Product Updates

Maven 4 is the long-awaited next major upgrade for Maven. We are happy to announce General Availability (GA) support for Maven 4 Release Candidate 4 (RC4). This new capability is available for both our command-line interface (CLI) and source code management (SCM) integrations, giving you the opportunity to test your repositories with this new version of Maven before its official release.

While the official Maven 4 GA release date is not set, we want to provide an opportunity to test your projects in advance. By supporting the final planned Release Candidate, you can get ahead of the official upgrade and help us by giving feedback before the final release.

This update is for early adopters who want to test their repositories against Maven 4 before it becomes official. You can now use Snyk to scan your Maven 4 RC4 projects through the CLI and your SCM integrations. Please be aware that this is support for a Release Candidate, and the following features are not supported:

• CI-friendly variables

• Conditional Profile Activation

• Alternative Project Object Model (POM) syntaxes

Snyk Suport for Java and Kotlin

We are pleased to announce the release of new stable versions for our IDE plugins. The new versions are:

• Visual Studio Code v2.26.0

• JetBrains v2.17.0

• Eclipse v3.5.0

• Visual Studio v2.5.0

This release is focused on enhancing stability and reliability, with key updates including:

• Visual Studio Code: Secure at Inception: Includes an update to the experimental settings that enable Secure at Inception in Cursor, Windsurf, and VS Code, allowing users to toggle the frequency of SAST scans running against AI-generated code. For new installs of the VS Code extension, a modal will show to allow users to optionally enable this capability with ease.

Please refer to the changelog for each of our plugins for a more detailed list of additional bug fixes and enhancements. You can learn more about the Snyk IDE plugins in our Learn resources.

If you have any questions, feel free to reach out to the Snyk Support team.

We have released a new version of our Visual Studio Code IDE plugin. This update addresses minor bug fixes and improvements, including:

• Updating the rules trigger for secure at inception workflows

• User documentation link fixes

• Direct publishing of Snyk IDE plugins to OpenVSX marketplaces, including preview versions

• Enabling OS quick fix actions by default

If you have any questions, feel free to reach out to the Snyk support team.

We are pleased to announce the new stable releases for our IDE plugins. The new versions are:

• Visual Studio Code v2.24.0

• JetBrains v2.16.0

• Visual Studio v2.4.0

• Eclipse v3.4.0

This release is focused on enhancing stability and reliability, with key updates including:

• Improved Proxy & Certificate Handling (VS Code): We've enhanced the CLI download process to better respect proxy settings and custom certificates set in the IDE. -This will reduce download failures for users in corporate environments.

• Enhanced Security (Visual Studio): Fixed an issue where the folder trust prompt could be bypassed when auto-scan was enabled.

• More Accurate Scans (All IDEs): We have improved the detection of Git branches, leading to more accurate scan results.

• Custom Endpoint Authentication (All IDEs): Resolved an issue that could prevent users from correctly authenticating with a custom Snyk endpoint.

Please consult the changelog for each of our plugins for a more detailed list of other bug fixes and enhancements.

You can learn more about the Snyk IDE plugins in our Learn resources.

If you have any questions, feel free to reach out to the Snyk support team.

We encourage everyone to upgrade to the newest versions!

We’ve released hotfix v2.23.1 for our Visual Studio Code extension.

This update addresses two use cases that improve stability and the overall user experience. We have enhanced how the plugin handles network proxies and certificates, which will reduce download errors within the IDE. This release also fixes a bug that prevented the GCA integration from working correctly in some cases.

There are no other functional changes in this version, so your day-to-day experience using the extension will remain the same.

If you have any questions, feel free to reach out to our support team.

We encourage everyone to upgrade to the latest version to benefit from these improvements!

Following our Early Access launch of Snyk MCP for Agentic Workflows, we are excited to introduce powerful new visibility into how your teams are adopting Snyk in their local and AI-driven development environments.

We are rolling out key new metrics to the Developer IDE and CLI usage report to capture detailed MCP usage. This update will provide deeper insights into developer adoption with three key additions:

• Top-Level MCP Scan Count: A high-level summary of the total number of MCP scans performed by your team.

• Usage Breakdown Chart: A new chart that visualizes the usage split between the Snyk CLI, our various IDE plugins, and Agentic Scans (MCP), helping you clearly see which platforms developers leverage.

• MCP Host Breakdown Chart: To offer more granular insights, a new chart will break down Agentic Scans by the specific host application, such as Windsurf, Cursor, and others.

These new reporting features will allow security teams to demonstrate strong shift-left behavior and identify teams that are successfully adopting Snyk locally as a model for the rest of the organization.

To enable this new level of insight, it is required for users to update to the latest versions of the Snyk CLI (v1.1298.1).

Please reference our documentation for all the details and prerequisites to use the report.

We are pleased to announce the new stable releases for our IDE plugins. The new versions are:

• Visual Studio Code v2.23.0

• JetBrains v2.15.0

• Visual Studio v2.3.0

• Eclipse v3.2.0

The releases include notable enhancements and changes:

• Personal Access Token (PAT) Support: We've added support for Personal Access Tokens (PAT) for authentication across all IDEs. This provides another secure method to connect to Snyk, in addition to our existing OAuth and legacy token methods.

• Feature Removals: The following three features are being removed (as previously announced here):

  • Code Quality Findings in Snyk Code

  • JavaScript CDN Library Detection in HTML, JS, and TS files

  • Container Image Detection in Kubernetes YAML Files

• VS Code Copilot Integration: The Snyk VS Code extension will now be automatically detected to support the Model Context Protocol (MCP) in GitHub Copilot, allowing for a more integrated AI-driven security experience directly in the editor. More details here.

Please consult the changelog for each of our plugins for a more detailed list of other bug fixes and enhancements.

You can learn more about the Snyk IDE plugins in our Learn resources.

If you have any questions, feel free to reach out to the Snyk support team.

We encourage everyone to upgrade to the newest versions once they are available in your IDE's marketplace!

To enhance developer efficiency and optimize our security tools, Snyk is excited to introduce a new architecture for the Snyk integrations public documentation. This centralized documentation section offers a dedicated and organized area for all Snyk CLI, IDE, and CI/CD integrations.

The objective is to integrate security seamlessly into the software development lifecycle. This update directly supports that goal by offering a cohesive discovery point of the developer tools, clearly distinct from SCM and other platform integrations. The result is a more logical and intuitive user experience.

This change provides the following advantages:

• Improved usability: By creating a dedicated section for developer-centric integrations, users can locate and configure the necessary tools with greater precision and fewer errors.

• Accelerated tool adoption: The centralized documentation section simplifies the discovery process, allowing development and security teams to implement and deploy Snyk more quickly across their workflow environments.

• Increased efficiency: Users can save considerable time when accessing and managing the integrations essential to their daily development and security workflows.

To ensure continuity, all bookmarks and links to previous integration pages will be automatically redirected to their new locations within the public documentation, preventing any disruption to user workflows.

This information architecture change will officially come into effect on July 9, 2025.

Snyk Code Consistent Ignores is now Generally Available (GA) for all Snyk Code customers.

This capability ensures ignores are consistently applied in all surfaces throughout the development lifecycle, helping your teams eliminate distractions and focus on the risks that matter most. This means ignores are now respected across projects, branches, and integrations within a repository, notably in the IDE plugins, the Snyk CLI, and native PR checks.

For existing customers, Snyk Code Consistent Ignores can be enabled by toggling this on in your Group or Org settings. Any newly created groups or orgs will have this functionality enabled by default going forward.

We're thrilled to bring this powerful capability as a core offering of the Snyk platform, bringing a new level of focus and efficiency to your security workflows. For more detailed information on how Snyk Code Consistent Ignores works, check out the documentation and the Snyk Learn lesson.

We’ve released hotfix v2.13.1 for our JetBrains IDE plugin.

This update solely addresses a scenario where special characters within file paths would create errors within the JetBrains plugin. There are no other functional changes or enhancements, so your experience using the plugin will remain the same.

If you have any questions, feel free to reach out to the Snyk support team.

We encourage everyone to upgrade to the latest version!