Improved support for Maven default profiles

We are pleased to announce improved support for Maven default profiles in Open Source SCM scanning. Previously, we only considered profiles where activeByDefault was set to true. With this change, scanning will now more faithfully activate profiles that would be activated by running Maven dependency resolution locally. The will result in more accurate scanning, as the dependency resolution engine will more closely mimic the behavior of Maven itself.

This change will be rolled out on July 9th, and customers may expect changes in the issues detected for existing projects imported into Snyk. For customers scanning projects using both the SCM integration and CLI, you can expect to see more consistent results between these two solutions.