Product Updates

We’re pleased to announce that Reachability for Snyk CLI and CI/CD integrations is now available in Early Access for all Snyk Open Source customers.

As a refresher, Snyk’s Reachability analysis works by scanning your source code and determining whether the code that makes a vulnerability exploitable is reachable, either directly or transitively.

Starting today, you can now use Reachability with the latest Snyk CLI and CI/CD integrations to prevent these contextually relevant and higher risk issues from reaching production.

For more information on how to get started, please take a look our our User Docs.

We are excited to announce the release of Snyk Azure DevOps Task v1.9.0. This update introduces a key improvement that simplifies the experience for users in complex network environments.

This release includes the following enhancement:

• Automatic Proxy Detection: The Snyk task will now automatically detect and use the HTTP/HTTPS proxy configuration from the Azure DevOps agent it is running on. This removes the need for any manual setup, streamlining pipeline configuration in restricted environments.

To enable this feature, simply update to version 1.9.0 in your Azure DevOps pipelines. No other configuration is required.

If you have any questions, please don’t hesitate to reach out to the Snyk support team.

To enhance developer efficiency and optimize our security tools, Snyk is excited to introduce a new architecture for the Snyk integrations public documentation. This centralized documentation section offers a dedicated and organized area for all Snyk CLI, IDE, and CI/CD integrations.

The objective is to integrate security seamlessly into the software development lifecycle. This update directly supports that goal by offering a cohesive discovery point of the developer tools, clearly distinct from SCM and other platform integrations. The result is a more logical and intuitive user experience.

This change provides the following advantages:

• Improved usability: By creating a dedicated section for developer-centric integrations, users can locate and configure the necessary tools with greater precision and fewer errors.

• Accelerated tool adoption: The centralized documentation section simplifies the discovery process, allowing development and security teams to implement and deploy Snyk more quickly across their workflow environments.

• Increased efficiency: Users can save considerable time when accessing and managing the integrations essential to their daily development and security workflows.

To ensure continuity, all bookmarks and links to previous integration pages will be automatically redirected to their new locations within the public documentation, preventing any disruption to user workflows.

This information architecture change will officially come into effect on July 9, 2025.

Dear customers,

This is a reminder about the important changes to our support policy and the deprecation of certain IDE features, which are just around the corner.

As previously announced, our new 12-month Support Policy for IDE, Language Server, CI/CD plugins and CLI versions will officially come into effect on June 24, 2025. To ensure you continue to receive full support and access to the latest innovations, please upgrade your IDE plugin, Language Server, CI/CD plugins and CLI to a version released within the last 12 months by this date.

Additionally, as part of our upcoming IDE plugin release on July 17, 2025, the following features will be removed:

• Code Quality Findings in Snyk Code (WebUI and IDE Plugins):

  This functionality will no longer be provided.

• JavaScript CDN Library Detection

  in HTML Files: This will apply as well to JavaScript and TypeScript files, not just HTML. Note: This applies to CDN library detection only - it does not affect Snyk Code or Snyk Open Source JavaScript/TypeScript core capabilities

• Container Image Detection in Kubernetes YAML Files

  : This experimental feature will be removed from the Snyk JetBrains IDE Integration.

We encourage you to review the original announcement for full details and guidance on these changes/

If you have any questions or require assistance with upgrading, please don't hesitate to contact our support team.

Thank you for your continued partnership!

Dear Customers,

In our December announcement regarding the upcoming 12-month Support Policy (effective June 24, 2025), we outlined changes impacting our IDE, Language Server, and CLI versions. We'd like to provide an important clarification regarding the scope of this policy.

We are confirming that the 12-month Support Policy will also apply to Snyk's CI/CD plugins, which are highly dependant on the Snyk CLI.

This means that, starting June 24, 2025, each version of our CI/CD plugins will be supported for 12 months from its release date, in line with the policy for IDE plugins, CLI, and Language Server.

Why this clarification is important:

• Consistency: This ensures a unified support experience across the Snyk developer tools.

• Planning: It allows you to plan your upgrades for CI/CD integrations with the same confidence and clarity as other Snyk tools.

• Security & Stability: Staying within the support window ensures you have access to the latest security updates and stability improvements.

We encourage you to schedule regular updates to stay within our support window for all Snyk tools, including CI/CD plugins.

For more guidance, please refer to our Documentation for CI/CD plugins, IDE, Language Server, and CLI, respectively. If you need assistance, please contact our support team.

We apologize for any oversight in our initial announcement and appreciate your understanding. We are committed to providing clear and comprehensive information to help you manage your development workflows effectively.

We are thrilled to announce two new Snyk Reports in Early Access, that are available for the enterprise plan customers!

Repositories Tested in CI/CD Report:

AppSec teams need visibility on the Snyk tests that are executed during CI/CD pipelines and answer questions like:

• What portion of repos are being tested (against repos that had commits)?

• Are we adopting the practice of testing code in CI/CD pipelines as a company? and where are the gaps?

• What is the test success rate is it going up over time?

The new Repositories Tested in CI/CD Report answer all of those questions and more.

To learn more please visit the report documentation.

PCI-DSS v4.0.1 Report:

AppSec teams are tasked with ensuring a successful PCI-DSS audit, to prepare for the audit they need to:

• Estimate compliance readiness and share status with relevant stakeholders.

• Identify and mitigate compliance violations and gaps as early as possible.

• Provide evidence that the organization is meeting the PCI-DSS requirements.

The new PCI-DSS v4.0.1 Report is aimed to assist AppSec teams to tackle this challenge!

To learn more please visit the report documentation. For any question, please contact your account team.