<?xml version="1.0" encoding="UTF-8"?>

    <rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/">
      <channel>
        <title>snyk.io updates</title>
        <link>https://updates.snyk.io</link>
        <description>snyk.io updates</description>
        <language>en-us</language>
        <lastBuildDate>Mon, 13 Jul 2026 13:47:25 GMT</lastBuildDate>
        <atom:link href="https://updates.snyk.io/rss" rel="self" type="application/rss+xml" />
        
        <item>
          <title>Support for Bruno Collections in API Targets</title>
          <link>https://updates.snyk.io/support-for-bruno-collections-in-api-targets/</link>
          <description>&lt;p&gt;Snyk API &amp;amp; Web now provides native support for Bruno collections. You can import your collections directly into the platform to create API Targets without converting files to Postman collections or OpenAPI schemas first.&lt;/p&gt;</description>
          <pubDate>Wed, 07 Jul 2027 23:00:00 GMT</pubDate>
          <dc:creator>Natalia Yurchenko, Senior Product Manager</dc:creator>
          <guid>1XQspwJdiEtojjNl8hBChV</guid>
          <category>New</category>
        </item>
        <item>
          <title>Announcing Snyk CLI v1.1306.0</title>
          <link>https://updates.snyk.io/announcing-snyk-cli-v1-1306-0/</link>
          <description>&lt;p&gt;We are pleased to announce the latest stable Snyk CLI release, v1.1306.0.&lt;/p&gt;&lt;p&gt;We are introducing the following key improvements in this version. To learn more about bug fixes and additional enhancements beyond what is highlighted below, please reference the &lt;a href=&quot;https://github.com/snyk/cli/releases/tag/v1.1306.0&quot;&gt;full release notes&lt;/a&gt;.&lt;/p&gt;&lt;p&gt;&lt;b&gt;This update includes the following:&lt;/b&gt;&lt;/p&gt;&lt;ul&gt;&lt;li&gt;&lt;p&gt;&lt;b&gt;Doctor&lt;/b&gt;&lt;/p&gt;&lt;ul&gt;&lt;li&gt;&lt;p&gt;Adds a new &lt;code&gt;snyk doctor&lt;/code&gt; command, giving you a quick way to diagnose common CLI problems by generating a diagnostic report for your system or analyzing debug log output.&lt;/p&gt;&lt;/li&gt;&lt;/ul&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;&lt;b&gt;Container&lt;/b&gt;&lt;/p&gt;&lt;ul&gt;&lt;li&gt;&lt;p&gt;Container scans now detect the Java runtime version across a wider range of JVM base images, and can find vulnerabilities in .NET application dependencies.&lt;/p&gt;&lt;/li&gt;&lt;/ul&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;&lt;b&gt;Snyk Studio MCP&lt;/b&gt;&lt;/p&gt;&lt;ul&gt;&lt;li&gt;&lt;p&gt;The breakability evaluation tool in the Snyk MCP Server is now enabled by default and no longer requires an experimental flag.&lt;/p&gt;&lt;/li&gt;&lt;/ul&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;&lt;b&gt;SCA Test&lt;/b&gt;&lt;/p&gt;&lt;ul&gt;&lt;li&gt;&lt;p&gt;Improves dependency detection for Gradle projects.&lt;/p&gt;&lt;/li&gt;&lt;/ul&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;&lt;b&gt;Additional Reliability and Performance Improvements&lt;/b&gt;&lt;/p&gt;&lt;ul&gt;&lt;li&gt;&lt;p&gt;Shows a warning when a request is automatically retried due to rate limiting, instead of retrying silently.&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;Skips the reachability upload when no supported files are present, instead of failing.&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;Fixes dependency resolution for Swift Package Manager projects that reference packages by registry identity, so they&amp;#39;re correctly matched to their GitHub source for vulnerability scanning.&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;Fixes scanning of sbt projects with custom Scala configurations.&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;Fixes a bug where scanning Yarn workspaces could report vulnerabilities from a workspace member&amp;#39;s dev dependencies as production dependencies, when that member was consumed by a sibling package.&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;Updates dependencies to fix vulnerabilities.&lt;/p&gt;&lt;/li&gt;&lt;/ul&gt;&lt;/li&gt;&lt;/ul&gt;&lt;p&gt;Release notes can be found &lt;a href=&quot;https://github.com/snyk/cli/releases/tag/v1.1306.0&quot;&gt;here&lt;/a&gt;.&lt;/p&gt;&lt;p&gt;If you have any questions, feel free to reach out to the Snyk support team. We encourage everyone to upgrade to the latest version to take advantage of these new features and improvements.&lt;/p&gt;</description>
          <pubDate>Thu, 09 Jul 2026 12:30:00 GMT</pubDate>
          <dc:creator>Matt Dolan, Senior Product Manager</dc:creator>
          <guid>7MBDWuJlm8XUQnXdleKakt</guid>
          <category>New</category>
        </item>
        <item>
          <title>Snyk Open Source ecosystem coverage update</title>
          <link>https://updates.snyk.io/snyk-open-source-ecosystem-coverage-update/</link>
          <description>&lt;p&gt;We&amp;#39;ve expanded &lt;b&gt;Snyk Open Source&lt;/b&gt; coverage with improved scanning capabilities. These updates help you close security gaps and manage dependencies more effectively. Key improvements include new support for the uv package manager and enhanced Go scanning for private dependencies.&lt;/p&gt;&lt;h3&gt;uv SCM support&lt;/h3&gt;&lt;p&gt;The uv package manager is an emerging tool in the Python ecosystem. Following our earlier &lt;b&gt;CLI&lt;/b&gt; release, uv is now available in &lt;b&gt;SCM&lt;/b&gt; integrations. You can import uv projects and workspaces, use &lt;b&gt;PR Checks&lt;/b&gt;, and monitor your code directly from your connected Git repositories. You do not need to use the &lt;b&gt;CLI&lt;/b&gt; for these tasks. uv joins pip, Poetry, and Pipenv as the fourth Python ecosystem with native support in &lt;b&gt;Snyk Open Source&lt;/b&gt;.&lt;/p&gt;&lt;p&gt;To get started, enable this feature for your &lt;b&gt;Groups&lt;/b&gt; and &lt;b&gt;Organizations&lt;/b&gt; in Snyk Preview. You can find more details in the &lt;a href=&quot;https://docs.snyk.io/&quot;&gt;Snyk documentation&lt;/a&gt;.&lt;/p&gt;&lt;h3&gt;Improved Go scanning&lt;/h3&gt;&lt;p&gt;Our Go scanning improvements are now generally available. This update features support for private dependencies. Go teams that use private module proxies, such as Artifactory or Nexus, or private repositories via &lt;b&gt;Broker&lt;/b&gt;, can now achieve the same depth of scanning available for public modules.&lt;/p&gt;&lt;p&gt;This ensures you have no blind spots in your dependency graph when a module lives behind authentication. We support both brokered and direct connections across all &lt;b&gt;SCM&lt;/b&gt; integrations. We are rolling this out to all users over the next two weeks. You can learn how to configure private dependencies in the &lt;a href=&quot;https://docs.snyk.io/&quot;&gt;Snyk documentation&lt;/a&gt;.&lt;/p&gt;</description>
          <pubDate>Sun, 28 Jun 2026 23:00:00 GMT</pubDate>
          <dc:creator>undefined, undefined</dc:creator>
          <guid>4BH6GaGikt3gFff7BbWboA</guid>
          <category>General availability</category>
        </item>
        <item>
          <title>Snyk Code: July Release, C++ rules, Java library coverage, and JavaScript Insecure Transmission</title>
          <link>https://updates.snyk.io/snyk-code-july-release-c-rules-java-library-coverage-and-javascript-insecure-transmission/</link>
          <description>&lt;p&gt;The July release expands Snyk Code coverage for C++ with several new rules and broader native C++ detection, improves detection for several popular Java libraries, and adds a new Insecure Transmission rule for JavaScript and TypeScript. These changes arrive with the July release on 1&lt;b&gt;3 July 2026&lt;/b&gt;&lt;/p&gt;&lt;h2&gt;What&amp;#39;s changing&lt;/h2&gt;&lt;h3&gt;New rules&lt;/h3&gt;&lt;ul&gt;&lt;li&gt;&lt;p&gt;&lt;b&gt;Log Forging, C++ (CWE-117, high):&lt;/b&gt; flags untrusted user input reaching a logging sink, which can let an attacker forge or corrupt log entries.&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;&lt;b&gt;Improper Privilege Management, C++ (CWE-269, high):&lt;/b&gt; flags a privilege-dropping call whose result is not verified; a failed call can leave the process running with elevated privileges.&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;&lt;b&gt;Missing Authorization, C++ (CWE-862, CWE-732):&lt;/b&gt; flags overly permissive file permissions (world-writable or world-executable), and calls that pass root (UID or GID 0) to privilege-escalation or file-ownership functions.&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;&lt;b&gt;SSL/TLS Certificate Verification Bypass, C++ (CWE-295, medium):&lt;/b&gt; detects disabled certificate verification across seven TLS frameworks (OpenSSL, Qt, mbedTLS, libcurl, Boost.Asio, libpq, libpqxx), which exposes connections to man-in-the-middle attacks.&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;&lt;b&gt;Insecure TLS Configuration, C++ (CWE-327, high):&lt;/b&gt; detects insecure TLS configuration, such as enabling outdated TLS versions.&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;&lt;b&gt;Sensitive Cookie Without Secure Attribute, C++ (CWE-614, low):&lt;/b&gt; flags cookies that omit the Secure attribute, either by default or explicitly set to false, leaving them exposed to man-in-the-middle attacks.&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;&lt;b&gt;Insecure Transmission, JavaScript (CWE-319):&lt;/b&gt; detects cleartext transmission over insecure transports beyond HTTP. Initial coverage targets Redis clients (@redis/client, ioredis, redis) connecting over a non-TLS redis:// URL. New rule-key, separate from HttpToHttps.&lt;/p&gt;&lt;/li&gt;&lt;/ul&gt;&lt;h3&gt;New C++ coverage&lt;/h3&gt;&lt;p&gt;Detection now extended to native C++ for:&lt;/p&gt;&lt;ul&gt;&lt;li&gt;&lt;p&gt;&lt;b&gt;Code Injection (CWE-94):&lt;/b&gt; across six framework modules: dlopen, LoadLibrary, Lua, CPython, Duktape, QuickJS.&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;&lt;b&gt;Insecure Storage (CWE-922, info):&lt;/b&gt; sqlite, realm, leveldb, rocksdb, lmdb, Qt.&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;&lt;b&gt;Insecure Cipher (CWE-327):&lt;/b&gt; broader native C++ crypto coverage (OpenSSL, Botan, libsodium, libtomcrypt, libgcrypt, Crypto++, mbedTLS).&lt;/p&gt;&lt;/li&gt;&lt;/ul&gt;&lt;h3&gt;Expanded Java library coverage&lt;/h3&gt;&lt;p&gt;Improved detection for code using these popular Java libraries:&lt;/p&gt;&lt;ul&gt;&lt;li&gt;&lt;p&gt;&lt;b&gt;Azure SDK for Java&lt;/b&gt; (&lt;code&gt;com.azure:azure-core&lt;/code&gt;)&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;&lt;b&gt;Logback&lt;/b&gt; (&lt;code&gt;ch.qos.logback:logback-classic&lt;/code&gt;)&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;&lt;b&gt;Reactor Netty HTTP&lt;/b&gt; (&lt;code&gt;io.projectreactor.netty:reactor-netty-http&lt;/code&gt;)&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;&lt;b&gt;Apache Kafka clients&lt;/b&gt; (&lt;code&gt;org.apache.kafka:kafka-clients&lt;/code&gt;)&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;&lt;b&gt;Jackson&lt;/b&gt; (&lt;code&gt;com.fasterxml.jackson.core:&lt;/code&gt; &lt;code&gt;jackson-databind&lt;/code&gt; and &lt;code&gt;jackson-core&lt;/code&gt;)&lt;/p&gt;&lt;/li&gt;&lt;/ul&gt;&lt;p&gt;&lt;/p&gt;</description>
          <pubDate>Fri, 26 Jun 2026 15:00:00 GMT</pubDate>
          <dc:creator>Nina Kanti, Senior Product Manager</dc:creator>
          <guid>4RnO1fTbaEiLmRWyA5aVpv</guid>
          <category>Improved</category>
        </item>
        <item>
          <title>Issue alert emails: updating the default</title>
          <link>https://updates.snyk.io/issue-alert-emails-updating-the-default/</link>
          <description>&lt;p&gt;On July 27, 2026, Snyk updates the default setting for issue alert emails to ensure every notification you receive is relevant to your work. These emails alert you to newly detected vulnerabilities and license violations.&lt;/p&gt;&lt;h2&gt;Summary of changes&lt;/h2&gt;&lt;p&gt;If you have never manually configured your notification preferences, you stop receiving these emails after July 27, 2026. This update moves issue alert notifications to an opt-in model so they only reach you if they are useful to your workflow. If you have already chosen which emails you receive, your preferences do not change and remain preserved exactly as they are.&lt;/p&gt;&lt;h2&gt;Manage your preferences&lt;/h2&gt;&lt;p&gt;You can keep receiving these emails by saving your preferences before the July 27 deadline, or you can re-enable them at any time afterward. Wherever you can set issue alert notifications, a banner appears in the &lt;b&gt;Snyk web UI&lt;/b&gt;. To opt in instantly, click &lt;b&gt;Keep my current selections&lt;/b&gt; in the banner.&lt;/p&gt;&lt;p&gt;You can also manually manage your settings:&lt;/p&gt;&lt;ul&gt;&lt;li&gt;&lt;p&gt;For personal preferences: Navigate to &lt;b&gt;Account Settings&lt;/b&gt;, click &lt;b&gt;Notifications&lt;/b&gt;, find the issue alert emails for the relevant &lt;b&gt;Organizations&lt;/b&gt;, and save your preference.&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;For &lt;b&gt;Organizations &lt;/b&gt;admins: Navigate to &lt;b&gt;Organization Settings&lt;/b&gt;, click &lt;b&gt;Notifications&lt;/b&gt;, and update the default for all members of your organization.&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;For &lt;b&gt;Groups &lt;/b&gt;admins: Navigate to &lt;b&gt;Group&lt;/b&gt;, click &lt;b&gt;Notifications&lt;/b&gt;, and manage issue alert settings across every organization in the &lt;b&gt;Groups &lt;/b&gt;from a single page.&lt;/p&gt;&lt;/li&gt;&lt;/ul&gt;&lt;p&gt;&lt;/p&gt;</description>
          <pubDate>Wed, 24 Jun 2026 04:00:00 GMT</pubDate>
          <dc:creator>Neha Shenoy, Senior Product Manager</dc:creator>
          <guid>4LzoiLq8v3mC6c0dSkcZo3</guid>
          <category>undefined</category>
        </item>
        <item>
          <title>Announcing Snyk CLI v1.1305.2</title>
          <link>https://updates.snyk.io/announcing-snyk-cli-v1-1305-2/</link>
          <description>&lt;p&gt;We are pleased to announce Snyk CLI release, v1.1305.2.&lt;/p&gt;&lt;p&gt;This release contains fixes and minor improvements. To learn more beyond what is highlighted below, please reference the &lt;a href=&quot;https://github.com/snyk/cli/releases/tag/v1.1305.2&quot;&gt;full release notes&lt;/a&gt;.&lt;/p&gt;&lt;p&gt;&lt;b&gt;This update includes the following:&lt;/b&gt;&lt;/p&gt;&lt;ul&gt;&lt;li&gt;&lt;p&gt;Bumped the Go runtime to version 1.26.4.&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;Improved MCP logging and addressed security issues in the Snyk MCP Server.&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;Fixed vulnerabilities: &lt;/p&gt;&lt;ul&gt;&lt;li&gt;&lt;p&gt;CVE-2026-44705&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;CVE-2026-45570&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;CVE-2026-49982&lt;/p&gt;&lt;/li&gt;&lt;/ul&gt;&lt;/li&gt;&lt;/ul&gt;&lt;p&gt;If you have any questions, feel free to reach out to the Snyk support team. We encourage everyone to upgrade to the latest version to take advantage of these improvements.&lt;/p&gt;</description>
          <pubDate>Tue, 23 Jun 2026 10:13:00 GMT</pubDate>
          <dc:creator>Matt Dolan, Senior Product Manager</dc:creator>
          <guid>4hX5U66t4kazSImX4upSwI</guid>
          <category>Fix</category>
        </item>
        <item>
          <title>Snyk Learn lesson roundup: what’s new in June</title>
          <link>https://updates.snyk.io/snyk-learn-lesson-roundup-whats-new-in-june/</link>
          <description>&lt;p&gt;This month on Snyk Learn, we’ve added new AI security lessons covering the attacks that target agentic systems: getting agents to run code they shouldn&amp;#39;t, poisoning their memory to bend their reasoning, and exploiting the gaps where agents talk to each other!&lt;/p&gt;&lt;h3&gt;Security lessons&lt;/h3&gt;&lt;ul&gt;&lt;li&gt;&lt;p&gt;[&lt;i&gt;New&lt;/i&gt;][&lt;b&gt;AI-Sec&lt;/b&gt;] &lt;a href=&quot;https://learn.snyk.io/lesson/agentic-unexpected-code-execution/&quot;&gt;Unexpected code execution (RCE)&lt;/a&gt; - tricking your agentic systems to execute code!&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;[&lt;i&gt;New&lt;/i&gt;][&lt;b&gt;AI-Sec&lt;/b&gt;] &lt;a href=&quot;https://learn.snyk.io/lesson/memory-context-poisoning/&quot;&gt;Memory and Context Poisoning&lt;/a&gt; - how corrupted agent memory can silently reshape reasoning, decisions, and behavior.&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;[&lt;i&gt;New&lt;/i&gt;][&lt;b&gt;AI-Sec&lt;/b&gt;] &lt;a href=&quot;https://learn.snyk.io/lesson/insecure-inter-agent-communication/&quot;&gt;Insecure Inter-Agent Communication&lt;/a&gt; - exploiting weak communication protections between agents.&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;[&lt;i&gt;Updated&lt;/i&gt;] &lt;a href=&quot;https://learn.snyk.io/lesson/generation-of-predictable-numbers-or-identifiers/&quot;&gt;Generation of predictable numbers&lt;/a&gt; - how intruders can use weaknesses in random number generation to launch more successful attacks.&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;[&lt;i&gt;Updated&lt;/i&gt;] &lt;a href=&quot;https://learn.snyk.io/lesson/uncontrolled-recursion/&quot;&gt;Uncontrolled recursion&lt;/a&gt; - how infinite loops can ruin your life and crash your systems.&lt;/p&gt;&lt;/li&gt;&lt;/ul&gt;&lt;h3&gt;Expanded framework &amp;amp; language coverage&lt;/h3&gt;&lt;p&gt;We’ve also expanded Snyk Learn content to cover more of your tech stack:&lt;/p&gt;&lt;ul&gt;&lt;li&gt;&lt;p&gt;New/expanded language support:&lt;/p&gt;&lt;ul&gt;&lt;li&gt;&lt;p&gt;Multiple lessons expanded into Python, Rust, and Ruby for the &lt;a href=&quot;https://learn.snyk.io/learning-paths/owasp-top-10/&quot;&gt;OWASP Top 10&lt;/a&gt;.&lt;/p&gt;&lt;/li&gt;&lt;/ul&gt;&lt;/li&gt;&lt;/ul&gt;&lt;p&gt;Each new/updated lesson above links directly to the relevant content so you can share it with your teams or assign it as part of your training program with the &lt;a href=&quot;https://docs.snyk.io/discover-snyk/snyk-learn#learning-management-add-on&quot;&gt;Snyk Learning Management Add-On&lt;/a&gt;.

Use Snyk Learn to help your security engineers and developers stay ahead of the latest risks!&lt;/p&gt;&lt;p&gt;&lt;i&gt;&lt;b&gt;Bonus Content&lt;/b&gt;&lt;/i&gt;&lt;/p&gt;&lt;p&gt;Snyk is also publishing videos on AI coding and AI security on our &lt;a href=&quot;http://youtube.com/@Snyksec/videos&quot;&gt;YouTube channel&lt;/a&gt;! If you would like to see content like this on Snyk Learn, use the feedback button on Snyk Learn to let us know.&lt;/p&gt;&lt;div&gt;&lt;/div&gt;&lt;p&gt;&lt;/p&gt;</description>
          <pubDate>Wed, 17 Jun 2026 12:00:00 GMT</pubDate>
          <dc:creator>Alex Ley, Senior Director, Snyk Learn</dc:creator>
          <guid>5uvMjwJUSTRUNnM1gvBgZM</guid>
          <category>New</category>
        </item>
        <item>
          <title>Automatically Close Obsolete Open Source Fix PRs with Help from Snyk, Now Generally Available!</title>
          <link>https://updates.snyk.io/automatically-close-obsolete-fix-open-source-prs-with-help-from-snyk-now-generally-available/</link>
          <description>&lt;p&gt;A cluttered PR backlog slows everyone down. &lt;/p&gt;&lt;p&gt;Following a &lt;a href=&quot;https://updates.snyk.io/automatically-close-obsolete-fix-open-source-prs-with-help-from-snyk/&quot;&gt;successful Early Access&lt;/a&gt;, automatic closing of Open Source Fix PRs is now generally available. What&amp;#39;s more, this feature will be turned on by default across all of our customers so your team spends less time triaging stale pull requests and more time shipping.&lt;/p&gt;&lt;p&gt;Whether a developer manually applied a fix, removed the dependency, or a transitive update resolved the issue, Snyk catches it during your next recurring test and closes the outdated PR. We also drop a comment on the PR explaining exactly which issues were resolved, so your team always has the right context without the extra noise.&lt;/p&gt;&lt;p&gt;&lt;b&gt;How it works:&lt;/b&gt;&lt;/p&gt;&lt;ul&gt;&lt;li&gt;&lt;p&gt;Snyk checks your open Fix PRs during recurring tests.&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;If the targeted dependency was removed, updated transitively, or fixed manually, the PR is automatically closed.&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;Snyk leaves a comment detailing the resolved issues so your team knows exactly why it was closed.&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;A Fix PR is only closed if all issues are resolved—if some remain, Snyk leaves the PR open so nothing falls through the cracks.&lt;/p&gt;&lt;/li&gt;&lt;/ul&gt;&lt;p&gt;&lt;b&gt;What&amp;#39;s new at GA:&lt;/b&gt; With the general availability rollout, this feature is now enabled by default for all organizations. Administrators who prefer to manage closures manually can &lt;a href=&quot;https://docs.snyk.io/scan-fix-and-prevent/fix/snyk-pull-or-merge-requests/enable-automatic-fix-prs#turn-off-auto-close-pull-requests&quot;&gt;opt out from the settings page&lt;/a&gt;. You can now also &lt;a href=&quot;https://docs.snyk.io/scan-fix-and-prevent/fix/snyk-pull-or-merge-requests/enable-automatic-fix-prs#how-to-enable-the-automatic-upgrade-prs-option-for-an-organization&quot;&gt;configure the maximum number of obsolete PRs&lt;/a&gt; Snyk will close per day. giving you control of your workflow, a top piece of feedback from Early Access.

We hope you enjoy cleaner, more actionable backlogs!&lt;/p&gt;</description>
          <pubDate>Tue, 16 Jun 2026 04:00:00 GMT</pubDate>
          <dc:creator> Ryan McMorrow, Product Lead, Remediation</dc:creator>
          <guid>1Nx3DHMpp4RFJc0WKl7Fr1</guid>
          <category>General availability</category>
        </item>
        <item>
          <title>Rescheduling Snyk Code June Update on June 15 to June 22</title>
          <link>https://updates.snyk.io/rescheduling-snyk-code-june-update-on-june-15-to-june-22/</link>
          <description>&lt;p&gt;The upcoming improvements for our &lt;b&gt;Snyk Code: June Update&lt;/b&gt; will be postponed from June 15 to June 22. We&amp;#39;re running a final round of quality validation to make sure these updates deliver the most accurate results. 

These updates, including broader TLS and cryptographic detection for .NET and expanded PHP SQL injection coverage, will now go live on June 22.&lt;/p&gt;</description>
          <pubDate>Fri, 12 Jun 2026 14:13:00 GMT</pubDate>
          <dc:creator>Nina Kanti, Senior Product Manager</dc:creator>
          <guid>mZIVGmYfT6zTAQ6u0ZIz3</guid>
          <category>Improved</category>
        </item>
        <item>
          <title>Assess secure-at-inception effectiveness with the Prevention report (Early Access)</title>
          <link>https://updates.snyk.io/assess-secure-at-inception-effectiveness-with-the-prevention-report-early-access/</link>
          <description>&lt;p&gt;We are thrilled to announce that the &lt;b&gt;Prevention Report&lt;/b&gt; is now available in Early Access!&lt;/p&gt;&lt;p&gt;Measuring the true impact of &amp;quot;shifting left&amp;quot; has traditionally been a challenge. We designed the Prevention report to give you clear, actionable visibility into the effectiveness of security adoption directly within your development lifecycle.&lt;/p&gt;&lt;p&gt;This new report tracks the vulnerabilities developers proactively remediate at the point of creation in Snyk Code and Secrets—long before those issues ever reach a pull request or production environment. Data is seamlessly captured in the background as your team works across our developer surfaces, including Snyk Studio (MCP), IDE plugins and extensions, and the CLI.&lt;/p&gt;</description>
          <pubDate>Wed, 03 Jun 2026 04:00:00 GMT</pubDate>
          <dc:creator>Sara Meadzinger, Staff Product Manager</dc:creator>
          <guid>4pD5Wier6jizuHzHG2ViCm</guid>
          <category>Early access</category>
        </item>
        <item>
          <title>Announcing Snyk CLI v1.1305.1</title>
          <link>https://updates.snyk.io/announcing-snyk-cli-v1-1305-1/</link>
          <description>&lt;p&gt;We are pleased to announce Snyk CLI release, v1.1305.1&lt;/p&gt;&lt;p&gt;This release contains fixes and minor improvements. To learn more beyond what is highlighted below, please reference the &lt;a href=&quot;https://github.com/snyk/cli/releases/tag/v1.1305.1&quot;&gt;full release notes&lt;/a&gt;.&lt;/p&gt;&lt;p&gt;&lt;b&gt;This update includes the following:&lt;/b&gt;&lt;/p&gt;&lt;ul&gt;&lt;li&gt;&lt;p&gt;Improved rate-limit handling: the CLI now respects the &lt;code&gt;X-RateLimit-Reset&lt;/code&gt; header when it is rate limited by the API, so retries wait the correct amount of time. This improves the reliability of scans in high-volume and CI/CD environments.&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;Fixed vulnerabilities:&lt;/p&gt;&lt;ul&gt;&lt;li&gt;&lt;p&gt;CVE-2026-39827&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;CVE-2026-39831&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;CVE-2026-33186 (IaC extensions)&lt;/p&gt;&lt;/li&gt;&lt;/ul&gt;&lt;/li&gt;&lt;/ul&gt;&lt;p&gt;If you have any questions, feel free to reach out to the Snyk support team. We encourage everyone to upgrade to the latest version to take advantage of these improvements.&lt;/p&gt;</description>
          <pubDate>Tue, 02 Jun 2026 10:24:00 GMT</pubDate>
          <dc:creator>Matt Dolan, Senior Product Manager</dc:creator>
          <guid>4PcQRoR8LoyJ1NPKqsuHwb</guid>
          <category>Fix</category>
        </item>
        <item>
          <title>Announcing a new Snyk User Docs site structure!</title>
          <link>https://updates.snyk.io/announcing-a-new-snyk-user-docs-site-structure/</link>
          <description>&lt;p&gt;We are excited to announce a redesign of the Snyk User Docs site, introducing a new structure built around site sections.&lt;/p&gt;&lt;p&gt;&lt;b&gt;What&amp;#39;s changed?&lt;/b&gt;&lt;/p&gt;&lt;p&gt;The docs are now reorganized into six clearly defined site sections:&lt;/p&gt;&lt;ul&gt;&lt;li&gt;&lt;p&gt;&lt;b&gt;Discover Snyk: &lt;/b&gt;An introduction to the platform, capabilities, and supported languages.&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;&lt;b&gt;Platform administration: &lt;/b&gt;Settings, user management, Org configuration, and more.&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;&lt;b&gt;Scan, fix, and prevent: &lt;/b&gt;Snyk core security scanning, fixing and prevention workflows&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;&lt;b&gt;Developer tools: &lt;/b&gt;CLI, IDE integrations, related tooling, and more&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;&lt;b&gt;Agent security: &lt;/b&gt;Agentic and AI-powered security features.&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;&lt;b&gt;Snyk data and governance: &lt;/b&gt;Data handling, compliance, and policies.&lt;/p&gt;&lt;/li&gt;&lt;/ul&gt;&lt;p&gt;In addition, there are dedicated sections for &lt;b&gt;Getting started guides&lt;/b&gt; and &lt;b&gt;Implementation guides&lt;/b&gt; to support onboarding and deployment workflows.&lt;/p&gt;</description>
          <pubDate>Thu, 28 May 2026 17:00:00 GMT</pubDate>
          <dc:creator>Natasha Ellingford, Senior Technical Writer</dc:creator>
          <guid>3fKw5TilCqLvKA7nJRsDzg</guid>
          <category>Improved</category>
        </item>
        <item>
          <title>Snyk Code: June Update</title>
          <link>https://updates.snyk.io/snyk-code-june-update/</link>
          <description>&lt;p&gt;We&amp;#39;re expanding Snyk Code analysis for the &lt;b&gt;.NET (C# and VB)&lt;/b&gt; ecosystem with broader detection across TLS configuration, cryptographic algorithms, and third-party crypto libraries. We built these improvements to surface a wider range of crypto-related security issues in .NET codebases while keeping false positives in check. Coverage extends across the standard library and the most common third-party crypto packages, so customers using BouncyCastle see the same depth of detection as native .NET code.&lt;/p&gt;&lt;p&gt;We&amp;#39;re also expanding &lt;b&gt;PHP coverage for SQL injection&lt;/b&gt;, Snyk Code now detects interfile taint flow when the SQL sink is wrapped in a database-access class. These improvements arrive with the June release on &lt;b&gt;15 June 2026.&lt;/b&gt;&lt;/p&gt;&lt;h3&gt;&lt;b&gt;What&amp;#39;s changing&lt;/b&gt;&lt;/h3&gt;&lt;p&gt;&lt;b&gt;New TLS vulnerability detection for .NET (CWE-326)&lt;/b&gt;&lt;/p&gt;&lt;p&gt;Snyk Code now identifies insecure TLS protocol configuration across the most common .NET HTTP and network stacks: ServicePointManager, HttpClientHandler, WinHttpHandler, SocketsHttpHandler, Kestrel, and SslStream. Only TLS 1.2 and 1.3 are considered safe. Earlier protocols are flagged as vulnerable, including bitwise flag combinations.&lt;/p&gt;&lt;p&gt;&lt;b&gt;Broader Insecure Cipher coverage for .NET (CWE-327)&lt;/b&gt;&lt;/p&gt;&lt;p&gt;Generalised cipher detection for C# and VB, with new third-party support via BouncyCastle. Algorithms now flagged: PAKE, Triple DES, DES, Skipjack, RC4, RC2, MD-5, and SHA-1.&lt;/p&gt;&lt;p&gt;&lt;b&gt;Expanded weak-key-size detection for .NET (CWE-326)&lt;/b&gt;&lt;/p&gt;&lt;p&gt;Native standard-library coverage added for ECDHE, ECDH, ECDSA, RSA, AES (GCM), and HMAC-SHA1, HMAC-SHA2, and HMAC-SHA3 across Base, Windows, and Linux .NET types. Third-party support was added for DH, DHE (BouncyCastle), AES-XTS (BouncyCastle), and CMAC-AES (BouncyCastle).&lt;/p&gt;&lt;p&gt;&lt;b&gt;Generalised crypto rule templates for .NET (CWE-326, CWE-327)&lt;/b&gt;&lt;/p&gt;&lt;p&gt;The InsecureCipher, TooSmallKeySize, and WeakEccCurve rules have been refactored into unified report templates.&lt;/p&gt;&lt;p&gt;&lt;b&gt;PHP SQL injection interfile taint flow through wrapper classes (CWE-89)&lt;/b&gt;&lt;/p&gt;&lt;p&gt;Snyk Code now detects SQL injection where the sink is defined in a wrapper class (single level: caller → wrapper → mysql_query)&lt;/p&gt;&lt;h3&gt;&lt;b&gt;Important details to note&lt;/b&gt;&lt;/h3&gt;&lt;ul&gt;&lt;li&gt;&lt;p&gt;You may notice an increase in .NET vulnerability findings after the June release, particularly around TLS misconfiguration and weak cryptographic algorithms.&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;&lt;b&gt;RC2 is reclassified&lt;/b&gt; from TooSmallKeySize to InsecureCipher. Customers with ignores or policies tied to specific rule keys should be aware (Scope is .NET (C# and VB) only).&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;A small number of CryptoServiceProviders false positives related to read-only KeySize properties will no longer fire. These were never actionable in the first place (Scope is .NET (C# and VB) only).&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;PHP customers may see new SQL injection findings after the June release, particularly in codebases that route database calls through wrapper classes.&lt;/p&gt;&lt;/li&gt;&lt;/ul&gt;&lt;p&gt;&lt;/p&gt;</description>
          <pubDate>Thu, 28 May 2026 04:00:00 GMT</pubDate>
          <dc:creator>Nina Kanti, Senior Product Manager</dc:creator>
          <guid>Vn21NL2qEoJm6frwuKHZH</guid>
          <category>Improved</category>
        </item>
        <item>
          <title>Announcing Agent Fix: New Agentic Workflow &amp; Model Upgrade</title>
          <link>https://updates.snyk.io/announcing-agent-fix-new-agentic-workflow-and-model-upgrade/</link>
          <description>&lt;p&gt;&lt;b&gt;New Model &amp;amp; New Architecture&lt;/b&gt;&lt;/p&gt;&lt;p&gt;We&amp;#39;re happy to announce we&amp;#39;re upgrading Agent Fix to use the Claude family of models enhanced by Snyk&amp;#39;s tooling and intelligence. This move delivers the following major improvements: &lt;/p&gt;&lt;p&gt;&lt;b&gt;Security &amp;amp; Functional Enhancements&lt;/b&gt;&lt;/p&gt;&lt;ul&gt;&lt;li&gt;&lt;p&gt;&lt;b&gt;Agentic Retries:&lt;/b&gt; Our new workflow now detects where code suggestions deviate from security best practices. Instead of discarding the result, the system analyzes the failure and injects tailored guidance into the agent&amp;#39;s subsequent attempts. &lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;&lt;b&gt;Dynamic Few-Shot Prompting:&lt;/b&gt; We now use the same training set used to fine-tune our internal model to dynamically provide secure fix examples for the new model to follow. &lt;/p&gt;&lt;/li&gt;&lt;/ul&gt;&lt;p&gt;&lt;b&gt;Expanded Support&lt;/b&gt;&lt;/p&gt;&lt;ul&gt;&lt;li&gt;&lt;p&gt;&lt;b&gt;Full Language Coverage:&lt;/b&gt; We will enable support for all Snyk Code languages on Day 1, removing previous limitations on language availability.&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;&lt;b&gt;Comprehensive Rule Support:&lt;/b&gt; AI-powered fixes are now available for all supported rules and vulnerability types across the platform.&lt;/p&gt;&lt;/li&gt;&lt;/ul&gt;&lt;p&gt;&lt;b&gt;Measurable Impact&lt;/b&gt;&lt;/p&gt;&lt;ul&gt;&lt;li&gt;&lt;p&gt;&lt;b&gt;Golden Test Benchmark&lt;/b&gt;: Both Sonnet 4.6 and Opus 4.6 saw improved performance against Snyk’s Golden Test benchmark (72.4% to 82.5% and 74.6% to 85.4% respectively) with this new architecture vs. the models on their own. &lt;/p&gt;&lt;/li&gt;&lt;/ul&gt;&lt;p&gt;Check out &lt;a href=&quot;https://snyk.io/blog/snyk-agent-fix-agentic-architecture/&quot;&gt;&lt;u&gt;the blog&lt;/u&gt;&lt;/a&gt; for more details. This update started rolling out on May 26th and will reach 100% by end of day on May 28th. &lt;/p&gt;</description>
          <pubDate>Thu, 28 May 2026 03:00:00 GMT</pubDate>
          <dc:creator>David Alessi, Staff Product Manager</dc:creator>
          <guid>3OvjhU6B2afJPsBQs1NPfb</guid>
          <category>Improved</category>
        </item>
        <item>
          <title>OWASP Top 10:2025 Support in Snyk API &amp; Web</title>
          <link>https://updates.snyk.io/owasp-top-10-2025-support-in-snyk-api-and-web/</link>
          <description>&lt;p&gt;Snyk API &amp;amp; Web now supports the &lt;b&gt;OWASP Top 10:2025&lt;/b&gt; standard for compliance reporting. Users can generate compliance reports against either OWASP 2025 or OWASP 2021 — both versions remain available.&lt;/p&gt;</description>
          <pubDate>Thu, 21 May 2026 08:00:00 GMT</pubDate>
          <dc:creator>Ana Pascoal, Product Manager</dc:creator>
          <guid>62xqWbXv5Dx5VMXjjgHy8j</guid>
          <category>Improved</category>
        </item>
        <item>
          <title>Announcing Snyk CLI v1.1305.0</title>
          <link>https://updates.snyk.io/announcing-snyk-cli-v1-1305-0/</link>
          <description>&lt;p&gt;We are pleased to announce the latest stable Snyk CLI release, v1.1305.0.&lt;/p&gt;&lt;p&gt;We are introducing the following key improvements in this version. To learn more about bug fixes and additional enhancements beyond what is highlighted below, please reference the full release notes.&lt;/p&gt;&lt;p&gt;&lt;b&gt;This update includes the following:&lt;/b&gt;&lt;/p&gt;&lt;ul&gt;&lt;li&gt;&lt;p&gt;&lt;b&gt;SBOM&lt;/b&gt;&lt;/p&gt;&lt;ul&gt;&lt;li&gt;&lt;p&gt;Introduces the &lt;code&gt;--allow-incomplete-sbom&lt;/code&gt; flag for &lt;code&gt;snyk sbom&lt;/code&gt;, allowing the SBOM to be generated even when individual projects fail to resolve. Failed projects are surfaced as per-project errors alongside the successful results.&lt;/p&gt;&lt;/li&gt;&lt;/ul&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;&lt;b&gt;Container&lt;/b&gt;&lt;/p&gt;&lt;ul&gt;&lt;li&gt;&lt;p&gt;Speed up &lt;code&gt;snyk container monitor&lt;/code&gt; by sending dependency requests in parallel, configurable via the SNYK_&lt;code&gt;REQUEST_CONCURRENCY&lt;/code&gt; environment variable.&lt;/p&gt;&lt;/li&gt;&lt;/ul&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;&lt;b&gt;MCP&lt;/b&gt;&lt;/p&gt;&lt;ul&gt;&lt;li&gt;&lt;p&gt;Adds an experimental breakability evaluation tool to the Snyk MCP Server.&lt;/p&gt;&lt;/li&gt;&lt;/ul&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;&lt;b&gt;Static CLI binaries for Linux&lt;/b&gt;&lt;/p&gt;&lt;ul&gt;&lt;li&gt;&lt;p&gt;Linux ARM64 and AMD64 binaries are now statically linked by default.&lt;/p&gt;&lt;/li&gt;&lt;/ul&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;&lt;b&gt;Additional Reliability and Performance Improvements&lt;/b&gt;&lt;/p&gt;&lt;ul&gt;&lt;li&gt;&lt;p&gt;npm package aliases from lockfile now appropriately used in &lt;code&gt;test&lt;/code&gt; command.&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;Fixes parsing of Python &lt;code&gt;.whl&lt;/code&gt; files when scanning projects with &lt;code&gt;--all-projects&lt;/code&gt;.&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;Updates dependencies to fix vulnerabilities&lt;/p&gt;&lt;/li&gt;&lt;/ul&gt;&lt;/li&gt;&lt;/ul&gt;&lt;p&gt;Release notes can be found &lt;a href=&quot;https://github.com/snyk/cli/releases/tag/v1.1305.0&quot;&gt;&lt;u&gt;here&lt;/u&gt;&lt;/a&gt;.&lt;/p&gt;&lt;p&gt;If you have any questions, feel free to reach out to the Snyk support team. We encourage everyone to upgrade to the latest version to take advantage of these new features and improvements.&lt;/p&gt;</description>
          <pubDate>Wed, 20 May 2026 14:15:00 GMT</pubDate>
          <dc:creator>Matt Dolan, Senior Product Manager</dc:creator>
          <guid>3nrVZBTuj3dH8upUKktVN</guid>
          <category>New</category>
        </item>
        <item>
          <title>More flexibility when exporting table data to CSV with Snyk API &amp; Web</title>
          <link>https://updates.snyk.io/more-flexibility-when-exporting-table-data-to-csv-with-snyk-api-and-web/</link>
          <description>&lt;p&gt;We&amp;#39;ve improved the recently introduced &lt;b&gt;Download CSV&lt;/b&gt; feature to offer greater flexibility when exporting data directly from the Snyk API &amp;amp; Web interface.&lt;/p&gt;</description>
          <pubDate>Wed, 20 May 2026 12:00:00 GMT</pubDate>
          <dc:creator>Ana Pascoal, Product Manager</dc:creator>
          <guid>10WoWhB7r8H1hiLmwW2qmX</guid>
          <category>Improved</category>
        </item>
        <item>
          <title> Snyk Learn lesson roundup: what’s new in May</title>
          <link>https://updates.snyk.io/snyk-learn-lesson-roundup-whats-new-in-may/</link>
          <description>&lt;p&gt;This month on &lt;a href=&quot;https://learn.snyk.io/&quot;&gt;Snyk Learn&lt;/a&gt;, there are brand new lessons for &lt;a href=&quot;https://evo.ai.snyk.io/&quot;&gt;Evo by Snyk&lt;/a&gt;, along with a refreshed &amp;quot;&lt;a href=&quot;https://learn.snyk.io/catalog/?q=Snyk+in+an+IDE&quot;&gt;Snyk in an IDE&lt;/a&gt;&amp;quot; lesson set. We are also excited to launch the new &lt;a href=&quot;https://learn.snyk.io/learning-paths/secure-ai-development/&quot;&gt;AI Secure Development&lt;/a&gt; learning path, where you will learn to build any app securely using AI while mastering foundational AI-powered security topics such as prompt injection and MCP.&lt;/p&gt;&lt;p&gt;Try the new &amp;quot;Feedback&amp;quot; button on &lt;a href=&quot;https://learn.snyk.io&quot;&gt;learn.snyk.io&lt;/a&gt; &lt;i&gt;(login required) &lt;/i&gt;to share feedback and topic suggestions.&lt;/p&gt;&lt;h3&gt;Security lessons&lt;/h3&gt;&lt;ul&gt;&lt;li&gt;&lt;p&gt;[&lt;b&gt;New&lt;/b&gt;] &lt;b&gt;Learning Path&lt;/b&gt; - &lt;a href=&quot;https://learn.snyk.io/learning-paths/secure-ai-development/&quot;&gt;AI Secure Development&lt;/a&gt;&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;[&lt;b&gt;New&lt;/b&gt;] &lt;a href=&quot;https://learn.snyk.io/lesson/getting-started-with-ai-development/&quot;&gt;Getting started with AI development&lt;/a&gt;&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;[&lt;b&gt;New&lt;/b&gt;] &lt;a href=&quot;https://learn.snyk.io/lesson/prompt-engineering/&quot;&gt;Prompt engineering&lt;/a&gt;&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;[&lt;b&gt;New&lt;/b&gt;] &lt;a href=&quot;https://learn.snyk.io/lesson/ai-app-development/&quot;&gt;AI app development&lt;/a&gt;&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;[&lt;b&gt;New&lt;/b&gt;] &lt;a href=&quot;https://learn.snyk.io/lesson/securing-your-ai-app/&quot;&gt;Securing your AI app&lt;/a&gt;&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;[&lt;b&gt;New&lt;/b&gt;] &lt;a href=&quot;https://learn.snyk.io/lesson/ai-in-the-sdlc/&quot;&gt;AI in the Software Development Life Cycle (SDLC)&lt;/a&gt;&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;[&lt;b&gt;New&lt;/b&gt;] &lt;a href=&quot;https://learn.snyk.io/lesson/ai-agents-securing-autonomous-workflows/&quot;&gt;AI Agents: Securing Autonomous Workflows&lt;/a&gt;&lt;/p&gt;&lt;/li&gt;&lt;/ul&gt;&lt;h3&gt;Snyk platform lessons&lt;/h3&gt;&lt;ul&gt;&lt;li&gt;&lt;p&gt;[&lt;b&gt;New&lt;/b&gt;] &lt;a href=&quot;https://learn.snyk.io/lesson/navigating-evo-interface/?ecosystem=general&quot;&gt;Navigating the Evo Interface&lt;/a&gt; - a new lesson to familiarize yourself with the unified agentic interface in Evo by Snyk.&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;[&lt;b&gt;New&lt;/b&gt;] &lt;a href=&quot;https://learn.snyk.io/lesson/ai-security-posture-management/?ecosystem=general&quot;&gt;AI Security Posture Management (AI-SPM)&lt;/a&gt; - a new lesson that enables users to detect AI assets via AI-BOM scans and enforce governance through Natural Language Policies as well as traditional menu items.

We have refreshed the following lessons to ensure all content reflects our current platform and products, also providing a streamlined, role-based learning experience:
&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;&lt;b&gt;[Updated]&lt;/b&gt; &lt;a href=&quot;https://learn.snyk.io/lesson/snyk-in-an-ide/?ecosystem=general&quot;&gt;Using Snyk in an IDE&lt;/a&gt; - updated to reflect the Developer’s workflow, including installing the plugin, authenticating, and using real-time scanning to find and fix vulnerabilities without leaving your IDE.&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;&lt;b&gt;[Updated]&lt;/b&gt; &lt;a href=&quot;https://learn.snyk.io/lesson/administrating-snyk-in-an-ide/?ecosystem=general&quot;&gt;Administrating Snyk in an IDE&lt;/a&gt; - formerly part of the “Using Snyk in an IDE” course, this lesson now focuses on the Administrator’s workflow, including advanced configuration and governance.&lt;/p&gt;&lt;/li&gt;&lt;/ul&gt;&lt;h3&gt;Expanded framework and coding languages coverage&lt;/h3&gt;&lt;p&gt;We’ve also expanded Snyk Learn content to cover more of your tech stack:&lt;/p&gt;&lt;ul&gt;&lt;li&gt;&lt;p&gt;New/expanded language support:&lt;/p&gt;&lt;ul&gt;&lt;li&gt;&lt;p&gt;Multiple lessons expanded into Python, Rust, and Ruby for the &lt;a href=&quot;https://learn.snyk.io/learning-paths/owasp-top-10/&quot;&gt;OWASP Top 10&lt;/a&gt; learning path.&lt;/p&gt;&lt;/li&gt;&lt;/ul&gt;&lt;/li&gt;&lt;/ul&gt;&lt;p&gt;Each new/updated lesson above links directly to the relevant content so you can share it with your teams or assign it as part of your training program with the &lt;a href=&quot;https://docs.snyk.io/discover-snyk/snyk-learn#learning-management-add-on&quot;&gt;Snyk Learning Management Add-On&lt;/a&gt;.&lt;/p&gt;</description>
          <pubDate>Mon, 11 May 2026 16:25:00 GMT</pubDate>
          <dc:creator>undefined, undefined</dc:creator>
          <guid>wmTvHjbGRBYaxt020Bh7f</guid>
          <category>New</category>
        </item>
        <item>
          <title>Snyk Studio: Introducing Asynchronous, Hooks-Based Guardrails for AI Agents</title>
          <link>https://updates.snyk.io/snyk-studio-introducing-asynchronous-hooks-based-guardrails-for-ai-agents/</link>
          <description>&lt;h2&gt;Introducing Hooks-Based Guardrails&lt;/h2&gt;&lt;p&gt;Snyk Studio is evolving our agentic guardrails to enable deeper trust in agent-generated code. We are debuting a new asynchronous, hooks-based approach to replace traditional rules-based guardrails, ensuring that security remains deterministic and efficient without slowing down the developer loop.&lt;/p&gt;&lt;p&gt;As agentic development has matured, initial friction points in rules-based models have become apparent. By transitioning to a hooks-based architecture, Snyk Studio resolves these key challenges with the traditional rules-based approach:&lt;/p&gt;&lt;ul&gt;&lt;li&gt;&lt;p&gt;Determinism: While agents may occasionally ignore traditional rules, hooks are deterministic, ensuring that defined security scans are executed every time.&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;Zero Latency: Unlike rules-based models that add visible friction to the developer experience, hooks leverage background scans to provide a low-latency workflow.&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;Context Window Efficiency: The rules-based approach injected Snyk scan results into the agent&amp;#39;s context window, consuming limited token space. Hooks decouple scan execution and results, keeping the context window focused on coding tasks.&lt;/p&gt;&lt;/li&gt;&lt;/ul&gt;&lt;h2&gt;Support for Leading ADEs&lt;/h2&gt;&lt;p&gt;We have targeted support for the hook-based approach to cover popular Agentic Development Environments (ADEs) across both Windows and macOS. You can now leverage Snyk Studio guardrails in:&lt;/p&gt;&lt;ul&gt;&lt;li&gt;&lt;p&gt;Claude Code&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;Cursor&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;Gemini CLI&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;Codex CLI (coming soon)&lt;/p&gt;&lt;/li&gt;&lt;/ul&gt;&lt;p&gt;We also support automatic configuration of the /snyk-fix command, /snyk-batch-fix command, MCP server, and secure dependency health check skill for:&lt;/p&gt;&lt;ul&gt;&lt;li&gt;&lt;p&gt;Kiro&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;Windsurf&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;Copilot CLI&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;Copilot VS Code Extension&lt;/p&gt;&lt;/li&gt;&lt;/ul&gt;&lt;h2&gt;Scaling for the Enterprise&lt;/h2&gt;&lt;p&gt;To simplify adoption, we have released an installation script to automate configuration and deployment. The install script:&lt;/p&gt;&lt;ul&gt;&lt;li&gt;&lt;p&gt;Supports Windows and Mac&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;Can be used via MDM to support distribution at scale&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;Installs the /snyk-fix command, /snyk-batch-fix command, MCP server, and secure dependency health check skill on: Claude Code, Cursor, Gemini CLI, Codex CLI (coming soon), Kiro, Windsurf, Copilot CLI, and the Copilot VS Code Extension&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;Installs hooks on: Claude Code, Cursor, Gemini CLI, Codex CLI (coming soon)&lt;/p&gt;&lt;/li&gt;&lt;/ul&gt;&lt;h3&gt;Getting Started&lt;/h3&gt;&lt;p&gt;See our &lt;a href=&quot;https://docs.snyk.io/integrations/snyk-studio-agentic-integrations/getting-started-with-snyk-studio&quot;&gt;revamped documentation&lt;/a&gt; to get hooks configured and installed in your favorite ADE.&lt;/p&gt;&lt;h3&gt;What’s Next&lt;/h3&gt;&lt;p&gt;We will continue to expand support for additional ADEs and are working to integrate Snyk Studio distribution directly with Agent Scan and Agent Guard.&lt;/p&gt;</description>
          <pubDate>Mon, 11 May 2026 16:00:00 GMT</pubDate>
          <dc:creator>Sam Broadaway, Senior Product Manager</dc:creator>
          <guid>6X6oeONbtFNPXnq2yflIXe</guid>
          <category>Early access</category>
        </item>
        <item>
          <title>New Analytics Overview Widgets </title>
          <link>https://updates.snyk.io/new-analytics-overview-widgets/</link>
          <description>&lt;p&gt;We&amp;#39;ve added several new widgets to the analytics overview to provide better visibility into your security program. These updates include key performance indicators (KPIs) from the Snyk Studio and pull request (PR) check reports directly into your main dashboard. &lt;/p&gt;</description>
          <pubDate>Fri, 08 May 2026 04:00:00 GMT</pubDate>
          <dc:creator>Sara Meadzinger, Staff Product Manager</dc:creator>
          <guid>4unRGK5pf77UwRvDCxRDnG</guid>
          <category>New</category>
        </item>
        <item>
          <title>Announcing Snyk CLI v1.1304.2</title>
          <link>https://updates.snyk.io/announcing-snyk-cli-v1-1304-2/</link>
          <description>&lt;p&gt;We are pleased to announce Snyk CLI release, v1.1304.2&lt;/p&gt;&lt;p&gt;This release contains fixes and minor improvements. To learn more beyond what is highlighted below, please reference the &lt;a href=&quot;https://github.com/snyk/cli/releases/tag/v1.1304.2&quot;&gt;full release notes&lt;/a&gt;.&lt;/p&gt;&lt;p&gt;&lt;b&gt;This update includes the following:&lt;/b&gt;&lt;/p&gt;&lt;ul&gt;&lt;li&gt;&lt;p&gt;Fixed vulnerabilities:&lt;/p&gt;&lt;ul&gt;&lt;li&gt;&lt;p&gt;&lt;a href=&quot;https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMAWSAWSSDKGOV2AWSPROTOCOLEVENTSTREAM-16316402&quot;&gt;&lt;u&gt;SNYK-GOLANG-GITHUBCOMAWSAWSSDKGOV2AWSPROTOCOLEVENTSTREAM-16316402&lt;/u&gt;&lt;/a&gt;&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;&lt;a href=&quot;https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMAWSAWSSDKGOV2SERVICES3-16316411&quot;&gt;&lt;u&gt;SNYK-GOLANG-GITHUBCOMAWSAWSSDKGOV2SERVICES3-16316411&lt;/u&gt;&lt;/a&gt;&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;CVE-2026-39892&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;CVE-2026-33750&lt;/p&gt;&lt;/li&gt;&lt;/ul&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;Snyk Studio: Adding missing tools annotations to MCP server&lt;/p&gt;&lt;/li&gt;&lt;/ul&gt;&lt;p&gt;If you have any questions, feel free to reach out to the Snyk support team. We encourage everyone to upgrade to the latest version to take advantage of these improvements.&lt;/p&gt;</description>
          <pubDate>Wed, 06 May 2026 12:30:00 GMT</pubDate>
          <dc:creator>Matt Dolan, Senior Product Manager</dc:creator>
          <guid>5HGIlkf3ZD3SIYSfxWPQUH</guid>
          <category>Fix</category>
        </item>
        <item>
          <title>Improved zero-day report filtering and visibility</title>
          <link>https://updates.snyk.io/improved-zero-day-report-filtering-and-visibility/</link>
          <description>&lt;p&gt;We’re improving the usability of our zero-day reports to help you manage multiple security incidents more effectively. We expanded the filter bar for selected zero-day events to provide better context when you view data from several incidents at once. Additionally, the Accumulative Issues Backlog trend chart now breaks out each selected incident individually, and we added a new filter to the open issues side panel that allows you to toggle between open and resolved issues.&lt;/p&gt;</description>
          <pubDate>Tue, 05 May 2026 04:00:00 GMT</pubDate>
          <dc:creator>Sara Meadzinger, Staff Product Manager</dc:creator>
          <guid>2X0mVezQR7n4gMo2mrMP9c</guid>
          <category>Improved</category>
        </item>
        <item>
          <title>Expanded Container JVM Support</title>
          <link>https://updates.snyk.io/expanded-container-jvm-support/</link>
          <description>&lt;p&gt;We are pleased to announce expanded JVM support for Snyk Container vulnerability scanning. Previously, detection for unmanaged Java container software was limited to OpenJDK 8 binaries. With this update, customers can now identify vulnerabilities in their container images for Java versions beyond OpenJDK 8.&lt;/p&gt;</description>
          <pubDate>Thu, 30 Apr 2026 20:00:00 GMT</pubDate>
          <dc:creator>undefined, undefined</dc:creator>
          <guid>6xKIfOxYMVDo8af4N56qsb</guid>
          <category>Improved</category>
        </item>
        <item>
          <title>Announcing Snyk CLI v1.1304.1</title>
          <link>https://updates.snyk.io/announcing-snyk-cli-v1-1304-1/</link>
          <description>&lt;p&gt;We are pleased to announce Snyk CLI release, v1.1304.1&lt;/p&gt;&lt;p&gt;This release contains fixes and minor improvements. To learn more beyond what is highlighted below, please reference the &lt;a href=&quot;https://github.com/snyk/cli/releases/tag/v1.1304.1&quot;&gt;full release notes&lt;/a&gt;.&lt;/p&gt;&lt;p&gt;&lt;b&gt;This update includes the following:&lt;/b&gt;&lt;/p&gt;&lt;ul&gt;&lt;li&gt;&lt;p&gt;Improved error handling to prioritize and surface the most relevant error and correct exit code when multiple errors occur during maintenance windows. Exit code behavior is documented here:&lt;/p&gt;&lt;ul&gt;&lt;li&gt;&lt;p&gt;&lt;a href=&quot;https://docs.snyk.io/developer-tools/snyk-cli/debugging-the-snyk-cli#exit-codes&quot;&gt;https://docs.snyk.io/developer-tools/snyk-cli/debugging-the-snyk-cli#exit-codes&lt;/a&gt;&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;&lt;a href=&quot;https://docs.snyk.io/scan-with-snyk/error-catalog#snyk-0099&quot;&gt;https://docs.snyk.io/scan-with-snyk/error-catalog#snyk-0099&lt;/a&gt;&lt;/p&gt;&lt;/li&gt;&lt;/ul&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;Snyk Agent Scan: Improved CI flexibility with an issues ignore option, and added support for Windows x86 and macOS x86 architectures.&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;Fixed vulnerabilities:&lt;/p&gt;&lt;ul&gt;&lt;li&gt;&lt;p&gt;CVE-2026-4660&lt;/p&gt;&lt;/li&gt;&lt;li&gt;&lt;p&gt;CVE-2026-39883&lt;/p&gt;&lt;/li&gt;&lt;/ul&gt;&lt;/li&gt;&lt;/ul&gt;&lt;p&gt;If you have any questions, feel free to reach out to the Snyk support team. We encourage everyone to upgrade to the latest version to take advantage of these improvements.&lt;/p&gt;</description>
          <pubDate>Mon, 27 Apr 2026 12:30:00 GMT</pubDate>
          <dc:creator>Matt Dolan, Senior Product Manager</dc:creator>
          <guid>bqPp6lI0Wu1bAoe3yB6wU</guid>
          <category>Fix</category>
        </item>
        <item>
          <title>Snyk Code - Early May 2026 Update</title>
          <link>https://updates.snyk.io/snyk-code-early-may-2026-update/</link>
          <description>&lt;p&gt;Starting May 5, 2026, we&amp;#39;re updating Snyk Code to improve scanning precision and reduce noise across all supported languages.&lt;/p&gt;&lt;h3&gt;Improvements to scanning precision&lt;/h3&gt;&lt;p&gt;&lt;b&gt;All languages — Path Traversal severity tuning (CWE-22)&lt;/b&gt;
Path Traversal findings are now tiered by source risk. Findings from lower-risk sources are automatically reclassified from High/Medium to Low severity, reducing noise while keeping high-risk vectors prominent.&lt;/p&gt;&lt;p&gt;&lt;b&gt;Java, Kotlin, Groovy — Apache Camel framework coverage (CWE-89 / CWE-22 / CWE-611)&lt;/b&gt;
Apache Camel &lt;code&gt;Exchange&lt;/code&gt; HTTP sources are now tracked as taint origins. Applications using Apache Camel will see new findings where HTTP body and header values flow into SQL injection, path traversal, or XXE sinks. Customers using Apache Camel may see an increase in findings.&lt;/p&gt;&lt;p&gt;&lt;b&gt;All languages — Improved &lt;/b&gt;&lt;b&gt;&lt;code&gt;.snyk&lt;/code&gt;&lt;/b&gt;&lt;b&gt; exclude precision&lt;/b&gt;
&lt;code&gt;.snyk&lt;/code&gt; exclude patterns now use full &lt;code&gt;.gitignore&lt;/code&gt;-style glob semantics for more expressive and consistent scan scope control. Customers relying on &lt;code&gt;.snyk&lt;/code&gt; exclude rules may see changes in scan scope.&lt;/p&gt;&lt;p&gt;&lt;b&gt;Python — Reduced false positives on archive extraction (CWE-22 / CWE-73)
&lt;/b&gt;Python TarSlip detection is now scoped to genuine archive operations. Previously,  any &lt;code&gt;.extract()&lt;/code&gt; method call was flagged regardless of context - causing false positives in document parsers, ML pipelines, and custom extraction classes. 
Findings now only fire when the receiver is a &lt;code&gt;tarfile.open()&lt;/code&gt; or &lt;code&gt;zipfile.ZipFile()&lt;/code&gt; object. ZipSlip detection via &lt;code&gt;zipfile.ZipFile&lt;/code&gt; is also improved. Customers may see a reduction in Python TarSlip findings and new ZipSlip findings where archive contents are extracted without path sanitisation. &lt;/p&gt;&lt;h3&gt;Important details to note&lt;/h3&gt;&lt;p&gt;All percentage improvements are based on Snyk&amp;#39;s curated open-source data set. As part of these updates, you may see a decrease in High and Medium severity counts for Path Traversal as findings move to Low based on source risk tier. Total finding counts remain stable. Customers using Apache Camel may see an increase in findings as new data flows are detected. These changes apply specifically to the languages and CWEs listed above, while other scan areas remain unchanged.&lt;/p&gt;</description>
          <pubDate>Thu, 23 Apr 2026 08:00:00 GMT</pubDate>
          <dc:creator>Sebastian Roth, Senior Product Manager</dc:creator>
          <guid>6l6RW1hJj0puka63UNio5e</guid>
          <category>Improved</category>
        </item>
      </channel>
    </rss>