Product Updates

We are introducing a new Snyk Learn engagement report in Snyk Reporting at the group level, which gives you a deeper understanding of your security education and training program's performance. The report lets you track overall Snyk Learn lesson assignment progress, which is great for continuous education and compliance programs. You can also use the report to see which content is most popular with your teams, along with a leaderboard for your users, and how long people have spent learning, helpful to identify your future security champions!

This report provides valuable insights into user adoption of Snyk Learn, including the ability to track and report on assignment progress.

If you have the learning management add-on, you can access the report to view analytics on assignments, organization and user adoption, and content engagement. Any user role that can view in-app reports at the Group level can access this feature.

https://docs.snyk.io/discover-snyk/snyk-learn/snyk-learn-reports/program-reporting

https://docs.snyk.io/manage-risk/reporting/available-snyk-reports#learn-engagement

Probely's upcoming release (April 22nd) brings forth a new feature for Enterprise customers: Managed reports! 🎉

Managed reports (or Saved reports) allow you to generate PDF reports of findings from multiple targets at the same time, based on a specific search/filter criteria; e.g. you can generate a report of all High findings across all targets from your account or from a specific team!

With this release, all Enterprise accounts should be able to see the Reports button on the top right corner of the Findings page and perform 1 of 3 tasks:

• Generate a new report of the findings listed, taking into account the search and filters applied on the interface

• Save a report that will take into account the search and filters applied on the interface, and that can be automatically emailed based on a set recurrence, or manually downloaded when needed

• Manage previously saved reports, allowing for easier access to previous filters/searches or download of existing reports

For any suggestions, questions or concerns please reach out to the Snyk support team.

We are thrilled to announce two new Snyk Reports in Early Access, that are available for the enterprise plan customers!

Repositories Tested in CI/CD Report:

AppSec teams need visibility on the Snyk tests that are executed during CI/CD pipelines and answer questions like:

• What portion of repos are being tested (against repos that had commits)?

• Are we adopting the practice of testing code in CI/CD pipelines as a company? and where are the gaps?

• What is the test success rate is it going up over time?

The new Repositories Tested in CI/CD Report answer all of those questions and more.

To learn more please visit the report documentation.

PCI-DSS v4.0.1 Report:

AppSec teams are tasked with ensuring a successful PCI-DSS audit, to prepare for the audit they need to:

• Estimate compliance readiness and share status with relevant stakeholders.

• Identify and mitigate compliance violations and gaps as early as possible.

• Provide evidence that the organization is meeting the PCI-DSS requirements.

The new PCI-DSS v4.0.1 Report is aimed to assist AppSec teams to tackle this challenge!

To learn more please visit the report documentation. For any question, please contact your account team.

Currently, Snyk can automatically create pull requests (PRs) on your behalf to upgrade your dependencies based on the relevant scan results. These can help you pay down your security vulnerability backlog, introduce fixes for newly discovered issues, or keep your dependencies up to date with new versions.

With our new "Snyk Generated Pull Requests" report now available in Early Access, you can visually track and measure the impact of these fix PRs. This report enables you to review how many Snyk Fix, Backlog, and Upgrade PRs were opened, merged, or closed across your repositories, and observe the overall mean time to merge. This report, available for all supported SCM integrations, can be filtered by organization, repository, project, or source and is refreshed every 90 minutes.

To view this report, simply navigate to the Reports section of your Group or Organization and choose “Snyk Generated Pull Requests” from the "Change Report" drop-down menu.

For more information, visit our reports documentation.

We are happy to announce a list of enhancements that are now available in the SLA Management Report!

The report provides a comprehensive status about the remediation performance against SLA targets, allowing you to surface performance gaps and prioritize your attention where it is needed most.

As part of the new edition, you can find several enhancements:

• “At Risk” setting - define when to consider an issue as at risk for breaching the SLA according to your own preferences.

• New SLA filters - filter the reported scope according to the SLA status, Time until breach and the Issue age (the new filters are available in the filter picker under the SLA category).

• Review all the issue attributes - a column picker was added to the Breached and at risk open issues table, allowing to add any issue attribute and achieve a more granular prioritization.

• CSV export support - the report tables were added with a CSV export functionality allowing to proceed the analysis externally.

• Expose the full SLA status - the report is no longer filtered on the last 90 days by default. This guarantees a view of the full SLA status. To narrow down on recent issues, please use the introduced date filter.

To learn more about the SLA Management report, please visit our product documentation.

For any questions, please contact your account team.

We are excited to announce the new "Developer IDE and CLI usage" report. This report shows the adoption of Snyk's testing in local development, through the IDE plugins, and in using the CLI locally.

Security teams can use this report to leverage where shift left behavior is strong as model behavior to bring to other teams. More powerfully, security folks can identify where teams or individual developers are not adopting Snyk locally to encourage better shift left behavior.

The report is available under the "Change Report" dropdown at the group and organization levels.

Learn more about this report in Snyk documentation.

New data is now available in Snyk Reports!!

Exploitability probability

Leverage EPSS to achieve a more holistic risk assessment or prioritization calculations.

Supported columns:

• EPSS Score - The probability of exploitation in the wild in the next 30 days.

• EPSS Percentile - The proportion of all vulnerabilities with the same or lower EPSS score

Jira issues attachments

Obtain a new level of visibility of Snyk’s Jira integration (not including Snyk’s Jira App). Trace issues in priority that don't have a Jira issue assigned or use the Jira issue keys to surface related Snyk issues.

Supported columns:

• Has Jira Issue(s) Assigned - Displays truewhen at least one Jira issue is assigned, otherwise displays false.

• Latest Jira Issue - The latest attached Jira issue key with a link to the issue card in the project page.

• Jira Issues List - A list of all the attached Jira issue keys.

Learn more about:

• Setting up Jira integration within Snyk here

• What is EPSS here

• The available columns in Snyk Issues Detail Report here

Reach out to your account team for any questions.

We are thrilled to announce the addition of two new insightful reports to our growing list of reporting features: the SLA Management report and the Featured Zero-Day report.

Here's a quick overview of what you can expect from each:

• SLA Management Report

  1. Monitor SLA compliance across orgs based on your own SLA policy

  2. Identify issues that will soon breach the SLA policy

  3. Prioritize issues based on SLA considerations

• Featured Zero-Day Report

  1. Analyze the exposure to issues reported in a Zero-Day publication

  2. Prioritize issues of a specific Zero-Day publication

  3. Track the Zero-Day vulnerability eradication progress

These additions complement our existing suite of reports, further empowering AppSec practitioners and R&D leaders to make informed decisions, govern the AppSec program and improve the enterprise posture health.

To learn more about each report visit our product documentation.