Snyk Code: Enhanced Coverage & Rule Documentation

Improved

We are excited to announce a new Snyk Code update, bringing increased findings and improved inline documentation to our customers.

What's New?

  • Improved Crypto Cipher Detection: In Java, Kotlin, and Scala, we've enhanced our detection for insecure crypto ciphers.

  • New Python Rule: A new rule has been added for XXE (XML External Entity Injection), which covers CWE-330.

  • Expanded JavaScript Coverage: We've added new coverage for popular JavaScript frameworks, including Angular's ActivatedRoutes and react-router-dom.

  • Javalin Web Framework Support: We have added new coverage for the Javalin web framework in Java and Kotlin

  • Enhanced Issue Descriptions: The descriptions and titles for security issues have been updated to provide clearer, more specific information. For example, "Cleartext Transmission of Sensitive Information" will now be appropriately categorized into more granular findings like:

    • Cleartext Transmission via Unencrypted Socket

    • Cleartext Transmission via Unencrypted Email

    • Cleartext Transmission via Unencrypted WebSocket

    • Cleartext Transmission via HTTP Instead of HTTPS

This update is scheduled to be rolled out across all Snyk environments on September 15.

Headshot of Sebastian Roth

Sebastian Roth | Senior Product Manager

Tags:
SAST