snyk.io updates

Snyk Learn lesson roundup: what’s new in May

undefined, undefined — Mon, 11 May 2026 16:25:00 GMT

This month on Snyk Learn, there are brand new lessons for Evo by Snyk, along with a refreshed "Snyk in an IDE" lesson set. We are also excited to launch the new AI Secure Development learning path, where you will learn to build any app securely using AI while mastering foundational AI-powered security topics such as prompt injection and MCP.

Try the new "Feedback" button on learn.snyk.io (login required) to share feedback and topic suggestions.

Security lessons

[New] Learning Path - AI Secure Development
[New] Getting started with AI development
[New] Prompt engineering
[New] AI app development
[New] Securing your AI app
[New] AI in the Software Development Life Cycle (SDLC)
[New] AI Agents: Securing Autonomous Workflows

Snyk platform lessons

[New] Navigating the Evo Interface - a new lesson to familiarize yourself with the unified agentic interface in Evo by Snyk.
[New] AI Security Posture Management (AI-SPM) - a new lesson that enables users to detect AI assets via AI-BOM scans and enforce governance through Natural Language Policies as well as traditional menu items. We have refreshed the following lessons to ensure all content reflects our current platform and products, also providing a streamlined, role-based learning experience:
[Updated] Using Snyk in an IDE - updated to reflect the Developer’s workflow, including installing the plugin, authenticating, and using real-time scanning to find and fix vulnerabilities without leaving your IDE.
[Updated] Administrating Snyk in an IDE - formerly part of the “Using Snyk in an IDE” course, this lesson now focuses on the Administrator’s workflow, including advanced configuration and governance.

Expanded framework and coding languages coverage

We’ve also expanded Snyk Learn content to cover more of your tech stack:

New/expanded language support:
- Multiple lessons expanded into Python, Rust, and Ruby for the OWASP Top 10 learning path.

Each new/updated lesson above links directly to the relevant content so you can share it with your teams or assign it as part of your training program with the Snyk Learning Management Add-On.

Snyk Studio: Introducing Asynchronous, Hooks-Based Guardrails for AI Agents

Sam Broadaway, Senior Product Manager — Mon, 11 May 2026 16:00:00 GMT

Introducing Hooks-Based Guardrails

Snyk Studio is evolving our agentic guardrails to enable deeper trust in agent-generated code. We are debuting a new asynchronous, hooks-based approach to replace traditional rules-based guardrails, ensuring that security remains deterministic and efficient without slowing down the developer loop.

As agentic development has matured, initial friction points in rules-based models have become apparent. By transitioning to a hooks-based architecture, Snyk Studio resolves these key challenges with the traditional rules-based approach:

Determinism: While agents may occasionally ignore traditional rules, hooks are deterministic, ensuring that defined security scans are executed every time.
Zero Latency: Unlike rules-based models that add visible friction to the developer experience, hooks leverage background scans to provide a low-latency workflow.
Context Window Efficiency: The rules-based approach injected Snyk scan results into the agent's context window, consuming limited token space. Hooks decouple scan execution and results, keeping the context window focused on coding tasks.

Support for Leading ADEs

We have targeted support for the hook-based approach to cover popular Agentic Development Environments (ADEs) across both Windows and macOS. You can now leverage Snyk Studio guardrails in:

Claude Code
Cursor
Gemini CLI
Codex CLI (coming soon)

We also support automatic configuration of the /snyk-fix command, /snyk-batch-fix command, MCP server, and secure dependency health check skill for:

Kiro
Windsurf
Copilot CLI
Copilot VS Code Extension

Scaling for the Enterprise

To simplify adoption, we have released an installation script to automate configuration and deployment. The install script:

Supports Windows and Mac
Can be used via MDM to support distribution at scale
Installs the /snyk-fix command, /snyk-batch-fix command, MCP server, and secure dependency health check skill on: Claude Code, Cursor, Gemini CLI, Codex CLI (coming soon), Kiro, Windsurf, Copilot CLI, and the Copilot VS Code Extension
Installs hooks on: Claude Code, Cursor, Gemini CLI, Codex CLI (coming soon)

Getting Started

See our revamped documentation to get hooks configured and installed in your favorite ADE.

What’s Next

We will continue to expand support for additional ADEs and are working to integrate Snyk Studio distribution directly with Agent Scan and Agent Guard.

New Analytics Overview Widgets

Sara Meadzinger, Staff Product Manager — Fri, 08 May 2026 04:00:00 GMT

We've added several new widgets to the analytics overview to provide better visibility into your security program. These updates include key performance indicators (KPIs) from the Snyk Studio and pull request (PR) check reports directly into your main dashboard.

Announcing Snyk CLI v1.1304.2

Matt Dolan, Senior Product Manager — Wed, 06 May 2026 12:30:00 GMT

We are pleased to announce Snyk CLI release, v1.1304.2

This release contains fixes and minor improvements. To learn more beyond what is highlighted below, please reference the full release notes.

This update includes the following:

Fixed vulnerabilities:
- SNYK-GOLANG-GITHUBCOMAWSAWSSDKGOV2AWSPROTOCOLEVENTSTREAM-16316402
- SNYK-GOLANG-GITHUBCOMAWSAWSSDKGOV2SERVICES3-16316411
- CVE-2026-39892
- CVE-2026-33750
Snyk Studio: Adding missing tools annotations to MCP server

If you have any questions, feel free to reach out to the Snyk support team. We encourage everyone to upgrade to the latest version to take advantage of these improvements.

Improved zero-day report filtering and visibility

Sara Meadzinger, Staff Product Manager — Tue, 05 May 2026 04:00:00 GMT

We’re improving the usability of our zero-day reports to help you manage multiple security incidents more effectively. We expanded the filter bar for selected zero-day events to provide better context when you view data from several incidents at once. Additionally, the Accumulative Issues Backlog trend chart now breaks out each selected incident individually, and we added a new filter to the open issues side panel that allows you to toggle between open and resolved issues.

Expanded Container JVM Support

undefined, undefined — Thu, 30 Apr 2026 20:00:00 GMT

We are pleased to announce expanded JVM support for Snyk Container vulnerability scanning. Previously, detection for unmanaged Java container software was limited to OpenJDK 8 binaries. With this update, customers can now identify vulnerabilities in their container images for Java versions beyond OpenJDK 8.

Announcing Snyk CLI v1.1304.1

Matt Dolan, Senior Product Manager — Mon, 27 Apr 2026 12:30:00 GMT

We are pleased to announce Snyk CLI release, v1.1304.1

This release contains fixes and minor improvements. To learn more beyond what is highlighted below, please reference the full release notes.

This update includes the following:

Improved error handling to prioritize and surface the most relevant error and correct exit code when multiple errors occur during maintenance windows. Exit code behavior is documented here:
- https://docs.snyk.io/developer-tools/snyk-cli/debugging-the-snyk-cli#exit-codes
- https://docs.snyk.io/scan-with-snyk/error-catalog#snyk-0099
Snyk Agent Scan: Improved CI flexibility with an issues ignore option, and added support for Windows x86 and macOS x86 architectures.
Fixed vulnerabilities:
- CVE-2026-4660
- CVE-2026-39883

If you have any questions, feel free to reach out to the Snyk support team. We encourage everyone to upgrade to the latest version to take advantage of these improvements.

Snyk Code - Early May 2026 Update

Sebastian Roth, Senior Product Manager — Thu, 23 Apr 2026 08:00:00 GMT

Starting May 5, 2026, we're updating Snyk Code to improve scanning precision and reduce noise across all supported languages.

Improvements to scanning precision

All languages — Path Traversal severity tuning (CWE-22) Path Traversal findings are now tiered by source risk. Findings from lower-risk sources are automatically reclassified from High/Medium to Low severity, reducing noise while keeping high-risk vectors prominent.

Java, Kotlin, Groovy — Apache Camel framework coverage (CWE-89 / CWE-22 / CWE-611) Apache Camel Exchange HTTP sources are now tracked as taint origins. Applications using Apache Camel will see new findings where HTTP body and header values flow into SQL injection, path traversal, or XXE sinks. Customers using Apache Camel may see an increase in findings.

All languages — Improved .snyk exclude precision .snyk exclude patterns now use full .gitignore-style glob semantics for more expressive and consistent scan scope control. Customers relying on .snyk exclude rules may see changes in scan scope.

Python — Reduced false positives on archive extraction (CWE-22 / CWE-73) Python TarSlip detection is now scoped to genuine archive operations. Previously, any .extract() method call was flagged regardless of context - causing false positives in document parsers, ML pipelines, and custom extraction classes. Findings now only fire when the receiver is a tarfile.open() or zipfile.ZipFile() object. ZipSlip detection via zipfile.ZipFile is also improved. Customers may see a reduction in Python TarSlip findings and new ZipSlip findings where archive contents are extracted without path sanitisation.

Important details to note

All percentage improvements are based on Snyk's curated open-source data set. As part of these updates, you may see a decrease in High and Medium severity counts for Path Traversal as findings move to Low based on source risk tier. Total finding counts remain stable. Customers using Apache Camel may see an increase in findings as new data flows are detected. These changes apply specifically to the languages and CWEs listed above, while other scan areas remain unchanged.

Identify CISA KEV vulnerabilities for compliance

Sara Meadzinger, Staff Product Manager — Wed, 22 Apr 2026 04:00:00 GMT

We added a new Known Exploited Vulnerabilities (KEV) filter to help you identify risks that the Cybersecurity and Infrastructure Security Agency (CISA) tracks as already exploited in the wild. While we already allow you to filter vulnerabilities and Common Vulnerabilities and Exposures (CVE) by their exploit maturity level, this update specifically targets the CISA KEV catalog. You can find this filter on any page where issue filters are available to help you manage your security backlog.

Announcing Repo Monitor Configuration

Nathan Hart, Senior Product Manager — Wed, 15 Apr 2026 05:00:00 GMT

We are excited to be launching Repo Monitor Configuration, which allows for management of repository coverage and monitoring configurations centrally across your entire Snyk Group from the Group-level Inventory page. This means you can monitor and manage repositories without navigating between individual Snyk Organizations.

Repo Monitor Configuration provides the following capabilities:

Centralized asset monitoring: view monitoring status for all products, identify health status, and see required actions (such as enabling Snyk Code or resolving SCM integration issues) in one view.
Bulk import: import repositories directly from the Group Inventory page into specific Snyk Organizations.
On-demand retesting: trigger a retest for specific repositories directly from Inventory.
Actionable error resolution: clear guidance ia available when testing fails due to integration issues or entitlements. After the underlying issue is resolved, testing resumes automatically.

Repo Content Sync in Early Access

Nathan Hart, Senior Product Manager — Mon, 13 Apr 2026 23:00:00 GMT

We are excited to be launching Repository Content Sync (Early Access), an enhancement to how Snyk manages your imported repositories, ensuring your security posture always reflects your current codebase. This will be available to all Enterprise customers via Snyk Preview during the week of April 13th, 2026.

This new feature provides native, automated synchronization between your Source Code Management (SCM) tool and Snyk, eliminating the need for manual re-imports or external synchronization tools. It ensures: New Files are Detected: Snyk automatically creates new projects and monitors manifest, Docker, or configuration files as they are added to your SCM. Deletions are Reflected: Projects associated with manifest files deleted in your SCM are automatically deactivated in Snyk. This functionality is available across all Snyk-supported SCMs.

Please note: Because this feature enables Snyk to automatically detect and potentially create projects from newly added files, customers who enable the feature are likely to see an increase in issues.

Announcing new versions of Snyk IDE plugins

Matt Dolan, Senior Product Manager — Sun, 12 Apr 2026 23:00:00 GMT

We are pleased to announce the release of new stable versions for our IDE plugins. The new versions are:

This release is focused on enhancing stability and reliability, with key updates including:

Fixed download URL fallback when the CLI is not found
Fixed race conditions in authentication flows
Added support for JetBrains 2026.1

Along with additional bug fixes, security updates, and improvements.

Please refer to the changelog for each of our plugins for a more detailed list of additional bug fixes and enhancements. You can learn more about the Snyk IDE plugins in our Learn resources.

If you have any questions, feel free to reach out to the Snyk Support team.

Native GraphQL Scanning for Snyk API & Web

Natalia Yurchenko, Senior Product Manager — Fri, 10 Apr 2026 08:00:00 GMT

We’ve expanded our DAST capabilities by adding GraphQL as a supported API target type in Snyk API & Web. This enables security tests specifically designed for GraphQL operations, including queries and mutations. In addition to schema ingestion via URL or file upload, you can now fetch your schema directly from an introspection endpoint to ensure tests stay up to date. To support these scans, we've also updated our authentication settings to include dedicated options for GraphQL targets.

Test target configuration for smoother scans with Snyk API & Web

Ana Pascoal, Product Manager — Thu, 09 Apr 2026 14:00:00 GMT

We added a new Test configuration option to the Scan dropdown menu and the Target Settings page. This allows you to verify that your target is accessible and correctly configured before starting a full dynamic application security testing (DAST) scan. When you click this button, a side panel opens in your target settings to provide real-time feedback on connectivity, authentication, web application firewall (WAF) interference, schema validity, and any detected extra hosts.

Announcing native uv support for the Snyk CLI

Johann Sutherland, undefined — Thu, 09 Apr 2026 12:30:00 GMT

Python is at the heart of the modern AI revolution but for many developers the packaging ecosystem has felt like a bottleneck: burdened by slow installs and fragmented tooling. The emergence of uv has changed that, offering a high-performance alternative that has quickly become the industry standard.

Today, we are excited to announce that Snyk is bringing native support for uv to the Snyk CLI, IDE, and GitHub Actions. This integration ensures that teams can embrace the speed of uv without ever having to trade off on security.

With this update, Snyk enables you to seamlessly integrate uv security scanning directly into your existing Snyk workflows, wherever you are using the CLI.

Announcing Snyk CLI v1.1304.0

Matt Dolan, Senior Product Manager — Wed, 08 Apr 2026 23:00:00 GMT

We are pleased to announce the latest stable Snyk CLI release, v1.1304.0.

We are introducing the following key improvements in this version. To learn more about bug fixes and additional enhancements beyond what is highlighted below, please reference the full release notes.

This update includes the following:

Snyk Evo
- Accelerate AI Governance and Security: Generate an AI-BOM and instantly validate it against your tenant's Evo policies using the new snyk aibom test command.
- Enhanced Red Teaming insights: Agent Red Teaming scanned output now includes a vulnerability summary for quicker triage. Also improved JSON support and new exhaustive and eager modes.
MCP
- Faster setup: Improved auto-enable behavior for Snyk Code.
- Ensure Reliable Package Quality: Package health checks are now fully promoted to the stable release channel, providing consistent and reliable risk information.
Container
- Extended support for Java runtime binary scanning.
Additional Reliability and Performance Improvements
- Increased stability with explicit network retry configuration, option to force global Maven usage, faster Golang scans, improved dependency resolution for Go, Yarn, and Python, and enhanced resilience against non-fatal Maven build errors.

Release notes can be found here.

If you have any questions, feel free to reach out to the Snyk support team. We encourage everyone to upgrade to the latest version to take advantage of these new features and improvements.

snyk_package_health_check for Snyk Studio is now available in Full profile

Noa Yaffe-Ermoza, Product Manager — Tue, 07 Apr 2026 21:00:00 GMT

Following our previous announcement, snyk_package_health_check is now available in the Full (default) profile for Snyk MCP.

This capability brings Secure at Inception protection to dependency selection in agentic development workflows, enabling AI agents to evaluate open-source packages before they are added to a project using insights from Snyk’s Security Database.

snyk_package_health_check is now generally available and enabled by default for supported ecosystems: npm, PyPI, Maven, NuGet, and Golang.

What’s new

Now included in the Full (default) profile - snyk_package_health_check is enabled by default for Snyk-supported MCP workflows.
Package health checks across four dimensions: Security, Maintenance, Community, and Popularity.
Clear guidance outcomes to help manage agent behavior, including Healthy, Review recommended, Not recommended, and Unknown/insufficient data.

Why this matters

Available by default - snyk_package_health_check is now included in the Full profile, so customers get dependency health checks in MCP workflows without additional setup.
Ready for production use - With this move to the Full profile, customers can confidently integrate Secure at Inception into their standard development workflows.

If you have any questions, please reach out to the Snyk Support team. To learn more about snyk_package_health_check, visit the Snyk documentation.

PR check report is now generally available

undefined, undefined — Tue, 07 Apr 2026 04:00:00 GMT

We’ve moved the pull request (PR) check report to general availability (GA). This update includes several enhancements to help you track how your teams adopt security scanning within their workflows. We added Snyk Code errors to the error PR checks, fixed historical calculation discrepancies in adoption metrics, and optimized the underlying tables so that all reporting components load and filter much faster. Additionally, we updated the display of source code manager (SCM) icons to better organize the PR scanning adoption by organization table, and we added PR check data to the Export application programming interface (API), enabling you to programmatically export this information.

Introducing Unified Navigation: A Faster Way to Secure Your Application Stack

Maor Kuriel, Director of Product — Mon, 06 Apr 2026 21:00:00 GMT

Key Capabilities of Unified Navigation

1. A Single Source of Truth The new navigation bar consolidates all Snyk products—Code, Container, IaC, and Cloud—into one sidebar.

2. Context-Aware Shortcuts Snyk now recognizes what you are working on and provides intelligent shortcuts. This reduces the steps for common workflows from 8 clicks down to just 2 or 3, allowing you to move at the speed of development.

3. Developer-First Interface We’ve redesigned the experience to match how developers actually work. This includes Persistent Views; the platform now remembers your filters and workspace settings, so you don't have to rebuild them every time you log in.

4. Simplified Project Management Setting up new scans is now more intuitive. With a visual policy builder and templates, you can configure security rules without editing complex YAML files.

Automatically Close Obsolete Fix Open Source PRs with Help from Snyk

Ryan McMorrow, Product Lead, Remediation — Mon, 06 Apr 2026 04:00:00 GMT

Nobody likes a cluttered PR backlog. That's why Snyk now automatically closes Open Source Fix PRs if the vulnerabilities they target are no longer present in your project.

Whether a developer manually applied a fix, removed the dependency, or a transitive update resolved the issue, Snyk will catch it during your next recurring test and close the outdated PR. We will also drop a comment on the PR explaining exactly which issues were resolved, ensuring your team always has the right context without the extra noise.

How it works:

Snyk checks your open Fix PRs during your regular recurring tests.
If the targeted issues are gone—whether the dependency was removed, updated transitively, or fixed manually—the PR is automatically closed.
Snyk leaves a comment on the PR listing the resolved issues so your team knows exactly why it was closed.

This update gives you a cleaner, more actionable PR pipeline with zero extra effort.

Get Started Today This feature is going live as an opt-in starting today. Just navigate to the Snyk Preview panel to get started, and we'll begin closing up to five obsolete PRs from your backlog per day. As we move towards General Availability, we'll be bringing you the ability to configure that daily limit to best suit your team's workflow.

Please note that this feature is opt-in for Early Access, but once we move to General Availability, it will move to opt-out. This feature is tentatively scheduled to move to General Availability on June 15, 2026.

And stay tuned—there is a lot more to come in our ongoing efforts to revolutionize the Snyk PR experience!

Active Security Incident Assessment

Sara Meadzinger, Staff Product Manager — Fri, 03 Apr 2026 04:00:00 GMT

We’ve launched an Active security incident assessment banner to help you manage major zero-day events. When our Security team identifies a high-severity zero-day vulnerability in a widely used package, we’ll trigger a dedicated banner at the top of the Zero Day report. This assessment provides a look at your exposure, including the total number of assets needing triage, assets cleared, and the specific open-source (OSS) packages involved.

Snyk Learn lesson roundup: what’s new in April

Alex Ley, Director, Snyk Learn — Wed, 01 Apr 2026 15:00:00 GMT

We’ve added new secure coding content, Snyk platform training, and expanded Snyk Learn coverage to help your security engineers and developers stay ahead of the latest risks.

We’ve included direct links to every new and updated lesson so you can easily share them with your team. You can also assign them directly through the Snyk Learning Management Add-On.

Security lessons

We are creating lessons for the new OWASP Top 10 for Agentic Applications, with the first 4 lessons available.
- [New] Agentic 01 - Agent goal hijack
- [New] Agentic 02 - Agent tool misuse
- [New] Agentic 03 - Identity and privilege abuse
- [New] Agentic 04 - Agentic supply chain vulnerabilities
[New] Cross-origin resource sharing

Snyk platform lessons

[New] Snyk Billing and Credit Usage - a new lesson on how credits function within the Snyk platform and how to track and manage them in the Billing module.
We have refreshed the following lessons to ensure all content reflects our current platform and products, also providing a streamlined learning experience:
- [Updated] Prioritizing issues with Snyk
- [Updated] Integrations for asset management and discovery
- [Updated] Reviewing Inventory for asset management and discovery
- [Updated] Asset Dashboard report for asset management and discovery
- [Updated] Policies for asset management and discovery
- [Updated] Overview of Snyk for asset management and discovery
- [Updated] Snyk terminology for asset management and discovery
- [Updated] Snyk Platform using Snyk Analytics
- [Updated] Application context with ServiceNow® CMDB
- [Updated] Application context with Backstage software catalog

Expanded framework & language coverage

We’ve also expanded Snyk Learn content to cover more of your tech stack:

We have added support to almost 50 lessons for Ruby
We have added support to 30 lessons for Rust

Enhanced issue filtering for the export API

Sara Meadzinger, Staff Product Manager — Tue, 31 Mar 2026 04:00:00 GMT

We're updating the stable Export API (version 2024-10-15) to include more granular filtering for the issues dataset. You can now filter your export request payloads using additional parameters, including issue status, issue type, and project origin. We've also added support for advanced filters such as common vulnerabilities and exposures (CVE) ID, reachability, and National Vulnerability Database (NVD) severity to help you refine your reporting.

Track your monitored projects with a new analytics widget

Sara Meadzinger, Staff Product Manager — Tue, 31 Mar 2026 04:00:00 GMT

We’re adding an analytics overview widget that tracks the total number of Snyk projects being monitored. This key performance indicator (KPI) is available in the Widget selector, allowing you to add it to your saved dashboards. This update helps you visualize the total count of projects being continuously monitored for open-source vulnerabilities and license issues, after you use the snyk monitor command.

Export table data to CSV with Snyk API & Web

Ana Pascoal, Product Manager — Mon, 30 Mar 2026 10:15:00 GMT

We’re introducing a new Download CSV feature to help you export your data directly from the interface. Starting today, you can download a comma-separated values (CSV) file that matches your current table view, including any active filters or hidden columns. We'll follow this implementation soon after, with an enhanced version that gives you even more flexibility, by allowing you to choose from a wider range of fields, which ones to include in your CSV file.