Product Updates

We’re excited to announce the next step in Snyk’s ongoing rollout of CVSS version 4.0 - expanding Exploit Maturity visibility into the Reporting and Project page (Issues Card) experiences.

With this release, you can now view Exploit Maturity (CVSS v4.0) values directly in both Reporting and the Project page, alongside other vulnerability details. This enhancement brings consistency across Snyk’s interfaces, aligning our API and CLI experiences, so teams can more accurately assess exploitability and prioritize remediation.

What’s new

Exploit Maturity (CVSS v4.0) is now available in:

• Reporting - New Column and Filter Option.

• Project page (Issues Card) - Visible in issue details and Filter Option.

This enhancement builds on earlier phases of our CVSS 4.0 rollout, extending exploit maturity visibility from the REST Issues API and CLI into the product UI.

For more information about CVSS v4.0, please refer to the blog post: What’s new in CVSS 4.0, or visit our User Docs.

We’re excited to announce the Early Access launch of the PR Check Report, a powerful new way to see how PR checks are performing and driving security outcomes across your organization. This release sets the stage for measuring the true security impact of PR checks across your organization and strengthening your overall prevention posture.

The current release of the report helps you:

• Monitor performance: Track pass, fail, error, and marked-as-successful rates over time across Snyk Open Source and Snyk Code checks. 

• Measure coverage: Understand where PR checks are enabled across your repositories to identify adoption gaps.

• Uncover recurring errors: Surface common error types and configuration issues to improve scan reliability and developer confidence.

Feature highlights:

• Flexible filters by time window, Snyk product (Snyk Open Source / Snyk Code), and project parameters like origin (SCM) and asset class.

• Org, Group, and Tenant-level insights into PR check performance and coverage.

• Export options for deeper data exploration and sharing.

The report is available under Analytics in the All Reports section for Tenant-level visibility. You can also find it in the Reports section of your Group or Organization by selecting Pull Request Checks Usage & Performance from the Change Report menu.

Learn more in our user documentation and connect with your account team to share feedback or help shape upcoming improvements.

We've made it easier to manage the security of your data exports by implementing a configurable, shorter time-to-live (TTL) for the presigned URLs created by the Export API (application programming interface). Now, when you use the Export API, you can limit how long the download link remains active by passing a value between 0 and 3,600 to the url_expiration_seconds attribute. Once the timeout expires, the CSV data can no longer be downloaded, and you'll need to start a new export.

We understand that some security policies require a shorter expiration time for temporary download links containing sensitive data than the default time we provide. This update gives you the control to align the Export API's presigned URL expiration with your organization's specific security and compliance requirements.

This enhancement affects all users who utilize the Export API to generate CSV data. This change is optional: your existing Export API integrations will continue to work without modification, using the default link expiration time. If you require a shorter link expiry, you can simply add the url_expiration_seconds attribute to your export request with a value from 0 to 3,600 seconds.

To learn more, visit the Export API documentation.

We are introducing a new Snyk Learn engagement report in Snyk Reporting at the group level, which gives you a deeper understanding of your security education and training program's performance. The report lets you track overall Snyk Learn lesson assignment progress, which is great for continuous education and compliance programs. You can also use the report to see which content is most popular with your teams, along with a leaderboard for your users, and how long people have spent learning, helpful to identify your future security champions!

This report provides valuable insights into user adoption of Snyk Learn, including the ability to track and report on assignment progress.

To access this report you need to have the Snyk Learning Management Add-on, in addition to an Snyk Enterprise plan.

You can access the report by navigating to the Group > Reports menu in the Snyk App. Any user role that can view in-app reports at the Group level can access this feature.

To learn more about this new report, visit our documentation. To find out about our Learning Management Add-On speak with your Snyk account team.

We’ve expanded the Featured Zero-Day Report to include the Shai-Hulud npm supply chain attack, one of the largest compromises in the npm ecosystem to date.

This update enables Enterprise users to:

• Identify exposure to compromised npm packages such as ngx-bootstrap and @ctrl/tinycolor.

• Prioritize remediation and monitor progress directly in the Featured Zero-Day Report.

• Improve visibility and accountability in zero-day response.

This addition strengthens visibility into high-impact zero-day events within Snyk Reports. By integrating the Shai-Hulud supply chain incident, customers can rapidly assess exposure, track remediation, and improve governance during ongoing threat response.

No manual action is required - data updates automatically as new advisories are published. However, running a new scan is recommended to ensure the latest results are reflected.

To learn more, visit the Featured Zero-Day Report documentation or read our blog post, Zero-day extensive NPM package compromise Shai Hulud Supply Chain Attack.

Probely's upcoming release (April 22nd) brings forth a new feature for Enterprise customers: Managed reports! 🎉

Managed reports (or Saved reports) allow you to generate PDF reports of findings from multiple targets at the same time, based on a specific search/filter criteria; e.g. you can generate a report of all High findings across all targets from your account or from a specific team!

With this release, all Enterprise accounts should be able to see the Reports button on the top right corner of the Findings page and perform 1 of 3 tasks:

• Generate a new report of the findings listed, taking into account the search and filters applied on the interface

• Save a report that will take into account the search and filters applied on the interface, and that can be automatically emailed based on a set recurrence, or manually downloaded when needed

• Manage previously saved reports, allowing for easier access to previous filters/searches or download of existing reports

For any suggestions, questions or concerns please reach out to the Snyk support team.

We are thrilled to announce two new Snyk Reports in Early Access, that are available for the enterprise plan customers!

Repositories Tested in CI/CD Report:

AppSec teams need visibility on the Snyk tests that are executed during CI/CD pipelines and answer questions like:

• What portion of repos are being tested (against repos that had commits)?

• Are we adopting the practice of testing code in CI/CD pipelines as a company? and where are the gaps?

• What is the test success rate is it going up over time?

The new Repositories Tested in CI/CD Report answer all of those questions and more.

To learn more please visit the report documentation.

PCI-DSS v4.0.1 Report:

AppSec teams are tasked with ensuring a successful PCI-DSS audit, to prepare for the audit they need to:

• Estimate compliance readiness and share status with relevant stakeholders.

• Identify and mitigate compliance violations and gaps as early as possible.

• Provide evidence that the organization is meeting the PCI-DSS requirements.

The new PCI-DSS v4.0.1 Report is aimed to assist AppSec teams to tackle this challenge!

To learn more please visit the report documentation. For any question, please contact your account team.

Currently, Snyk can automatically create pull requests (PRs) on your behalf to upgrade your dependencies based on the relevant scan results. These can help you pay down your security vulnerability backlog, introduce fixes for newly discovered issues, or keep your dependencies up to date with new versions.

With our new "Snyk Generated Pull Requests" report now available in Early Access, you can visually track and measure the impact of these fix PRs. This report enables you to review how many Snyk Fix, Backlog, and Upgrade PRs were opened, merged, or closed across your repositories, and observe the overall mean time to merge. This report, available for all supported SCM integrations, can be filtered by organization, repository, project, or source and is refreshed every 90 minutes.

To view this report, simply navigate to the Reports section of your Group or Organization and choose “Snyk Generated Pull Requests” from the "Change Report" drop-down menu.

For more information, visit our reports documentation.

We are happy to announce a list of enhancements that are now available in the SLA Management Report!

The report provides a comprehensive status about the remediation performance against SLA targets, allowing you to surface performance gaps and prioritize your attention where it is needed most.

As part of the new edition, you can find several enhancements:

• “At Risk” setting - define when to consider an issue as at risk for breaching the SLA according to your own preferences.

• New SLA filters - filter the reported scope according to the SLA status, Time until breach and the Issue age (the new filters are available in the filter picker under the SLA category).

• Review all the issue attributes - a column picker was added to the Breached and at risk open issues table, allowing to add any issue attribute and achieve a more granular prioritization.

• CSV export support - the report tables were added with a CSV export functionality allowing to proceed the analysis externally.

• Expose the full SLA status - the report is no longer filtered on the last 90 days by default. This guarantees a view of the full SLA status. To narrow down on recent issues, please use the introduced date filter.

To learn more about the SLA Management report, please visit our product documentation.

For any questions, please contact your account team.

We are excited to announce the new "Developer IDE and CLI usage" report. This report shows the adoption of Snyk's testing in local development, through the IDE plugins, and in using the CLI locally.

Security teams can use this report to leverage where shift left behavior is strong as model behavior to bring to other teams. More powerfully, security folks can identify where teams or individual developers are not adopting Snyk locally to encourage better shift left behavior.

The report is available under the "Change Report" dropdown at the group and organization levels.

Learn more about this report in Snyk documentation.