Snyk Open Source - Python SCM bug fix

We are pleased to announce a bug fix for Snyk Open Source Python support.

With this update SCM support for Python will be improved as follows:

• Today, SCM scans for some Python 3.8+ projects omit virtualenv and pip dependencies if they are used, leading to possible false negatives in related issues. With this change, these dependencies will be correctly included.

• CLI scans already accurately represent these dependencies, and are not affected by this release.

How will my scan results change?

• Overall accuracy of Python SCM scans for projects using these dependencies will increase, which may lead to an increase in identified vulnerabilities for projects using these dependencies.

What are the next steps?

The changes will be released on June 18th, and projects will see improved results in their next test.