Product Updates

We have released a new version of our Visual Studio Code IDE plugin. This update addresses minor bug fixes and improvements, including:

• Updating the rules trigger for secure at inception workflows

• User documentation link fixes

• Direct publishing of Snyk IDE plugins to OpenVSX marketplaces, including preview versions

• Enabling OS quick fix actions by default

If you have any questions, feel free to reach out to the Snyk support team.

We’ve expanded the Featured Zero-Day Report to include the Shai-Hulud npm supply chain attack, one of the largest compromises in the npm ecosystem to date.

This update enables Enterprise users to:

• Identify exposure to compromised npm packages such as ngx-bootstrap and @ctrl/tinycolor.

• Prioritize remediation and monitor progress directly in the Featured Zero-Day Report.

• Improve visibility and accountability in zero-day response.

This addition strengthens visibility into high-impact zero-day events within Snyk Reports. By integrating the Shai-Hulud supply chain incident, customers can rapidly assess exposure, track remediation, and improve governance during ongoing threat response.

No manual action is required - data updates automatically as new advisories are published. However, running a new scan is recommended to ensure the latest results are reflected.

To learn more, visit the Featured Zero-Day Report documentation or read our blog post, Zero-day extensive NPM package compromise Shai Hulud Supply Chain Attack.

We heard your feedback that it can be hard to keep up with all the changes, so we've introduced new ways to help you find the information that's most relevant to you.

You now see a Subscribe to RSS feed link if you prefer to be notified about every new product update as they are announced. On the left, you can filter product updates using tags like Open Source CLI or MCP to find exactly what you're looking for. We are looking to provide an email subscription service in the new year too.

We know how important it is for you to be aware of new features and changes that impact your work. Our goal is to give you more control and a better way to get the right information at the right time. We also want to ensure our communications are consistent with our Snyk brand for you to enjoy.

The product updates link in the Snyk user interface now takes you directly to this website The red notification dot on the bell icon, in the user interface, will be paused for approximately one week from today, before returning to its usual function of alerting you to new updates. We plan to introduce a search feature for this website in a later phase and we're assessing how best to surface product updates directly in our platform.

Users have reported having duplicated repository count in Inventory for their Azure DevOps repositories. Snyk has developed a fix for this issue which will be applied in all regions on September 17th. No action is required to apply the fix. Users affected by the duplications will see a corresponding decrease in their repository count in the Inventory.

For any questions, don't hesitate to reach out to the Snyk support team.

We’re pleased to announce that Issue Summary Comments and High-Context Inline Comments are now live and enabled by default for all customers using PR Checks with the following Source Code Manager (SCM) integrations:

• GitLab

• Azure Repos

• Bitbucket Server

What’s included:

• Issue Summary Comment for both successful and failed PR checks, covering Snyk Code and Open Source security & license findings.

• Inline Comments for Snyk Code findings, providing high-context feedback directly in the pull request.

To adjust your preferences, head over to Integration Settings in the Snyk UI where you can toggle comments on or off at any time. This release is a big step forward in our mission to make security native to the developer experience. Refer to the user documentation for more details.

At Snyk, our goal is to provide developers with the most secure and reliable tools. To deliver on that promise, we are focusing our support for Ruby Fix PRs on modern, actively supported versions of the language (3.1 and newer).

What's Changing?

As part of this focus, we will be ending support for creating Fix PRs for projects that use end-of-life (EOL) Ruby versions (those below 3.1)

This means that if you are using a Ruby version older than 3.1, you will no longer be able to automatically generate Fix PRs from Snyk.

Why We're Making This Change

• Focus on Security and Reliability: By concentrating on modern Ruby versions, we can ensure the quality and reliability of our Fix PRs, providing you with more accurate and secure fixes.

• Aligning with Ruby's Lifecycle: We're aligning our support with the official Ruby EOL schedule, ensuring that you're always working with supported and secure versions.

What This Means for You

• If you're using Ruby 3.1 or newer, there's no change for you. You will continue to receive Fix PRs as usual.

• If you're using a Ruby version older than 3.1, we encourage you to upgrade. This will not only allow you to continue using our Fix PR feature but also ensure you're benefiting from the latest security updates and performance improvements from the Ruby community.

Timeline

• October 1, 2025: End of Fix PR support for Ruby v2.3.

• February 1, 2026: End of Fix PR support for all Ruby versions below 3.1.

We're excited to continue improving Snyk for Ruby developers and helping you build secure applications.

If you're using Ruby 3.1 or newer, there's no change for you and you will continue to receive Fix PRs as usual. If you're using an older version, we encourage you to upgrade. This will allow you to continue using our Fix PR feature and benefit from the latest security updates and performance improvements from the Ruby community.

To learn more, visit our Snyk User Documentation.

We're updating the "Code Analysis" popup in Snyk Code to provide a more detailed and accurate breakdown of your scanned repositories. Previously, this view showed general language names (e.g., JavaScript).

After this update, it will display the specific file extensions that were analyzed (e.g., .js, .jsx, .ts).

This change provides greater transparency, removing the ambiguity that can occur in complex, polyglot projects. By seeing the exact file types Snyk has scanned, you can more easily verify scan coverage and gain a better understanding of your repository's composition.

This update will roll out to all customers on Sep 22, 2025.

We are pleased to announce the new stable releases for our IDE plugins. The new versions are:

• Visual Studio Code v2.24.0

• JetBrains v2.16.0

• Visual Studio v2.4.0

• Eclipse v3.4.0

This release is focused on enhancing stability and reliability, with key updates including:

• Improved Proxy & Certificate Handling (VS Code): We've enhanced the CLI download process to better respect proxy settings and custom certificates set in the IDE. -This will reduce download failures for users in corporate environments.

• Enhanced Security (Visual Studio): Fixed an issue where the folder trust prompt could be bypassed when auto-scan was enabled.

• More Accurate Scans (All IDEs): We have improved the detection of Git branches, leading to more accurate scan results.

• Custom Endpoint Authentication (All IDEs): Resolved an issue that could prevent users from correctly authenticating with a custom Snyk endpoint.

Please consult the changelog for each of our plugins for a more detailed list of other bug fixes and enhancements.

You can learn more about the Snyk IDE plugins in our Learn resources.

If you have any questions, feel free to reach out to the Snyk support team.

We encourage everyone to upgrade to the newest versions!

We are pleased to announce the latest stable Snyk CLI release, v1.1299.0.

We are introducing the following key improvements in this version. To learn more about bug fixes and additional enhancements beyond what is highlighted below, please reference the full release notes.

General Enhancements

• Personal Access Token (PAT) Authentication: When using a Personal Access Token (PAT), the CLI will now automatically detect and configure the correct region during authentication. This improvement simplifies the setup process and ensures a smoother authentication experience without manual configuration.

• Stability and Performance: This release also includes numerous bug fixes and enhancements to improve the overall stability and performance of the CLI.

Release notes can be found here.

If you have any questions, feel free to reach out to the Snyk support team.

We encourage everyone to upgrade to the latest version to benefit from these new features and improvements!

We're improving our product update communication experience to help keep you aware and in control. We heard your feedback that it can be hard to keep up with all the changes, so we're introducing new ways to help you find the information that's most relevant to you.

From September 11th, you'll see a new RSS feed link to notify you of all new product update announcements as they are published. You'll be able to filter product updates using tags like Open Source CLI or MCP to find exactly what you're looking for.

We know how important it is for you to be aware of new features and changes that impact your work. Our goal is to give you more control and a better way to get the right information at the right time. We also want to ensure our communications are consistent with our Snyk brand for you to enjoy.

The product updates link in our platform web user interface will take you directly to the new product updates page. The red notification dot on the bell icon will be paused for approximately one week following the launch, before returning to its usual function of alerting you to new updates. The existing RSS feed link will not change. We plan to introduce a search feature for product updates in a later phase and we are currently assessing how best to display product updates within our platform.