Snyk — Security, Compliance product updates and releases, tracked on megachangelog.
The Snyk Code June Update, including TLS and cryptographic detection improvements for .NET and expanded PHP SQL injection coverage, has been postponed from June 15 to June 22 for final quality validation.
The Prevention Report provides visibility into vulnerabilities developers remediate proactively during creation in Snyk Code and Secrets, tracking security adoption effectiveness across IDE plugins, CLI, and Snyk Studio. Data is captured automatically as teams work to shift security left.
This release improves rate-limit handling by respecting the X-RateLimit-Reset header for more reliable scans in high-volume environments, and fixes three security vulnerabilities including one in IaC extensions.
Snyk User Docs have been redesigned and reorganized into six clearly defined site sections including Discover Snyk, Platform administration, Scan/fix/prevent, Developer tools, Agent security, and Data and governance, plus dedicated Getting started and Implementation guides to improve navigation and onboarding.
Snyk Code expands security detection for .NET (C# and VB) with improved TLS vulnerability and cryptographic algorithm analysis across standard libraries and third-party packages like BouncyCastle, plus enhanced PHP coverage for SQL injection through database-access wrapper classes.
Snyk upgraded Agent Fix to use Claude models with enhanced agentic workflows, including agentic retries that detect and correct deviations from security best practices, dynamic few-shot prompting for secure examples, and full language coverage across all Snyk Code languages. Performance improved significantly with Sonnet and Opus models showing 10+ percentage point gains on Snyk's Golden Test benchmark.
Snyk API & Web now supports the OWASP Top 10:2025 standard for compliance reporting, allowing users to generate reports against either the 2025 or 2021 versions.
Snyk CLI v1.1305.0 introduces the --allow-incomplete-sbom flag for SBOM generation, parallel dependency requests in container monitoring, an experimental breakability evaluation tool for MCP, static Linux binaries, and fixes for npm package aliases, Python .whl file parsing, and dependency vulnerabilities.
Improved the Download CSV feature to offer greater flexibility when exporting data directly from the Snyk API and Web interface.
Snyk Learn added new lessons on AI secure development, prompt injection, and AI agents, plus refreshed content for IDE integration with developer and admin-focused workflows. New coverage for Python, Rust, and Ruby in OWASP Top 10 path, and a feedback button for users to suggest topics.
Snyk Studio replaces traditional rules-based guardrails with a new asynchronous, hooks-based architecture that provides deterministic security scans, zero-latency background execution, and improved context window efficiency. The approach now supports multiple Agentic Development Environments with an automated installation script for enterprise deployment.
New widgets added to the analytics overview dashboard display key performance indicators from Snyk Studio and pull request check reports, providing better visibility into your security program.
This release addresses multiple vulnerabilities in Go SDK dependencies and adds missing tool annotations to the Snyk Studio MCP server. Users should upgrade to benefit from these security and stability improvements.
Enhanced zero-day report usability with expanded filter options, individual incident breakdown in trend charts, and a new toggle to filter between open and resolved issues in the side panel.
Snyk Container now detects vulnerabilities in Java versions beyond OpenJDK 8, expanding from previously limited unmanaged Java container software detection.
This release improves error handling during maintenance windows with better exit codes, adds Windows x86 and macOS x86 architecture support to Agent Scan, introduces an issues ignore option for CI flexibility, and patches two security vulnerabilities.
Snyk Code is improving scanning precision across supported languages by tuning Path Traversal severity, adding Apache Camel framework coverage for Java/Kotlin/Groovy, enhancing .snyk exclude patterns with full glob semantics, and reducing false positives in Python archive extraction detection. These changes reduce noise while maintaining detection of genuine security risks.
Snyk added a new Known Exploited Vulnerabilities (KEV) filter that helps you identify and manage risks tracked by CISA as actively exploited in the wild. This filter is available across all pages where issue filters are available for better security backlog management.
Snyk introduces Repo Monitor Configuration, a new Group-level feature that enables centralized management of repository coverage and monitoring configurations across your entire Snyk Group from the Inventory page. This includes centralized asset monitoring, bulk import, on-demand retesting, and actionable error resolution.
Repository Content Sync automatically synchronizes your SCM repositories with Snyk, detecting new manifest files and creating projects while deactivating projects when files are deleted. This ensures your Snyk security posture always reflects your current codebase.
Released new stable versions across all Snyk IDE plugins (VSCode v2.31.0, JetBrains v2.21.0, Eclipse v3.9.0, Visual Studio v2.9.0) with improved stability, reliability fixes including authentication race conditions and CLI fallback handling, and expanded JetBrains compatibility.
Snyk API & Web now supports GraphQL as an API target type with security tests for queries and mutations. Schema ingestion is available via URL, file upload, or direct introspection endpoint fetching, with new authentication settings to support GraphQL targets.
Added a new Test configuration option to verify target accessibility and settings before running DAST scans. The feature provides real-time feedback on connectivity, authentication, WAF interference, schema validity, and extra hosts.
Snyk now provides native support for the uv Python package manager across the CLI, IDE, and GitHub Actions, enabling high-performance dependency scanning without compromising security.
Snyk CLI v1.1304.0 brings new AI governance features with the snyk aibom test command, enhanced Red Teaming insights, improved package health checks in MCP, extended Java runtime binary scanning support, and significant reliability and performance improvements across scanning and dependency resolution.