scanning these specific binary types. This ensures more complete security coverage for Go applications.

This improvement is available in Snyk CLI v1.1302.0 (preview and stable releases). Update your CLI to the latest version to ensure your Go container artifacts are fully covered.

We have introduced a new optimization mechanism to support scanning for enterprise-scale projects with massive dependency graphs. We added a graph pruning capability that allows scans exceeding the standard maxVulnPathsLimit to complete successfully.

Certain large projects generate dependency graphs with over 100,000 vulnerable paths. Previously, these massive graphs hit a hard limit in the Snyk Container monitor, causing the scan to fail completely for large enterprise workloads.

This unblocks scans for large projects. Users who were previously unable to monitor their largest containers due to timeout or complexity errors can now successfully scan them.

CLI users can use the --prune-repeated-subdependencies flag immediately. Customers using container registry integrations should request that the corresponding Feature Flag be enabled for their organization by contacting support.

We are pleased to announce the latest stable Snyk CLI release, v1.1302.0.

We are introducing the following key improvements in this version. To learn more about bug fixes and additional enhancements beyond what is highlighted below, please reference the full release notes.

This update includes the following:

• Snyk Container

  • Support for OCI images with manifests missing platform fields

  • Container scan support for cgo and stripped Go binaries

  • Added pnpm lockfile support

• Snyk Open Source

  • Improved PackageURLs in SBOM documents for go.mod projects

  • Added support for deb, apk, and rpm in SBOM test

  • Added PackageURL information to go.mod dependency graphs for snyk test

  • Added support for poetry development dependencies

• Additional changes

  • MCP Scan is now part of the Snyk CLI, allowing you to test the supply chain of agent-based developer tools like Cursor and Claude Code.

Release notes can be found here.

If you have any questions, feel free to reach out to the Snyk support team. We encourage everyone to upgrade to the latest version to take advantage of these new features and improvements.

We're excited to announce a series of coverage and quality improvements for Snyk Open Source across several key developer ecosystems, rolling out over the coming weeks. Our goal is to help you secure your applications as you evolve and scale them, keeping pace with the latest releases and reliably scanning large, complex projects.

Improved SCA Coverage

We are committed to keeping up with the rapid pace of ecosystem updates. By broadening our support for the latest language versions and library structures, we help ensure your projects remain modern and protected without any friction.

Yarn 4

Snyk now supports Yarn 4 in both the CLI and the SCM integrations.

• Availability: CLI support is available on January 14 in version 1.1302.0, with a gradual SCM rollout throughout January.

• Note: Fix PRs and Upgrade PRs are currently not supported for Yarn workspaces.

• No action required: Projects that previously failed now successfully scan.

Ruby 4

Snyk now supports Ruby 4 in both the CLI and the SCM integrations.

• Availability: Support for both the CLI and SCM becomes available the week of January 21..

• No action required: Since the Ruby version is selected based on your Gemfile, no customer action is needed to begin using this.

PHP 8.5 & Swift 6.2

In addition to the above, we are pleased to announce upcoming support for PHP 8.5 and Swift 6.2 to ensure our users on the bleeding edge of these ecosystems remain secure.

Improved vulnerability coverage

We’ve enhanced our coverage for Go by adding vulnerabilities impacting packages in the Go Standard library to our vulnerability database. Previously, these vulnerabilities were not supported they are now detectable in both the CLI and SCM integrations.

• Availability: SCM and CLI support will become available throughout January.

Improved Quality

Beyond just supporting new versions, we are constantly refining our underlying scanning technology. These "under the hood" improvements focus on making scans faster and more resilient, especially for resource-intensive modern workloads.

Python (pip) Performance Improvements

We've introduced significant performance improvements for Python pip projects using SCM scanning. Previously, large projects—including those using AI and ML libraries such as pytorch—occasionally failed to resolve dependencies during scans. This problem has been resolved, helping you secure your Python applications.

• Availability: SCM rollout is happening throughout January, with CLI support following  in March.

We’ve activated direct links to Snyk Learn lessons within the findings details pages of Snyk API & Web. When you are reviewing a vulnerability, you can now find educational content under the Description tab. Snyk Learn provides hands-on lessons to help you understand, prevent, and fix security issues in your code.

We want to bridge the gap between identifying a security risk and knowing how to remediate it. By embedding these lessons directly where you work, we're making it easier for you to build security knowledge without leaving the platform.

You can now quickly access expert-guided security training for specific vulnerabilities you encounter. This helps you not only resolve the current issue but also acquire the skills to prevent similar vulnerabilities in the future, ultimately enhancing your overall security posture.

To learn more, visit Snyk Learn.

Experience greater flexibility in authenticating your scans with the new Signature capabilities for API targets. With Snyk API & Web, you can now configure signed requests using your own algorithms.

We added this feature to support complex authentication requirements that require signed requests. By providing a dedicated space to manage these signatures, we're making it easier for you to run automated security scans against protected API endpoints that verify message integrity and authenticity.

If you have the message signature feature enabled, you can now navigate to your API target settings to set up signing methods. This ensures your scans can successfully authenticate with APIs that require cryptographic signatures for every request.

To enable this feature, please contact the Sales team.

To learn more, visit How to configure Signed Requests for API Targets in our user documentation.

We added support for mutual TLS (mTLS) configuration for Web, OpenAPI, and Postman targets in Snyk API & Web. This allows you to extend your security testing to cover even your most strictly secured and authenticated endpoints.

We implemented this feature to support organizations that required higher levels of security or mutual trust between client and server. This allows our crawler and scanner to authenticate successfully with services that enforce strict mTLS requirements, ensuring comprehensive security coverage for your protected targets.

In the authentication tab for your Web and API targets, you will see a new CLIENT AUTHENTICATION CERTIFICATE module under your target Settings. You can use this to upload the necessary certificates for authentication. This change allows you to scan targets that were previously inaccessible due to mutual TLS requirements.

To enable this feature, please contact the Sales team.

To learn more, visit How To Configure Mutual TLS Authentication in our user documentation.

We’ve introduced an improved search and discovery experience on security.snyk.io, making it easier to explore open source packages, vulnerabilities, and security insights - all in one place.

Following the delivery of the improved package experience, this update introduces a refreshed homepage and unified search on security.snyk.io.

The updated experience features a cleaner interface, enhanced navigation, and expanded discovery options, providing a more seamless way to explore packages and vulnerabilities across security.snyk.io.

What’s new

• A redesigned homepage with clearer entry points into ecosystems, vulnerabilities, and package data.

• New unified search results for packages and vulnerabilities, offering faster and more intuitive discovery across supported ecosystems.

These updates deliver greater clarity and consistency in how security information is explored, supported by the same trusted data that powers security.snyk.io.

To explore the updated experience, visit security.snyk.io and try searching for any package or vulnerability.

Customize your dashboard with the new analytics experience. We’re launching the general availability of the redesigned Snyk Analytics experience. You now have access to a customizable tenant-level landing page featuring a widget inventory, allowing you to arrange widgets for a personalized dashboard. This update also includes Saved views, a centralized Report catalog for discovering reports, and enhanced drill-down capabilities for issues and assets.

We want to provide a more flexible way to visualize your security posture. These changes ensure you can surface the metrics most relevant to your organization and access critical data faster through a centralized view.

You can create a dashboard tailored to your specific monitoring needs by selecting widgets from the inventory. The new experience simplifies how you find pre-built reports and allows you to investigate specific security topics directly from your customized view.

To learn more, check out our Redesigned Analytics docs.

We have released a new CLI hotfix (v1.1301.2) to address a bug when using Snyk with agentic integrations such as Amazon Kiro:

• MCP: Ensure compliance with the model context protocol specification

Release notes can be found here.

If you have any questions, feel free to reach out to the Snyk Support team.