snyk.io updates app.snyk.io/projects

New

Dear Customers,

In our December announcement regarding the upcoming 12-month Support Policy (effective June 24, 2025), we outlined changes impacting our IDE, Language Server, and CLI versions. We'd like to provide an important clarification regarding the scope of this policy.

We are confirming that the 12-month Support Policy will also apply to Snyk's CI/CD plugins, which are highly dependant on the Snyk CLI.

This means that, starting June 24, 2025, each version of our CI/CD plugins will be supported for 12 months from its release date, in line with the policy for IDE plugins, CLI, and Language Server.

Why this clarification is important:

• Consistency: This ensures a unified support experience across the Snyk developer tools.
• Planning: It allows you to plan your upgrades for CI/CD integrations with the same confidence and clarity as other Snyk tools.
• Security & Stability: Staying within the support window ensures you have access to the latest security updates and stability improvements.

We encourage you to schedule regular updates to stay within our support window for all Snyk tools, including CI/CD plugins.

For more guidance, please refer to our Documentation for CI/CD plugins, IDE, Language Server, and CLI, respectively. If you need assistance, please contact our support team.

We apologize for any oversight in our initial announcement and appreciate your understanding. We are committed to providing clear and comprehensive information to help you manage your development workflows effectively.

Early access

We are excited to announce that Issue Summary comment and High Context Inline comments are coming to General Availability soon! As part of this exciting milestone, we're taking the next step by enabling these capabilities by default for all customers who use PR checks on April 22nd, 2025. With this update, all GitHub and Bitbucket (except Bitbucket Server) repositories with PR checks enabled will automatically include both the Issue Summary comment and SAST High Context Inline comments, revolutionizing how your developers identify and address vulnerabilities without ever leaving the SCM.

The repositories onboarded via the following SCM integrations are in scope of this change:

• GitHub: GitHub OAuth*, GitHub Enterprise (PAT), and GitHub Cloud App
• Bitbucket: Bitbucket Cloud (PAT), Bitbucket Cloud App

Key highlights ​​of this release

On April 22nd, 2025, all repositories with PR checks enabled will automatically activate the following capabilities:

• Issue Summary comment for both PR check success and failure cases, covering Snyk Code and Open Source security & license checks.
• High Context Inline comments for Snyk Code findings.

Repositories that have either (1) manually disabled either of the comments after initial enablement or (2) disabled summary comments for success scenarios during Early Access will remain unchanged, ensuring prior preferences are respected.

Opt-Out Requests

• Opt-out requests can be submitted via our dedicated form or through your Snyk POC (include Group/Org IDs)
• Opt-out submissions received before April 21st, 2025 will not be default enabled

To customize your preferences at any time after default enablement, you can simply visit your integration settings in the Snyk WebUI where you can toggle comments off.

This milestone represents our ongoing commitment to transforming the developer experience with Snyk, making security an integrated, intuitive part of your development workflow 🚀

*Note: For GitHub OAuth integrations, a PAT token with the right permissions will need to be added to start receiving PR comments.

Improved

Currently, Snyk’s BitBucket Server integration reports on commit statuses (Snyk PR Checks) per project (i.e., per manifest file in the repo). This reporting approach consumes excessive SCM resources in large or complex repositories. To remedy this, the Snyk BitBucket Server integration will report per-product commit statuses beginning April 22, 2025.

By moving to per-product statuses, BitBucket Server integration users will benefit from:

• A more consistent UX with the rest of Snyk’s SCM integrations, which report their statuses on a per-product basis (Snyk Code, Snyk Open Source)
• Performance improvements through fewer calls made to their SCM by Snyk
• Access to existing features like Mark as Successful or new features such as PR Comments, which were not supported by per-project statuses.

New

We’ve released a CLI hotfix (v1.1296.1) to enhance the following use cases:

• Poetry 2 Open Source is now supported in the Snyk CLI, with the same features as for Poetry 1, as mentioned here. Upgrade to the new CLI version and run snyk test or snyk monitor as usual.
• Increase authentication resilience for OAuth connections.
• Fix duplicate Open Source Issues appearing only in a single IDE tree node, despite occurring in multiple files.
• Avoid that the trust dialog blocks the language server.

Release notes can be found here.

If you have any questions, feel free to reach out to the Snyk support team.

We encourage everyone to upgrade to the latest version!

Fix

Snyk Open Source Fix PRs are a key feature for helping Developers stay on top of vulnerabilities in their dependencies.

However, Fix PRs in projects using the Early Access improved .NET scanning feature could sometimes upgrade the wrong dependencies.

This bug fix will ensure that the correct dependencies are upgraded.

When is this coming?

• This fix will be gradually rolled out.
• Rollout begins on April 3rd, and should finish by April 18th.
• During the rollout customers using Early Access .NET scanning should expect to see fewer incorrect .NET Fix PRs being raised, with the problem eliminated entirely by the end date.

New

We are excited to announce upcoming improvements to Snyk Open Source Fix PRs to help you manage the overall risk posture of your applications.

Fix PRs are a key tool for helping Developers stay on top of new vulnerabilities in their dependencies. However, by upgrading a dependency our PRs might sometimes introduce new vulnerabilities that increase the overall risk posture of the project.

Snyk will now only raise a PR for a vulnerability if the change does not introduce additional vulnerabilities with higher severity than the one being fixed.

Users should expect to see on average a 10% reduction in Fix PRs as a result.

When is this coming?

Gradual rollout of these changes will begin on April 3rd, and finish by April 10th.

During the rollout, an increasing percentage of Fix PRs for all users will have the new risk aware checks applied.

No action is required to benefit from these improvements.

New

AppSec teams export Snyk datasets for various purposes, including:

• Build their own analytics and dashboards.

• Following company policies that requires specific customization

• Sharing data with external audience, such as the leadership team or security auditors.

The Export API enables cyclic data export of Snyk datasets into CSV files. Designed for efficiency and security, the API supports exporting large datasets in an organized, scalable manner, making it ideal for reporting and analytics workflows.

To learn more about the Export API, and how to get started right away, visit the API documentation.

For any question, please contact your account team.

New

We are thrilled to announce two new Snyk Reports in Early Access, that are available for the enterprise plan customers!

Repositories Tested in CI/CD Report:

AppSec teams need visibility on the Snyk tests that are executed during CI/CD pipelines and answer questions like:

• What portion of repos are being tested (against repos that had commits)?

• Are we adopting the practice of testing code in CI/CD pipelines as a company? and where are the gaps?

• What is the test success rate is it going up over time?

The new Repositories Tested in CI/CD Report answer all of those questions and more.

During Early Access period the report is available by replacing the {group ID} in the URL below:

• https://app.snyk.io/group/{group-id}/reporting?v=1&context[page]=test-usage-in-cicd-pipelines

To learn more please visit the report documentation.

PCI-DSS v4.0.1 Report:

AppSec teams are tasked with ensuring a successful PCI-DSS audit, to prepare for the audit they need to:

• Estimate compliance readiness and share status with relevant stakeholders.

• Identify and mitigate compliance violations and gaps as early as possible.

• Provide evidence that the organization is meeting the PCI-DSS requirements.

The new PCI-DSS v4.0.1 Report is aimed to assist AppSec teams to tackle this challenge!

During Early Access period the report is available by replacing the {group ID} in the URL below:

• https://app.snyk.io/group/{group-id}/reporting?v=1&context[page]=pci-dss-v4.0.1

To learn more please visit the report documentation.

For any question, please contact your account team.

Early access

New

We are announcing the Early Access release of PR Issue Summary Comment and SAST High-Context Inline Comments as part of our ongoing efforts to enhance the pull request experience. These features bring critical security insights directly into your PRs, reducing context switching and streamlining vulnerability remediation.

• PR Issue Summary Comment - With this feature, developers using Snyk PR Checks will receive a comment with a summary count of security, license, and code checks directly within their pull requests, categorized by severity (Critical, High, Medium, Low). This empowers developers to identify and address issues early, with detailed links provided for deeper investigation.

• High-Context Inline Comments display each SAST security finding alongside key information such as CWE (Common Weakness Enumeration) and priority score and a Snyk Learn link for further guidance—helping developers remediate issues faster without leaving their SCM. 🚀

This is part of a series of enhancements designed to improve your developers’ pull request experience with Snyk, and we remain committed to further improving it. If you’re interested in enabling this feature for your organization, you can self-opt in via the Pull Request Experience section in the SCM integration settings. Check out the user docs for more details. Try it out and connect with your account team to participate in feedback sessions to shape the future of your Snyk’s workflows.

New

To improve consistency within the Snyk app, we've moved the Broker client commit signing toggle from Snyk Preview to the Broker Settings page. The client commit signing to gives you the ability to enable access to commit signing using Broker clients.

This change centralizes related settings, making it easier for you to manage your commit signing preferences and ensuring a more predictable and unified experience.