Product Updates

To enhance developer efficiency and optimize our security tools, Snyk is excited to introduce a new architecture for the Snyk integrations public documentation. This centralized documentation section offers a dedicated and organized area for all Snyk CLI, IDE, and CI/CD integrations.

The objective is to integrate security seamlessly into the software development lifecycle. This update directly supports that goal by offering a cohesive discovery point of the developer tools, clearly distinct from SCM and other platform integrations. The result is a more logical and intuitive user experience.

This change provides the following advantages:

• Improved usability: By creating a dedicated section for developer-centric integrations, users can locate and configure the necessary tools with greater precision and fewer errors.

• Accelerated tool adoption: The centralized documentation section simplifies the discovery process, allowing development and security teams to implement and deploy Snyk more quickly across their workflow environments.

• Increased efficiency: Users can save considerable time when accessing and managing the integrations essential to their daily development and security workflows.

To ensure continuity, all bookmarks and links to previous integration pages will be automatically redirected to their new locations within the public documentation, preventing any disruption to user workflows.

This information architecture change will officially come into effect on July 9, 2025.

Snyk users without a configured Snyk Essentials Group-level integration will soon benefit from Automatic Repository Discovery, which provides visibility into the users' security coverage, out of the box. This feature helps users identify which repositories have been imported and are being tested in Snyk, and which have not. The discovered repositories will appear in the Snyk Essentials Inventory tab.

Automatic Repository Discovery is currently available for users with GitHub Cloud App, GitHub Enterprise, GitLab, and Azure DevOps Org-level integrations, and will soon be available to users with BitBucket Cloud, BitBucket Cloud App, and BitBucket Server Organization-level integrations, including brokered setups.

We’ll begin gradually rolling this out to all Enterprise plan customers starting July 16th, 2025. If you’d like early access, please reach out to your account team.

We are releasing Snyk CLI v1.1297.3, a follow-up hotfix to our recent v1.1297.2 announcement. This update further enhances the security of debug logging.

We encourage all users to upgrade to v1.1297.3 to benefit from these important security enhancements. Release notes can be found here.

CVE-2025-6624 has been published to address this vulnerability.

Important: This hotfix resolves a potential vulnerability. Please review the details below.

By default, the Snyk CLI sanitizes sensitive credential information from logs. However, previous versions of the Snyk container CLI tool had potential vulnerabilities in this sanitization, where sensitive credentials could potentially be written into local Snyk CLI debug logs, if the Snyk CLI is executed in DEBUG or DEBUG/TRACE mode. There is no exposure to these vulnerabilities if the DEBUG flag is not used when executing Snyk CLI commands. Exact details are listed below.

Although these logs are only stored locally where the CLI is invoked, debug logs might have been manually sent as part of support queries to Snyk Support Engineers or copied/backed up to other locations by your processes.

Snyk has already proactively reached out to any customers we believe may have been exposed to this vulnerability, based on our internal usage logs. However, we recommend that users of Snyk CLI upgrade to this hotfix to avoid any future exposure.

This hotfix resolves the following vulnerabilities:

• When the snyk container test or snyk container monitor commands are run against a container registry, with debug mode enabled, the container registry credentials could previously be written into the local Snyk CLI debug log in some circumstances. This only happens with credentials specified in environment variables (SNYK_REGISTRY_USERNAME and SNYK_REGISTRY_PASSWORD), or in the CLI (--password/-p and --username/-u).

• When the snyk auth command is executed with debug mode enabled AND the log level is set to TRACE, the access / refresh credential tokens used to connect the CLI to Snyk could previously be written into the local CLI debug logs.

• When the snyk iac test is executed with a Remote IAC Custom rules bundle, debug mode enabled AND the log level is set to TRACE, the docker registry token could previously be written into the local CLI debug logs.

As part of the Snyk AI Trust platform, Snyk Agent Fix will be available in pull requests starting this week, on 23 June. This feature aims to reduce the manual overhead of resolving vulnerabilities and minimize PR time to merge, all while ensuring seamless integration into existing developer workflows. With Snyk Agent Fix, developers are empowered to act immediately on SAST findings by generating and applying fix suggestions directly within pull requests, reducing context switching and streamlining remediation.

The following capabilities are supported for Early Access:

• Generate fix suggestions using the @snyk /fix command in a PR inline comment, displaying a proposed code change.

• View an explanation of the suggested fix alongside the code snippet.

• Apply the suggested code directly to the PR as a commit using the @snyk /apply command.

• Generate multiple fix suggestions within the same PR, where applicable.

Early access is currently focused on GitHub integrations: GitHub App (Cloud and Server). GitHub and GitHub Enterprise while support for additional SCM integrations is coming soon. This is part of an ongoing series of enhancements aimed at improving the developer pull request experience with Snyk. If you’d like to enable this feature for your organization, you will be able to self-opt in via the Pull Request Experience section in your SCM integration settings.

Check out the user docs for more details. We’re committed to continuously improving this experience — reach out to your account team if you’d like to join feedback sessions and help shape the future of your Snyk workflows.

The Assets API is now available in Early Access, providing AppSec teams with programmatic access to comprehensive asset data. This eliminates the need for manual data exports and simplifies integration with other systems. With reliable, centralized access to asset information from sources like Snyk, SCMs, and runtime environments, teams can automate targeted actions, improve prioritization, and enhance visibility. The API empowers organizations to make more informed decisions and align security and development efforts more effectively.

Key capabilities of the Assets API include:

• Programmatic access to asset data — retrieve asset information from Snyk, SCMs, runtime, app context, and more

• Flexible filtering — query specific assets or subsets based on your chosen criteria

Check out the user docs for more details. We're dedicated to continuously enhancing this experience. If you'd like to share your feedback and help shape future improvements, please reach out to your account team to join upcoming feedback sessions.

Dear customers,

This is a reminder about the important changes to our support policy and the deprecation of certain IDE features, which are just around the corner.

As previously announced, our new 12-month Support Policy for IDE, Language Server, CI/CD plugins and CLI versions will officially come into effect on June 24, 2025. To ensure you continue to receive full support and access to the latest innovations, please upgrade your IDE plugin, Language Server, CI/CD plugins and CLI to a version released within the last 12 months by this date.

Additionally, as part of our upcoming IDE plugin release on July 17, 2025, the following features will be removed:

• Code Quality Findings in Snyk Code (WebUI and IDE Plugins):

  This functionality will no longer be provided.

• JavaScript CDN Library Detection

  in HTML Files: This will apply as well to JavaScript and TypeScript files, not just HTML. Note: This applies to CDN library detection only - it does not affect Snyk Code or Snyk Open Source JavaScript/TypeScript core capabilities

• Container Image Detection in Kubernetes YAML Files

  : This experimental feature will be removed from the Snyk JetBrains IDE Integration.

We encourage you to review the original announcement for full details and guidance on these changes/

If you have any questions or require assistance with upgrading, please don't hesitate to contact our support team.

Thank you for your continued partnership!

Snyk Code Consistent Ignores is now Generally Available (GA) for all Snyk Code customers.

This capability ensures ignores are consistently applied in all surfaces throughout the development lifecycle, helping your teams eliminate distractions and focus on the risks that matter most. This means ignores are now respected across projects, branches, and integrations within a repository, notably in the IDE plugins, the Snyk CLI, and native PR checks.

For existing customers, Snyk Code Consistent Ignores can be enabled by toggling this on in your Group or Org settings. Any newly created groups or orgs will have this functionality enabled by default going forward.

We're thrilled to bring this powerful capability as a core offering of the Snyk platform, bringing a new level of focus and efficiency to your security workflows. For more detailed information on how Snyk Code Consistent Ignores works, check out the documentation and the Snyk Learn lesson.

We are pleased to announce improved support for Maven default profiles in Open Source SCM scanning. Previously, we only considered profiles where activeByDefault was set to true. With this change, scanning will now more faithfully activate profiles that would be activated by running Maven dependency resolution locally. The will result in more accurate scanning, as the dependency resolution engine will more closely mimic the behavior of Maven itself.

This change will be rolled out on July 9th, and customers may expect changes in the issues detected for existing projects imported into Snyk. For customers scanning projects using both the SCM integration and CLI, you can expect to see more consistent results between these two solutions.

We’ve released a CLI hotfix (v1.1297.2) to enhance security and resolve the following issues:

• Improved Debug Logging Security for Scans: Improves the sanitization of credentials in local debug logs.

• IDE Connectivity for Proxy Users: Fixes an issue where IDE plugins could fail to connect when operating behind an NTLM proxy.

• Snyk Code Local Engine Fix: Addresses a regression that prevented the Snyk Code Local Engine (SCLE) from functioning correctly within the IDEs. As this release is focused on security and stability, no change in behavior or new features are expected.

Release notes can be found here.

If you have any questions, feel free to reach out to the Snyk support team. We encourage everyone to upgrade to the latest version to benefit from these important security and reliability fixes!

Starting July 7, 2025, Snyk Code will expand its framework support for JavaScript and TypeScript. This update increases vulnerability coverage for applications using popular web frameworks:

• New Framework Support: Introducing analysis for web applications built with the hapi.js and TSOA frameworks. Customers using these frameworks will potentially see an increase in vulnerabilities reported

• Express Framework Enhancement: Improving analysis by recognizing object destructuring in request handlers.

• Improved support for for-each loops.

This update will be released as part of Snyk Code’s existing support for JavaScript and TypeScript.