Product Updates

We've enhanced our Docker Hub integrations by adding GitHub App support. This update allows you to attach a Dockerfile to your Snyk Container images directly through your GitHub Cloud and GitHub Server App integrations.

Attaching a Dockerfile gives you more precise fix advice, including smarter base image recommendations for both major and minor upgrades, and a wider range of alternative upgrade paths. This new capability means Snyk gains deeper context about your image during scans, leading to more actionable and tailored recommendations.

No explicit action is required to enable this feature. To start, simply navigate to your Snyk Container image Project settings. There, you can use the Configure Dockerfile option to select the appropriate Dockerfile via your GitHub App integration.

To learn more, visit Detect Vulnerable Base Images from your Dockerfile.

We have been listening to your feedback regarding the upcoming improvements to Snyk Code analysis for the Java, Kotlin, and .NET ecosystems.

To ensure the best possible experience and minimize disruption during the busy end-of-year season, we have decided to reschedule this rollout. These updates, including support for the Netty framework and ASPX inline code expression blocks, will now go live on January 12.

Thank you for your feedback as we work to improve the accuracy of your scan results.

We’re releasing support for the Dart programming language in Snyk Code, now available in Snyk Preview. This update allows you to scan your Dart code, which is frequently used with the Flutter framework, for security vulnerabilities. We have added detection capabilities for a variety of issues, including insecure data handling, authentication flaws, and injection risks.

We added this language support to help you secure mobile and offline storage, ensure robust authentication flows, and harden network communications within your Dart applications. By expanding Snyk Code capabilities, we aim to provide better coverage for modern mobile development stacks and help you prevent critical risks like cleartext logging and SSL/TLS validation failures.

To start scanning Dart applications, you must enable the feature manually. Navigate to Settings > Snyk Preview and enable the Dart support option. Once enabled, we will include Dart files in any future tests and retests, identifying vulnerabilities such as SQL injection and path handling issues.

To learn more, visit Snyk Code language and framework support in our user documentation.

We have released a new version of Snyk’s JetBrains IDE plugin to address bugs and improve the overall user experience:

• Fixed a bug where Agent Fix would not apply edits for file paths containing spaces or special characters

This release can be found here.

If you have any questions, feel free to reach out to the Snyk Support team.

We have released a new CLI hotfix (v1.1301.1) to address bugs and improve the overall user experience:

• Reachability

  • Fixed an issue in test, when using reachability, that caused the fix advice to display incorrectly on certain occasions

  • Resolved a monitor bug with double-dashed arguments when using reachability

• General improvements

  • Improved scanning speed when running test/monitor with reachability

  • Improved SCA scanning through MCP with fewer I/O operations

  • Fixed multiple issues to make Snyk work more smoothly in your code editor

  • Updated dependencies to improve stability and security

Release notes can be found here.

If you have any questions, feel free to reach out to the Snyk Support team.

We are excited to share that Reachability for Python will gradually enter General Availability (GA) across all Snyk environments during the period of December 11th, 2025 to January 12th, 2026.

What is Reachability?

If enabled for your Group or Org, Reachability works by scanning your source code and determining whether the code (e.g. a specific function) that makes a vulnerability exploitable is actually reachable, either directly or transitively.

This contextual risk factor can help you prioritize which issues to prevent or fix first, based on the exploitability risk they pose to your applications.

What's changing with this release?

With the GA release of Reachability for Python, Snyk will automatically detect the reachability of issues across all pip, pipenv, and poetry projects.

If you use Reachability today but have not opted into the Snyk Preview of Reachability for Python, you may notice changes in the Risk Score for issues in these projects due to the inclusion of the reachability risk factor.

You can also expect ongoing Reachability improvements to be released twice monthly for all languages in General Availability, helping to regulate false positives and negatives across your projects.

How do I get started?

Not using Reachability yet at all? You can read our User Docs to learn more about how to get started.

We’re introducing Objective C support in preview to help you secure your iOS and macOS applications. This update allows you to identify vulnerabilities across industry-standard libraries like AFNetworking and Realm, as well as native frameworks including Core Data and Security. You can now enable this feature directly in your settings to start scanning your code immediately.

We built this to ensure you have comprehensive coverage for your Apple ecosystem development, particularly for critical use cases like encrypted offline-first storage and hardened credential management. By supporting common libraries such as OpenSSL and Couchbase Lite alongside native frameworks, we help you secure legacy and active projects against complex risks.

This update affects developers and security teams managing Objective C codebases. If you use libraries like SQLite, RNCryptor, or Foundation, you can now detect security issues within your existing workflows. To benefit from this new capability, you must manually enable Objective C support within Snyk Preview.

To learn more, visit our Snyk User Documentation.

We’re improving Snyk Code analysis for the Java, Kotlin, and .NET ecosystems. These updates include support for the Netty framework and ASPX inline code expression blocks, arriving with our GA support for these languages on December 15.

We built these improvements to increase the accuracy of your scan results. By refining our analysis engines and expanding coverage to frameworks like Netty, we can help you identify more real issues while reducing distracting false positives.

You may notice changes in your vulnerability results after December 15. These improvements are designed to surface more true positive findings and remove false positives, specifically improving accuracy for Java, Kotlin, and .NET projects.

To learn more, visit our Snyk User Documentation.

We are pleased to announce the General Availability (GA) of the Severity Condition in Group-Level Policies.

This new capability empowers you to create more granular policies for taking action (such as ignoring or changing severity) on findings based on their severity. The condition is available for both Code and OS Security group-level policies within the UI.

To learn more about setting up group-level policies, visit our Snyk User Documentation.

On November 24th, 2025, we detected a new supply chain attack, SHA1-Hulud, impacting the npm ecosystem. We suspect this to be a second wave of the Shai-Hulud attack which took place in September 2025.

As communicated on our Trust Center, Snyk will continue to monitor this active incident through resolution. As of now, we believe over 700 packages have been compromised.

To help you better understand whether or not you have been impacted, we have released a new Featured Zero Day Report named SHA1-Hulud npm Supply Chain Attack - Nov 2025.

As new advisories are added and projects are re-tested, this Report will be populated with issues if Snyk detects the usage of any compromised packages.