Product Updates

We’ve added new analytics functionality to the Risk Exposure report to help you better understand and manage your security posture. We’re introducing clickable objects within the Risk Breakdown table that allow you to drill down into specific issues and assets directly from the report. To provide more context, we’ve also added tooltips for categories such as Baseline Issue, Non Preventable Issue, Preventable Issue, and Other New Issue. Additionally, the Risk Exposure Trend now includes new viewing options, allowing you to filter open issues by Snyk product, exploit maturity, and top organizations (Orgs).

We’re moving this report from early access to general availability (GA) to provide a more comprehensive view of your application security (AppSec) risk. By aligning widget filters and adding trend data for specific products and exploit maturity levels, we're making it easier for you to pinpoint exactly where risk is originating and how it's evolving over time.

You can now interact with the Risk Breakdown table and trend lines to open detailed drawers for specific issues and impacted assets. This makes it faster to investigate why a trend has changed without leaving the report. The new tooltips clearly define how we categorize different issue types, ensuring your team has a shared understanding of risk definitions. If you manage multiple organizations, the new "Top Orgs" view helps you quickly identify which areas of your business require the most attention based on open issue counts.

We’re expanding our analytics capabilities by making the analytics page available at the Group and Organization (Org) levels. Previously, this customizable view was only accessible at the tenant level. We've renamed the Reports page in the left navigation to Analytics at both the Group and Org levels. To access all reports, navigate to Analytics and select the Reports tab, which will display the Reports Catalog. We've also updated the URL path to use "analytics" instead of "reporting."

We want to provide Group and Org admins with a top-down, customizable view into their specific security data. By bringing the analytics page to every level of the hierarchy, we’re making it easier for you to gain insights without needing tenant-level access. This update allows you to build and customize dashboards that hone in on the specific metrics you care about, such as filtering by specific Orgs within a Group or tracking high-priority vulnerability trends across your immediate business units. This flexibility ensures you can focus on the risk data most relevant to your specific area of responsibility.

You can now build and view analytics dashboards tailored to your specific Group or Org. While we’ve removed the report selector dropdown, we’ve put redirects in place so your saved views and favorited pages continue to work. Under our current permission model, Group admins can view analytics for their specific group and all associated Orgs, while Org admins can focus on their individual Org data.

To learn more, visit Snyk Analytics in our user documentation.

We’re replacing the OWASP Top 10 (2021) report with the newly updated OWASP Top 10 (2025) report. This update ensures that your security reporting reflects the latest industry standards for web application risks. We’ve also resolved a bug where filters were not correctly applied when navigating from the report to the issue details page.

The Open Web Application Security Project (OWASP) updated their list of the ten most critical web application security risks in 2025. To help you maintain compliance and stay ahead of evolving threats, we’ve updated our reporting to map security issues to these current controls rather than the previous 2021 versions.

You can now view and filter security issues based on the frequency and severity cited in the 2025 OWASP rankings. To access this, navigate to Reports > OWASP Top 10 (2025). While the 2021 version of the report is no longer available in the dropdown menu, you can temporarily still access it via its direct URL if needed.

To learn more, visit OWASP Top 10 report in our user documentation.

Customize your dashboard with the new analytics experience. We’re launching the general availability of the redesigned Snyk Analytics experience. You now have access to a customizable tenant-level landing page featuring a widget inventory, allowing you to arrange widgets for a personalized dashboard. This update also includes Saved views, a centralized Report catalog for discovering reports, and enhanced drill-down capabilities for issues and assets.

We want to provide a more flexible way to visualize your security posture. These changes ensure you can surface the metrics most relevant to your organization and access critical data faster through a centralized view.

You can create a dashboard tailored to your specific monitoring needs by selecting widgets from the inventory. The new experience simplifies how you find pre-built reports and allows you to investigate specific security topics directly from your customized view.

To learn more, check out our Redesigned Analytics docs.

We’re excited to announce the next step in Snyk’s ongoing rollout of CVSS version 4.0 - expanding Exploit Maturity visibility into the Reporting and Project page (Issues Card) experiences.

With this release, you can now view Exploit Maturity (CVSS v4.0) values directly in both Reporting and the Project page, alongside other vulnerability details. This enhancement brings consistency across Snyk’s interfaces, aligning our API and CLI experiences, so teams can more accurately assess exploitability and prioritize remediation.

What’s new

Exploit Maturity (CVSS v4.0) is now available in:

• Reporting - New Column and Filter Option.

• Project page (Issues Card) - Visible in issue details and Filter Option.

This enhancement builds on earlier phases of our CVSS 4.0 rollout, extending exploit maturity visibility from the REST Issues API and CLI into the product UI.

For more information about CVSS v4.0, please refer to the blog post: What’s new in CVSS 4.0, or visit our User Docs.

We’re excited to announce the Early Access launch of the PR Check Report, a powerful new way to see how PR checks are performing and driving security outcomes across your organization. This release sets the stage for measuring the true security impact of PR checks across your organization and strengthening your overall prevention posture.

The current release of the report helps you:

• Monitor performance: Track pass, fail, error, and marked-as-successful rates over time across Snyk Open Source and Snyk Code checks. 

• Measure coverage: Understand where PR checks are enabled across your repositories to identify adoption gaps.

• Uncover recurring errors: Surface common error types and configuration issues to improve scan reliability and developer confidence.

Feature highlights:

• Flexible filters by time window, Snyk product (Snyk Open Source / Snyk Code), and project parameters like origin (SCM) and asset class.

• Org, Group, and Tenant-level insights into PR check performance and coverage.

• Export options for deeper data exploration and sharing.

The report is available under Analytics in the All Reports section for Tenant-level visibility. You can also find it in the Reports section of your Group or Organization by selecting Pull Request Checks Usage & Performance from the Change Report menu.

Learn more in our user documentation and connect with your account team to share feedback or help shape upcoming improvements.

We've made it easier to manage the security of your data exports by implementing a configurable, shorter time-to-live (TTL) for the presigned URLs created by the Export API (application programming interface). Now, when you use the Export API, you can limit how long the download link remains active by passing a value between 0 and 3,600 to the url_expiration_seconds attribute. Once the timeout expires, the CSV data can no longer be downloaded, and you'll need to start a new export.

We understand that some security policies require a shorter expiration time for temporary download links containing sensitive data than the default time we provide. This update gives you the control to align the Export API's presigned URL expiration with your organization's specific security and compliance requirements.

This enhancement affects all users who utilize the Export API to generate CSV data. This change is optional: your existing Export API integrations will continue to work without modification, using the default link expiration time. If you require a shorter link expiry, you can simply add the url_expiration_seconds attribute to your export request with a value from 0 to 3,600 seconds.

To learn more, visit the Export API documentation.

We are introducing a new Snyk Learn engagement report in Snyk Reporting at the group level, which gives you a deeper understanding of your security education and training program's performance. The report lets you track overall Snyk Learn lesson assignment progress, which is great for continuous education and compliance programs. You can also use the report to see which content is most popular with your teams, along with a leaderboard for your users, and how long people have spent learning, helpful to identify your future security champions!

This report provides valuable insights into user adoption of Snyk Learn, including the ability to track and report on assignment progress.

To access this report you need to have the Snyk Learning Management Add-on, in addition to an Snyk Enterprise plan.

You can access the report by navigating to the Group > Reports menu in the Snyk App. Any user role that can view in-app reports at the Group level can access this feature.

To learn more about this new report, visit our documentation. To find out about our Learning Management Add-On speak with your Snyk account team.

We’ve expanded the Featured Zero-Day Report to include the Shai-Hulud npm supply chain attack, one of the largest compromises in the npm ecosystem to date.

This update enables Enterprise users to:

• Identify exposure to compromised npm packages such as ngx-bootstrap and @ctrl/tinycolor.

• Prioritize remediation and monitor progress directly in the Featured Zero-Day Report.

• Improve visibility and accountability in zero-day response.

This addition strengthens visibility into high-impact zero-day events within Snyk Reports. By integrating the Shai-Hulud supply chain incident, customers can rapidly assess exposure, track remediation, and improve governance during ongoing threat response.

No manual action is required - data updates automatically as new advisories are published. However, running a new scan is recommended to ensure the latest results are reflected.

To learn more, visit the Featured Zero-Day Report documentation or read our blog post, Zero-day extensive NPM package compromise Shai Hulud Supply Chain Attack.

Probely's upcoming release (April 22nd) brings forth a new feature for Enterprise customers: Managed reports! 🎉

Managed reports (or Saved reports) allow you to generate PDF reports of findings from multiple targets at the same time, based on a specific search/filter criteria; e.g. you can generate a report of all High findings across all targets from your account or from a specific team!

With this release, all Enterprise accounts should be able to see the Reports button on the top right corner of the Findings page and perform 1 of 3 tasks:

• Generate a new report of the findings listed, taking into account the search and filters applied on the interface

• Save a report that will take into account the search and filters applied on the interface, and that can be automatically emailed based on a set recurrence, or manually downloaded when needed

• Manage previously saved reports, allowing for easier access to previous filters/searches or download of existing reports

For any suggestions, questions or concerns please reach out to the Snyk support team.