Product Updates

We’ve released a new CLI version (v1.1298.3) with new features, bug fixes and improvements to enhance your security scanning.

This update includes the following two changes:

1. Open Source: Gradle 9 Support

We are pleased to announce that the Snyk CLI now supports scanning Gradle 9 projects!

Previously, when scanning version 9 projects in the CLI, some operations might fail due to reliance on a deprecated and removed Gradle CLI flag. This has now been resolved, and Gradle 9 is officially supported in the Snyk CLI.

2. AI-BOM: The snyk aibom command

The AI-BOM CLI command is now publicly accessible.

You can use the snyk aibom command to identify AI models, datasets, and map the AI supply chain, including connections to external tools and services using the Model Context Protocol (MCP).

Note: AI-BOM is an experimental feature and is subject to breaking changes without notice. Read more in our documentation.

Release notes are available here.

We encourage everyone to upgrade to the latest version to take advantage of these new capabilities. If you have any questions, please don’t hesitate to reach out to the Snyk support team.

We're excited to announce a crucial enhancement to our new Export API: we've added the project_target_file field. This update is a significant step in helping customers transition from the deprecated Reporting V1 API to our more robust and modern Export API. The project_target_file field, which was previously only available in the older Reporting V1 API, is now included in the Export API. This field provides critical information for disambiguating ownership in monorepos.

How Does This Benefit You?

• Seamless Migration: If your workflows, especially those involving monorepos, relied on project+target_file from the Reporting V1 API, you can now migrate those processes entirely to the Export API.

• Improved Ownership Clarity: For complex projects like monorepos, target_file helps you precisely identify and manage project ownership, leading to more accurate reporting and better security insights. It contains the file path within a project that Snyk is targeting for security scanning, such as /var/www/composer.lock, /app/package.json, or other dependency manifest files.

• Access to Modern API Features: By fully moving to the Export API, you can leverage its improved performance, scalability, and other advanced capabilities.

• Reduced Reliance on Legacy API: This addition helps reduce the need for the older Reporting V1 API, allowing us to focus on enhancing our newer, more efficient solutions.

What You Need to Know

The data for target_file is consistent with what you've seen in the Reporting V1 API and our internal datasets. We've ensured a direct mapping to provide you with reliable information. To make this field available, we've updated several underlying data structures. While this required a full refresh of some datasets on our end, you don't need to take any action other than updating your API integrations to utilize the new field. This enhancement directly addresses feedback from customers, enabling a smoother and more complete transition to the Export API.

The Export API is now GA, allowing our customers to create and download Snyk Issues data as a CSV file. It's useful for making custom reports and using Snyk data with other tools.

What it is and why it's helpful

The Export API, which Snyk Analytics supports, facilitates data export by enabling users to create and manage CSV files. These files are safely stored by Snyk. Designed for efficiency and security, the Export API helps users organize and scale the export of large datasets, which is useful for reporting and analytics tasks.

• Consume predefined datasets, based on Snyk reporting data

• Datasets evolve in parallel to Snyk Analytics' scope

• Focus on the user experience and ease of consumption

More information

You can find more details, including how to use the API, in our product documentation.

• Snyk Product Documentation

• Snyk API Documentation

Finding and providing up-to-date API schemas for security scanning is a common challenge. To solve this, Snyk API & Web now integrates with Akamai to simplify and automate your API security workflow, helping you maintain comprehensive coverage with significantly less manual effort.

This integration connects directly to your Akamai account to automatically discover your complete API inventory and import the corresponding schemas required for security testing.

Key Features

• Automated API Discovery: The integration automatically imports your API inventory and schemas from Akamai, eliminating the manual work of finding and uploading them.

• Increased Scan Coverage: By discovering all your Akamai-managed APIs, you can ensure broader security testing coverage across your application portfolio.

• One-Click Onboarding: Add discovered APIs as targets with a single click, with their schemas pre-populated and ready for testing.

How to Get Started

Availability: This feature will be available in your Snyk API & Web account on August 4, 2025.

Once available, you can begin using the integration by following these steps:

1. Connect to Akamai: Go to Settings > Integrations in your Snyk API & Web account to configure the new Akamai integration.

2. View Imported Domains: After a successful connection, Snyk API & Web imports your domains from Akamai. You can see these new domains under Targets > Domains.

3. Discover and Scan Your APIs: Snyk API & Web then automatically scans these domains to find the associated API assets. When the scan is complete, your discovered APIs are displayed when you select the Discovery menu option. From there, you can add them as targets and begin scanning immediately.

To find specific API assets, use the following filters:

• Filter by Type > API to display only API assets.

• Filter by Source > Akamai to display assets imported from this integration.

Need Help?

If you have any questions or need assistance with the new integration, please contact the Snyk support team.

We're pleased to announce that on Friday, July 11th, 2025 we will be introducing several improvements to the "List issues for a package" APIs.

This release will reduce request latency and improve the timeliness of newly published advisories being returned by the API.

In addition, this release will address several bugs listed below, which may result in changes to the number of vulnerabilities returned for some packages:

• Currently the API responds with all vulnerabilities about a package in Linux ecosystems (apk, deb and rpm). The fix reduces those down to only the vulnerabilities affecting the specified version.

• Requests for npm purls that contain an @ symbol in the namespace currently cause a 400 Bad Request. This change properly parses these purls and instead correctly returns a 200 OK with the expected vulnerabilities.

• When there is no remedy, the remedies array will now be empty.

• The problems array is now consistently sorted by each objects id.
  

Please reach out if you have any questions.

The Assets API is now available in Early Access, providing AppSec teams with programmatic access to comprehensive asset data. This eliminates the need for manual data exports and simplifies integration with other systems. With reliable, centralized access to asset information from sources like Snyk, SCMs, and runtime environments, teams can automate targeted actions, improve prioritization, and enhance visibility. The API empowers organizations to make more informed decisions and align security and development efforts more effectively.

Key capabilities of the Assets API include:

• Programmatic access to asset data — retrieve asset information from Snyk, SCMs, runtime, app context, and more

• Flexible filtering — query specific assets or subsets based on your chosen criteria

Check out the user docs for more details. We're dedicated to continuously enhancing this experience. If you'd like to share your feedback and help shape future improvements, please reach out to your account team to join upcoming feedback sessions.

Snyk Code Consistent Ignores is now Generally Available (GA) for all Snyk Code customers.

This capability ensures ignores are consistently applied in all surfaces throughout the development lifecycle, helping your teams eliminate distractions and focus on the risks that matter most. This means ignores are now respected across projects, branches, and integrations within a repository, notably in the IDE plugins, the Snyk CLI, and native PR checks.

For existing customers, Snyk Code Consistent Ignores can be enabled by toggling this on in your Group or Org settings. Any newly created groups or orgs will have this functionality enabled by default going forward.

We're thrilled to bring this powerful capability as a core offering of the Snyk platform, bringing a new level of focus and efficiency to your security workflows. For more detailed information on how Snyk Code Consistent Ignores works, check out the documentation and the Snyk Learn lesson.

We're excited to share that the REST Issues API now includes code details and issue descriptions. This enhancement significantly improves prioritization workflows, risk assessment, and the remediation of security issues.

The following fields will be added:

1. Snyk Code details

• File Path - allows tracing all Snyk code issues within a specific file.

• Code Region - guides the users to the specific lines and columns where the issue was found.

• Commit ID - allow users to match between Snyk Code issues to their commit ID, so that they can tell which specific version of code has the issue.

• Key Asset - allows to identify Snyk Code issues with a unique ID per repository.

2. Description - provides users with a clearer understanding of the issue’s nature and aids in prioritization.

For more information, please refer to the API documentation.

Stay secure,

AppSec teams export Snyk datasets for various purposes, including:

• Build their own analytics and dashboards.

• Following company policies that requires specific customization

• Sharing data with external audience, such as the leadership team or security auditors.

The Export API enables cyclic data export of Snyk datasets into CSV files. Designed for efficiency and security, the API supports exporting large datasets in an organized, scalable manner, making it ideal for reporting and analytics workflows.

To learn more about the Export API, and how to get started right away, visit the API documentation.

For any question, please contact your account team.

On the projects pages, all ignore types will now allow expiration dates to be set. Additionally, the ignore type currently labeled "Ignore Permanently" on the projects page will be relabeled "Won't Fix" to match what is reflected in the API.