/
rss
3916 lines (3901 loc) · 462 KB
/
rss
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
<rss xmlns:ns0="http://www.w3.org/2005/Atom" version="2.0">
<channel>
<title>Snyk Product Updates</title>
<link>https://snyk.gitbook.io/product-updates/</link>
<description>Snyk product updates.</description>
<language>en-us</language>
<pubDate>Thu, 02 May 2024 12:10:34 GMT</pubDate>
<ns0:link href="https://raw.githubusercontent.com/snyk/product-updates-docs/main/rss" rel="self" type="application/rss+xml" />
<item>
<title>Snyk Code Improvements: Support for LLM Sources</title>
<pubDate>Wed, 01 May 2024 12:10:34 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates#snyk-code-improvements-support-for-llm-sources</link>
<guid>https://snyk.gitbook.io/product-updates#snyk-code-improvements-support-for-llm-sources_May_1_2024</guid>
<description><p><b>Improved</b></p><p>As adoption of LLM platforms like OpenAI and Gemini grows, so does the security risk associated with using them. We’ve added LLM sources to our ruleset which means the taint vulnerabilities supported by Snyk Code will now report when untrusted data from an LLM reaches a sensitive function. This greatly expands our coverage in the fast growing AI domain across all of our supported languages.</p>
<p>We are committed to enabling our customers to securely leverage cutting edge AI tools and libraries. Our analysts will continue to research this topic in detail, and we will periodically publish this research in our blog. You can read the latest post on <a href="https://snyk.io/blog/code-injection-vulnerabilities-caused-by-generative-ai/">code injection vulnerabilities in Python caused by Generative AI</a>.</p>
<p>If you have any questions, or want a detailed list of LLM libraries added, please reach out to your account teams.</p></description>
</item>
<item>
<title>Snyk AppRisk Pro now available</title>
<pubDate>Wed, 01 May 2024 16:20:11 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates#snyk-apprisk-pro-now-available</link>
<guid>https://snyk.gitbook.io/product-updates#snyk-apprisk-pro-now-available_May_1_2024</guid>
<description><p><b>New</b></p><p>We're thrilled to announce that Snyk AppRisk Pro is now available. Snyk AppRisk Pro expands on Snyk AppRisk’s core capabilities of application discovery &amp; visibility, security coverage management, and risk-based prioritization with the following new capabilities:</p>
<ul>
<li><strong>Application Analytics</strong> - a new data analytics capability offering AppSec teams a comprehensive overview of their AppSec program at a macro level, facilitating tracking, measurement, and reporting on program performance and risk KPIs.</li>
<li><strong>Extended security coverage visibility</strong> - new integrations with Nightfall AI and GitGuardian extend visibility of Snyk AppRisk to secret detection tools for managing security coverage on your repositories.</li>
<li><strong>Risk based prioritization with runtime intelligence</strong> - integrations with leading security and observability solutions, as well as a new, eBPF-based Snyk runtime sensor, provide runtime context to enable security teams to prioritize what to fix first and to assess any gaps in Snyk Container coverage vs. running containers. These runtime data sources are in a closed beta.</li>
</ul>
<p>To learn more, please reference our product documentation and reach out to your account team with any questions.</p></description>
</item>
<item>
<title>Filter through your audit logs more efficiently with the new GA REST version of the audit logs API, and api.access is now opt-in</title>
<pubDate>Tue, 30 Apr 2024 14:21:33 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates#filter-through-your-audit-logs-more-efficiently-with-the-new-ga-rest-version-of-the-audit-logs-api,-and-api.access-is-now-opt-in</link>
<guid>https://snyk.gitbook.io/product-updates#filter-through-your-audit-logs-more-efficiently-with-the-new-ga-rest-version-of-the-audit-logs-api,-and-api.access-is-now-opt-in_April_30_2024</guid>
<description><p><b>New**, **Improved</b></p><p>We've made some great new improvements to our existing GA REST audit log API to help you filter and find the logs you need more efficiently:</p>
<ol>
<li><strong>Filter over time</strong> - Previously, users faced challenges filtering audit logs due to the smallest unit being within a day. This difficulty escalates for users who may need to sift through millions of logs to find specific events. Now, by expanding filtering options to larger time periods and reducing the minimum granularity to 1-second ranges, customers can broaden their search while pinpointing crucial audit events like security breaches or for external audits.</li>
<li><strong>Exclude events</strong> - some users can have millions of audit logs being produced every day so they need the ability to exclude certain events to reduce the noise of what they have to sieve through. We already have exclude events in the API today but you can only provide 1 include or exclude event, so we’ve improved this by providing multiple include and exclude events.</li>
</ol>
<p>For more information, check out the <a href="https://apidocs.snyk.io/?version=2024-04-29#get-/groups/-group_id-/audit_logs/search">API documentation</a>, and we hope you update your version and enjoy these new improvements soon!</p>
<p>In addition, we are making <code>api.access</code> endpoint to be opt-in for users rather than automatically returning results due to feedback that <code>api.access</code> causes noise problems. We’re actively working towards a proper audit event for actions.</p></description>
</item>
<item>
<title>Introducing Semantic Versioning, and Release Channels to Snyk CLI</title>
<pubDate>Tue, 30 Apr 2024 14:21:33 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates#introducing-semantic-versioning,-and-release-channels-to-snyk-cli</link>
<guid>https://snyk.gitbook.io/product-updates#introducing-semantic-versioning,-and-release-channels-to-snyk-cli_April_30_2024</guid>
<description><p><b>New</b></p><p>We are pleased to introduce Semantic Versioning and Release Channels to Snyk CLI from <a href="https://github.com/snyk/cli/releases/tag/v1.1291.0">v.1.1291.0</a> onwards. These changes will allow all Snyk customers to select a sustainable release cadence that works for them, and help optimize governance and compliance overhead for enterprise customers.</p>
<p>Snyk CLI v.1.1291.0 follows three part MAJOR.MINOR.PATCH notation going forward, details for which are available in <a href="https://docs.snyk.io/snyk-cli/releases-and-channels-for-the-snyk-cli">product documentation</a>.</p>
<p>We are introducing the following release channels:</p>
<p><code>preview</code> “pre-release” builds are deployed regularly up to multiple times a day and contain the latest changes.</p>
<ul>
<li>Version Pattern: v{MAJOR}.{MINOR}.{PATCH}-preview</li>
<li>Cadence: Varying</li>
<li>Availability:</li>
</ul>
<p><code>- https://static.snyk.io/cli/preview/
- https://static.snyk.io/fips/cli/preview/</code></p>
<p><code>rc</code> “release candidate” pre-releases are deployed at distinct points in time and contain a version of the CLI that is expected to be promoted to stable after additional testing</p>
<ul>
<li>Version Pattern: v{MAJOR}.{MINOR}.{PATCH}-rc</li>
<li>Cadence: every 8 weeks, 2 weeks before a stable release <em>(hotfix releases possible)</em></li>
<li>Availability:</li>
</ul>
<p><code>- https://static.snyk.io/cli/rc/
- https://static.snyk.io/fips/cli/rc/</code></p>
<p><code>stable</code> stable builds are deployed at distinct points in time after being additionally tested and considered stable.</p>
<ul>
<li>Version Pattern: v{MAJOR}.{MINOR}.{PATCH}</li>
<li>Cadence: every 8 weeks, end of an even month <em>(hotfix releases possible)</em></li>
<li>Availability:</li>
</ul>
<p><code>- https://github.com/snyk/cli/releases/
- https://static.snyk.io/cli/stable/
- https://static.snyk.io/fips/cli/stable/
- npm
- brew
- scoop
- Snyk-images</code></p>
<p>Existing Snyk CLI, and supported IDEs users are opted into the stable channel by default. You can find more information on how to opt into a release channel of your choice in our <a href="https://docs.snyk.io/snyk-cli/releases-and-channels-for-the-snyk-cli">product documentation</a>.</p></description>
</item>
<item>
<title>Snyk Code Improvements: New Sanitization Logic in Snyk Code</title>
<pubDate>Fri, 26 Apr 2024 18:15:09 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates#snyk-code-improvements-new-sanitization-logic-in-snyk-code</link>
<guid>https://snyk.gitbook.io/product-updates#snyk-code-improvements-new-sanitization-logic-in-snyk-code_April_26_2024</guid>
<description><p><b>Improved</b></p><p>We are excited to announce an update to Snyk Code's sanitization logic, enhancing the accuracy of our SAST testing across all supported languages. This upgrade introduces argument position awareness to our taint analysis, significantly reducing false positives in vulnerability detection.</p>
<p>This update resolves inconsistencies previously seen, especially in interfile sanitization, where the behavior of functions defined and called across different files could lead to varying results. The new logic ensures consistent detection and reporting, improving the clarity and reliability of code security assessments.</p>
<p>Should you need further information or support, please contact your account team.</p>
<p>Thank you for using Snyk Code to enhance your application security.</p></description>
</item>
<item>
<title>Snyk Code Improvements: Support for Python FastAPI</title>
<pubDate>Fri, 26 Apr 2024 18:15:09 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates#snyk-code-improvements-support-for-python-fastapi</link>
<guid>https://snyk.gitbook.io/product-updates#snyk-code-improvements-support-for-python-fastapi_April_26_2024</guid>
<description><p><b>Improved</b></p><p>We are pleased to announce that Snyk Code now includes support for the FastAPI framework. This update enhances our ability to identify and analyze FastAPI-specific sources and sinks, improving the detection of security vulnerabilities in applications using this framework.</p>
<p>This new feature is integrated into Snyk Code’s existing scanning processes and is available for use immediately for all Python rules. We recommend conducting a fresh scan to benefit from the updated functionality.</p>
<p>As always, our goal is to assist you in enhancing your application's security by providing precise, framework-specific vulnerability detection. For detailed information or support, please reach out to your account team.</p>
<p>Thank you for using Snyk Code to secure your software development.</p></description>
</item>
<item>
<title>DeepCode AI Fix - VS Code UX Improvements</title>
<pubDate>Wed, 24 Apr 2024 13:49:07 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates#deepcode-ai-fix-vs-code-ux-improvements</link>
<guid>https://snyk.gitbook.io/product-updates#deepcode-ai-fix-vs-code-ux-improvements_April_24_2024</guid>
<description><p><b>Improved</b></p><p>We are very happy to introduce an improved DeepCode AI Fix experience for Visual Studio Code. Developers will have a more streamlined experience by:</p>
<ul>
<li>Having visibility of how many issues are autofixable</li>
<li>Being able to generate fixes from the issue details panel</li>
<li>Having a preview of the possible fixes before they are applied</li>
<li>Guidance to the code that has changed</li>
</ul>
<p>These improvements come on top of our general fix quality improvements we have been working on, which you can read about on our <a href="https://snyk.io/blog/ai-code-security-snyk-autofix-deepcode-ai/">new blog post!</a></p>
<p>For details on how to get started with DeepCode AI Fix and start fixing Snyk Code issues, please visit our <a href="https://docs.snyk.io/scan-with-snyk/snyk-code/manage-code-vulnerabilities/fix-code-vulnerabilities-automatically#enable-deepcode-ai-fix">documentation</a>.</p>
<figure><img src="https://github.com/snyk/product-updates-docs/gitbook/assets/vs_code_ui.png" alt="" width="375"><figcaption></figcaption></figure></description>
</item>
<item>
<title>Test an SBOM using the Snyk CLI</title>
<pubDate>Fri, 19 Apr 2024 17:19:48 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates#test-an-sbom-using-the-snyk-cli</link>
<guid>https://snyk.gitbook.io/product-updates#test-an-sbom-using-the-snyk-cli_April_19_2024</guid>
<description><p><b>Early Access</b></p><p>We are very pleased to announce that you can now use the Snyk CLI to scan CycloneDX and SPDX SBOM files!</p>
<p>Snyk has enabled SBOM testing <a href="https://apidocs.snyk.io/?version=2023-08-31\~beta#post-/orgs/-org_id-/sbom_tests">via the API</a> for a while. Adding this to the CLI makes it significantly easier to test SBOMs produced using other tools, or SBOMs received from 3rd-party vendors.</p>
<p>To get started install Snyk CLI <a href="https://github.com/snyk/cli/releases/tag/v1.1290.0">v1.1290</a> or above, and run the following command (using your actual SBOM file name 😉).</p>
<p><code>cli
snyk sbom test --experimental --file=bom.cdx.json</code></p>
<p>This feature is in Open Beta, the following SBOM formats are currently supported.</p>
<ul>
<li>CycloneDX: JSON version 1.4 and 1.5</li>
<li>SPDX: JSON version 2.3</li>
</ul>
<p>See <code>snyk help</code> or <a href="https://docs.snyk.io/snyk-cli/commands/sbom-test">Snyk User Docs</a> for more usage details 🙌</p></description>
</item>
<item>
<title>Free Plans Test Enforcement - Phase 1</title>
<pubDate>Tue, 16 Apr 2024 18:25:44 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates#free-plans-test-enforcement-phase-1</link>
<guid>https://snyk.gitbook.io/product-updates#free-plans-test-enforcement-phase-1_April_16_2024</guid>
<description><p><b>New</b></p><p>For customers on free plans, we plan to implement hard enforcements on monthly test limits. Specifically, we are starting work on the enforcement of test limits through the push flow. The work will begin on Monday, April 29th and plan to be complete by Thursday, May 2nd.</p>
<p>Please be aware that this feature will only impact customers on the free plan, who do not pay for any Snyk products. Customers with one or more paid products will not be affected by this feature.</p></description>
</item>
<item>
<title>Updated Project Page Layout</title>
<pubDate>Fri, 12 Apr 2024 18:25:44 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates#updated-project-page-layout</link>
<guid>https://snyk.gitbook.io/product-updates#updated-project-page-layout_April_12_2024</guid>
<description><p><b>Improved</b></p><p>For your awareness, minor updates to our Project page will be introduced over the next week. In the topmost heading, tabs related to the project overview, history, and settings are migrating higher on the page. In addition, modifications will be made to the project breadcrumbs.</p>
<p>Please be aware any temporary inconsistencies between organizations will resolve themselves shortly!</p></description>
</item>
<item>
<title>Automated Collections (Early Access)</title>
<pubDate>Fri, 12 Apr 2024 18:25:44 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates#automated-collections-(early-access)</link>
<guid>https://snyk.gitbook.io/product-updates#automated-collections-(early-access)_April_12_2024</guid>
<description><p><b>New</b></p><p>We’re happy to introduce Automated Collections to help you easily manage all your Snyk Projects.</p>
<p>With Automated Collections enabled, similar Projects from different integration types are automatically grouped into a collection to filter and report on the issues of your preferred scanning method easily and hide duplicate results.</p>
<p>You’ll find the option to enable Automated Collections under a new entry in the Organization Settings menu. After Automated Collections are enabled, it may take minutes (up to an hour) to analyze all the Organization’s Projects and group them by their Target URL.</p>
<p><strong>Please note</strong> that Collections and Automated Collections are only available for customers on the Snyk Enterprise plan. Read more about how <a href="https://docs.snyk.io/snyk-admin/snyk-projects/automatically-created-project-collections">automatically created Project collections</a> help you track issues, and contact your account team with any questions.</p></description>
</item>
<item>
<title>Configurable Python version in Snyk Open Source SCM scans is now GA!</title>
<pubDate>Wed, 03 Apr 2024 17:51:27 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates#configurable-python-version-in-snyk-open-source-scm-scans-is-now-ga!</link>
<guid>https://snyk.gitbook.io/product-updates#configurable-python-version-in-snyk-open-source-scm-scans-is-now-ga!_April_3_2024</guid>
<description><p><b>New</b></p><p>We are very pleased to announce that the option to define Python minor version when scanning pip projects via Git integrations is now GA!</p>
<p>Until now, Snyk would always use either Python 2.7 or 3.7 which could lead to some dependencies being omitted from results if they require newer versions.</p>
<p>You can now specify minor versions of Python 3 to use in scans, up to 3.12.</p>
<p>To try this out go to Settings &gt; Languages &gt; Python and specify the Python version to use.</p>
<p>For more details see the documentation <a href="https://docs.snyk.io/scan-using-snyk/supported-languages-and-frameworks/python#pip-and-python-versions">available here</a>.</p></description>
</item>
<item>
<title>Snyk AppRisk Essentials: New features and unified UI</title>
<pubDate>Thu, 28 Mar 2024 17:04:03 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates#snyk-apprisk-essentials-new-features-and-unified-ui</link>
<guid>https://snyk.gitbook.io/product-updates#snyk-apprisk-essentials-new-features-and-unified-ui_March_28_2024</guid>
<description><p><b>New</b></p><p>We're thrilled to announce the following improvements to Snyk AppRisk Essentials, which are available today on our platform:</p>
<p><strong>Snyk AppRisk is now unified into the Snyk platform user interface</strong>. This eliminates the need to switch between separate web browser tabs. All Snyk AppRisk capabilities are available on Snyk’s main navigation menu at the Group level, and these navigation changes do not introduce any breaking changes.</p>
<p><strong>The Snyk AppRisk asset inventory now includes</strong> <a href="https://docs.snyk.io/manage-risk/snyk-apprisk/inventory-for-snyk-apprisk#assets-and-their-attributes"><strong>aggregate counts of Snyk issues</strong></a> in the asset inventory for Snyk Open Source, Snyk Code, and Snyk Container. From a specific asset, you can navigate to the Insights UI to see more details on the issues that relate to the given asset.</p>
<p><strong>Support for images as assets</strong>. Snyk AppRisk now provides visibility into <a href="https://docs.snyk.io/manage-risk/snyk-apprisk/inventory-for-snyk-apprisk/inventory-capabilities#image-assets">image assets</a> scanned using Snyk Container. Image assets can be tagged and managed with policies (for example, for asset classification). Where relevant, Issue counts from Snyk Container issues are aggregated on the image asset.</p>
<p>Please reach out to your account team if you have any questions on the above.</p></description>
</item>
<item>
<title>Snyk AppRisk - Bring Backstage Data into AppRisk</title>
<pubDate>Mon, 25 Mar 2024 00:00:00 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates#Snyk-AppRisk-Bring-Backstage-Data-into-AppRisk</link>
<guid>https://snyk.gitbook.io/product-updates#Snyk-AppRisk-Bring-Backstage-Data-into-AppRisk_March_25_2024</guid>
<description><p><b>New</b></p><p>We're pleased to share that Snyk AppRisk will allow customers to bring Backstage data into AppRisk as their org context information. You can now see the repo assets in AppRisk with the Backstage catalog info yaml file; this will make it easy for our user to manage their repo assets.</p>
<p>What is this feature about? Enable customers to add catalog info yaml, allow the customer to bring their organizational context into AppRisk. Enrich repo assets with metadata from Backstage. This allows customers to filter the asset inventory and build policies based on Backstage metadata.</p>
<p>This feature will be available for AppRisk Essentials and AppRisk Pro, which will be available for all SCM integrations that AppRisk supports.</p>
<p>Please see our <a href="https://docs.snyk.io/manage-risk/snyk-apprisk/integrations-for-snyk-apprisk/backstage-file-for-scm-integrations">Snyk documentation</a> for more details, and contact your account team with any questions.</p></description>
</item>
<item>
<title>Snyk AppRisk - Two new filters in Policy Builder</title>
<pubDate>Mon, 18 Mar 2024 00:00:00 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates#Snyk-AppRisk-Two-new-filters-in-Policy-Builder</link>
<guid>https://snyk.gitbook.io/product-updates#Snyk-AppRisk-Two-new-filters-in-Policy-Builder_March_18_2024</guid>
<description><p><b>New</b></p><p>We're excited to introduce two new filters to AppRisk Policies - “Repository Freshness” and “Source”. The two new filters unlock new use cases for policy creation. For example, users can now fine-tune policies with “repository freshness” condition to ignore inactive repositories. Additionally, they can take different actions for assets originating from different sources.</p>
<p>Previously available only in Asset Inventory, these two filters are now seamlessly integrated into AppRisk Policies as well. For more information, please refer to <a href="https://docs.snyk.io/manage-risk/snyk-apprisk/policies-for-snyk-apprisk/create-policies">Snyk documentation</a>.</p></description>
</item>
<item>
<title>License issues alignment in reporting</title>
<pubDate>Thu, 29 Feb 2024 00:00:00 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates#License-issues-alignment-in-reporting</link>
<guid>https://snyk.gitbook.io/product-updates#License-issues-alignment-in-reporting_February_29_2024</guid>
<description><p><b>Improved</b></p><p>In about a week, Snyk will update the logic for <strong>counting license issues</strong> in both Reports and Enterprise Analytics pages to better align with the way license issues are counted in Snyk projects page and Issues API. This will provide customers with a more consistent user experience across Snyk platform and ensure that license issue counts received from different Snyk interfaces are aligned. Customers using Snyk Open Source will see fewer issues in reporting once this change is applied, as the paths by which an issue is introduced will no longer be counted separately. Please reach out to your account team with any questions.</p></description>
</item>
<item>
<title>New CWE TOP 10 KEV (Known Exploited Vulnerabilities) Report</title>
<pubDate>Mon, 26 Feb 2024 00:00:00 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates#New-CWE-TOP-10-KEV-(Known-Exploited-Vulnerabilities)-Report</link>
<guid>https://snyk.gitbook.io/product-updates#New-CWE-TOP-10-KEV-(Known-Exploited-Vulnerabilities)-Report_February_26_2024</guid>
<description><p><b>New</b></p><p>We are happy to share the availability of a new report - <strong>CWE TOP 10 KEV</strong> (Known Exploited Vulnerabilities).</p>
<p><strong>CISA</strong>:</p>
<ul>
<li>In 2021, the <a href="https://www.dhs.gov/cisa/cybersecurity-division">Cybersecurity and Infrastructure Security Agency (CISA)</a> began publishing the <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>.</li>
<li>The CVEs in this catalog are vulnerabilities reported as actively exploited. CISA recommends that organizations monitor the KEV catalog and use its content to help prioritize remediation activities in their systems to reduce the likelihood of compromise.</li>
</ul>
<p><strong>The new KEV report</strong>:</p>
<ul>
<li>In December 2023, MITRE published an analysis of the TOP 10 exploitable CWEs for the first time. For each CWE, MITRE looked at how many CVEs are assigned to it in the KEV catalog and their average CVSS score.</li>
<li>The list contains <a href="https://cwe.mitre.org/top25/archive/2023/2023_kev_list.html">10 prioritized CWEs</a> that, if addressed, can reduce the risk of exploitation.</li>
</ul>
<p>The new report provides an additional approach to managing and prioritizing risk according to industry standards in addition to the OWASP TOP 10 (2021) and the CWE TOP 25 (2023) reports.</p>
<p>Learn more by reading the documentation <a href="https://docs.snyk.io/manage-risk/reporting/available-snyk-reports">available here</a>.</p></description>
</item>
<item>
<title>Targets API endpoint release to GA!</title>
<pubDate>Mon, 26 Feb 2024 00:00:00 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates#Targets-API-endpoint-release-to-GA!</link>
<guid>https://snyk.gitbook.io/product-updates#Targets-API-endpoint-release-to-GA!_February_26_2024</guid>
<description><p><b>New**, **Deprecated</b></p><p>Following the release of the <a href="https://apidocs.snyk.io/?version=2024-01-04\~beta#tag--Targets">Targets API beta</a>, we were given feedback that users had some issues with the naming conventions, would like to see the prefix updated to be consistent with standards used in other endpoints, and we were also given feedback that we’re missing various fields and filters which were supported in other versions of the API (including via the projects API).</p>
<p>With that, we're proud to announce that we've taken that feedback on board, addressed the points, and have released the <a href="https://apidocs.snyk.io/?version=2024-02-21#get-/orgs/-org_id-/targets">GA version of the Targets API</a>!</p>
<p>With the GA release of any API in Snyk, the GA release of this endpoint (which is a huge improvement on the beta) means the beta version is automatically deprecated, and users are highly recommended to upgrade to the GA version as soon as possible.</p>
<p>We are not removing the beta endpoint yet, and you can still continue using it.</p>
<p>However, after 90 days, we can remove the API endpoint. We will communicate regularly that the GA endpoint is available to upgrade to, and that we will remove the endpoint as we approach the time.</p>
<p>When we remove the beta API, you will be greeted by an <code>http 404 error</code>, and the simple fix is to upgrade to the latest version.</p></description>
</item>
<item>
<title>Revamped Group-Level Organization Page</title>
<pubDate>Sun, 18 Feb 2024 00:00:00 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates#Revamped-Group-Level-Organization-Page</link>
<guid>https://snyk.gitbook.io/product-updates#Revamped-Group-Level-Organization-Page_February_18_2024</guid>
<description><p><b>Improved</b></p><p>The Group Organizations page for Enterprise customers just got a facelift!</p>
<p>The new cleaner look makes viewing your Organizations and joining new ones a breeze. The new page is faster and includes a brand-new workflow for joining Organizations without the need for manual emails.</p>
<p>Read more about how to <a href="https://docs.snyk.io/snyk-admin/manage-users-in-organizations-and-groups/requests-for-access-to-an-organization">request access to an Organization</a>.</p></description>
</item>
<item>
<title>Snyk Container - Custom base image recommendations is now GA</title>
<pubDate>Mon, 12 Feb 2024 00:00:00 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates#Snyk-Container-Custom-base-image-recommendations-is-now-GA</link>
<guid>https://snyk.gitbook.io/product-updates#Snyk-Container-Custom-base-image-recommendations-is-now-GA_February_12_2024</guid>
<description><p><b>New</b></p><p>We are excited to announce the GA release of the Custom Base Image Recommendations feature of Snyk Container, bringing a more customized experience to our enterprise customers, allowing developers to utilize the most secure images from their organizations' internal pool of approved images (often referred to as “golden images”).</p>
<p>The General Availability version delivers:</p>
<ul>
<li>API endpoints for all custom base image actions to allow automation and smooth integration into existing processes.</li>
<li>All API functionality is now also available in the browser GUI, allowing users to define custom versioning schemas from the project’s settings.</li>
<li>Removed feature flag - by default, Custom Base Image Recommendations settings will be shown in the project’s settings.</li>
</ul>
<p>{% hint style="info" %}
<strong>Please note</strong> that this feature is only available for customers on the Snyk <strong>Enterprise</strong> plan. More details on the feature are available in the <a href="https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/custom-base-image-recommendations">public</a> and <a href="https://apidocs.snyk.io/?version=2024-01-23#tag--Custom-Base-Images">API</a> documentation.
{% endhint %}</p></description>
</item>
<item>
<title>Snyk AppRisk - Policy Templates</title>
<pubDate>Mon, 05 Feb 2024 00:00:00 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates#Snyk-AppRisk-Policy-Templates</link>
<guid>https://snyk.gitbook.io/product-updates#Snyk-AppRisk-Policy-Templates_February_5_2024</guid>
<description><p><b>New</b></p><p>We are happy to announce Policy Templates for Snyk AppRisk.</p>
<p>Policy Templates help AppRisk users create policies by offering ready-to-use templates that cover common use cases. In addition to creating a policy from scratch, users can now start with one of four out-of-the-box templates and tailor it to their unique requirements.</p>
<p>For more information, please refer to <a href="https://docs.snyk.io/manage-risk/snyk-apprisk/policies-for-snyk-apprisk/create-policies#use-a-template-policy-creation">Snyk documentation</a> and watch the Policy Templates overview <a href="https://www.youtube.com/embed/CtC7tGGNijY">video</a>.</p></description>
</item>
<item>
<title>The New REST Issues API is now GA</title>
<pubDate>Mon, 29 Jan 2024 00:00:00 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates#The-New-REST-Issues-API-is-now-GA</link>
<guid>https://snyk.gitbook.io/product-updates#The-New-REST-Issues-API-is-now-GA_January_29_2024</guid>
<description><p><b>New</b></p><p>We are excited to announce the General Availability of the Unified Issues API, which unifies all Snyk issues (SCA, SAST, IaC+) across projects or orgs into one API call. The Unified Issues API approach offers several key benefits:</p>
<ul>
<li>Simplifies the user experience with one paginated API call across all projects or orgs</li>
<li>Saves time by eliminating the need to stitch data across API calls and offering a consistent schema to parse responses with</li>
<li>Highlights our commitment to building Snyk as a holistic security platform for our customers</li>
</ul>
<p>The General Availability delivers:</p>
<ul>
<li>Uniform issue representation from Code to IaC+, with improved data quality and increased reliability</li>
<li>Detailed representations for Open Source packages and fix information</li>
<li>Improved pagination and response management, simplifying the API interaction</li>
<li>New filters for tailored API responses, catering to specific querying needs</li>
</ul>
<p>Please check out the API docs for <a href="https://apidocs.snyk.io/?version=2024-01-23#get-/groups/-group_id-/issues">listing all issues by group</a>, and <a href="https://apidocs.snyk.io/?version=2024-01-23#get-/orgs/-org_id-/issues">by org</a>.</p>
<p><strong>Note</strong>: the experimental versions of this endpoint will be deprecated in 30 days, while the beta version will be deprecated in 90 days. If you have any concerns with the deprecation timelines for experimental or beta endpoints of this API, please contact your account representative.</p></description>
</item>
<item>
<title>Snyk AppRisk - View Only Permission</title>
<pubDate>Mon, 29 Jan 2024 00:00:00 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates#Snyk-AppRisk-View-Only-Permission</link>
<guid>https://snyk.gitbook.io/product-updates#Snyk-AppRisk-View-Only-Permission_January_29_2024</guid>
<description><p><b>New</b></p><p>We are pleased to announce that the Snyk AppRisk support View Only permission.</p>
<p>View Only permission for Snyk AppRisk will enable you to give view only permission to Snyk AppRisk, so it is minimizes the need for you to give full access to Snyk AppRisk to your team members.</p>
<p>For more details, see the documentation <a href="https://docs.snyk.io/manage-risk/snyk-apprisk/getting-started-with-snyk-apprisk#permissions">available here</a>.</p></description>
</item>
<item>
<title>Snyk Code - DeepCode AI Fix now supports 7 languages</title>
<pubDate>Mon, 29 Jan 2024 00:00:00 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates#Snyk-Code-DeepCode-AI-Fix-now-supports-7-languages</link>
<guid>https://snyk.gitbook.io/product-updates#Snyk-Code-DeepCode-AI-Fix-now-supports-7-languages_January_29_2024</guid>
<description><p><b>New**, **Improved</b></p><p><a href="https://docs.snyk.io/scan-using-snyk/snyk-code/exploring-and-working-with-snyk-code-results-in-the-web-ui/fix-code-issues-automatically-with-deepcode-ai-fix-suggestions">DeepCode AI Fix</a> helps you automatically fix security issues identified by Snyk Code in the IDE (VS Code and Eclipse) using Snyk's DeepCode AI model.</p>
<p>Over the last few months, the team has been continuously adding depth to JS/TS fixes, and we are excited to share the support for 6 additional languages. DeepCode AI Fix now supports:</p>
<ul>
<li>Javascript and Typescript</li>
<li>Java</li>
<li>Python</li>
<li>C/C++</li>
<li>Go (Limited support)</li>
<li>C# (Limited support)</li>
<li>APEX (Limited support)</li>
</ul>
<p>Visit our documentation to learn <a href="https://docs.snyk.io/scan-using-snyk/snyk-code/exploring-and-working-with-snyk-code-results-in-the-web-ui/fix-code-issues-automatically-with-deepcode-ai-fix-suggestions#enable-deepcode-ai-fix">how to try it out</a>!</p></description>
</item>
<item>
<title>Snyk Open Source Gradle 8 CLI support</title>
<pubDate>Fri, 26 Jan 2024 00:00:00 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates#Snyk-Open-Source-Gradle-8-CLI-support</link>
<guid>https://snyk.gitbook.io/product-updates#Snyk-Open-Source-Gradle-8-CLI-support_January_26_2024</guid>
<description><p><b>Improved</b></p><p>We are pleased to announce that the Snyk CLI now supports scanning <a href="https://gradle.org/whats-new/gradle-8/">Gradle 8</a> projects!</p>
<p>Previously, when scanning version 8 projects in the CLI, some operations might fail due to incompatibility with the Gradle configuration cache. This has now been resolved, and Gradle 8 is <a href="https://docs.snyk.io/scan-using-snyk/supported-languages-and-frameworks/java-and-kotlin">officially supported</a> in the Snyk CLI. 🎉</p>
<p>Upgrade to <a href="https://github.com/snyk/cli/releases/tag/v1.1273.0">CLI v1.1273.0</a> or above to scan your Gradle 8 applications.</p></description>
</item>
<item>
<title>Snyk CLI Improvement: Auth tokens redacted</title>
<pubDate>Mon, 08 Jan 2024 00:00:00 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates#Snyk-CLI-Improvement-Auth-tokens-redacted</link>
<guid>https://snyk.gitbook.io/product-updates#Snyk-CLI-Improvement-Auth-tokens-redacted_January_8_2024</guid>
<description><p><b>Improved</b></p><p>With our customers and users security in mind, from version <a href="https://github.com/snyk/cli/releases/tag/v1.1268.0">v1.1268.0</a> onwards, <a href="https://docs.snyk.io/snyk-cli">Snyk CLI</a> will redact <a href="https://docs.snyk.io/getting-started/how-to-obtain-and-authenticate-with-your-snyk-api-token">Snyk API authentication tokens</a> from its <a href="https://docs.snyk.io/snyk-cli/commands#debug">debug</a> logs.</p>
<p>Once upgraded, when Snyk users run the following commands to enable Snyk CLI debug logs,</p>
<p><code>DEBUG=* snyk test -d</code></p>
<p>or</p>
<p><code>DEBUG=snyk* snyk test -d</code></p>
<p>they will see API authentication redacted and displayed as <code>***</code>.</p>
<p>An example of this change is inline:</p>
<p><code>bash
// Some codesnyk request body size: 1219
snyk gzipped request body size: 666
snyk:req request payload: {"url": "https://api.snyk.io/v1/analytics/cli","json":true, "method": "post", "headers": {"authorization": "token ***" ,"x-snyk-cli-version"</code></p>
<p>Snyk API authentication tokens will be redacted from Snyk CLI debug logs for both <a href="https://docs.snyk.io/enterprise-setup/service-accounts">service</a> as well as individual Snyk accounts.</p>
<p>We recommend upgrading to <a href="https://github.com/snyk/cli/releases/tag/v1.1268.0">v1.1268.0</a> to benefit from this change.</p></description>
</item>
<item>
<title>Configurable Python version in Snyk Open Source SCM scans in Open Beta</title>
<pubDate>Tue, 19 Dec 2023 00:00:00 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates/2023#Configurable-Python-version-in-Snyk-Open-Source-SCM-scans-in-Open-Beta</link>
<guid>https://snyk.gitbook.io/product-updates/2023#Configurable-Python-version-in-Snyk-Open-Source-SCM-scans-in-Open-Beta_December_19_2023</guid>
<description><p><b>None</b></p><p>Open beta</p>
<p>We are very pleased to announce that you can now define the Python version used when scanning <code>pip</code> projects imported via Git integrations in Snyk Open Source!</p>
<p>Until now, Snyk would always use either Python 2.7 or 3.7 which could lead to some dependencies being omitted from results if they require newer versions.</p>
<p>You can now specify the minor version of Python to use in scans.</p>
<p>To try this out go to your Organization Settings. First enable the beta listed in <strong>Snyk Preview</strong>. Next, go to <strong>Languages</strong> &gt; <strong>Python</strong> and specify the Python version to use.</p>
<p>For more details see the documentation <a href="https://docs.snyk.io/scan-using-snyk/supported-languages-and-frameworks/python#pip-and-python-versions">available here</a>.</p></description>
</item>
<item>
<title>Snyk AppRisk Essentials is Snyk’s new ASPM product</title>
<pubDate>Tue, 12 Dec 2023 00:00:00 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates/2023#Snyk-AppRisk-Essentials-is-Snyks-new-ASPM-product</link>
<guid>https://snyk.gitbook.io/product-updates/2023#Snyk-AppRisk-Essentials-is-Snyks-new-ASPM-product_December_12_2023</guid>
<description><p><b>New</b></p><p>Snyk AppRisk Essentials is Snyk’s new ASPM product, and is now available for qualified customers.</p>
<p>Snyk AppRisk Essentials supports the following use cases:</p>
<p>Automate application asset discovery: Continually discover application assets and classify them by business context, ensuring a security program is fully in sync with developers. Manage security coverage: Define and manage appropriate security and compliance requirements while verifying applications have the correct controls in place., Prioritize based on risk: Blend business and application context with best-in-class security and fix analysis to quantify risk and create an evidence graph, ensuring developer remediation efforts are focused on the issues that matter most to the business.</p>
<p>You can learn more by reading our <a href="https://snyk.io/blog/announcing-snyk-apprisk-aspm">blog post</a> and <a href="https://docs.snyk.io/manage-risk/snyk-apprisk">public documentation</a> and <a href="https://learn.snyk.io/lesson/snyk-apprisk-essentials/">training</a>, and by reaching out to your account team.</p></description>
</item>
<item>
<title>Using Project Tags at scale with removed group limits and predictable permissions</title>
<pubDate>Mon, 11 Dec 2023 00:00:00 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates/2023#Using-Project-Tags-at-scale-with-removed-group-limits-and-predictable-permissions</link>
<guid>https://snyk.gitbook.io/product-updates/2023#Using-Project-Tags-at-scale-with-removed-group-limits-and-predictable-permissions_December_11_2023</guid>
<description><p><b>Improved</b></p><p><a href="https://docs.snyk.io/snyk-admin/introduction-to-snyk-projects/project-tags">Project Tags</a> are a lightweight and easy way to organise your Projects into bespoke criteria. They also have great synergy with <a href="https://updates.snyk.io/project-collections-ga-268069">Project Collections</a> to help you visualise your grouping criteria (such as teams or services), focus work, and generate reports.</p>
<p>However, there has traditionally been a couple of points of friction when it comes to using tags at scale:</p>
<ul>
<li>You could only create 1000 tags per group, which meant that you might hit your limit quickly (even with good tag management).</li>
<li>Different permissions were required to create a tag within a group, and assign a tag to a Project, so even if you had an org role that would allow you to work with tags on a project, you might not have the group permission that allowed you to create the tag.</li>
</ul>
<p>Ultimately, users want the ability to group their Projects by any criteria without any limits, and to not work inefficiently because they're blocked by permission issues. So we're pleased to announce that we have removed the group tag limit, and we're making tag permissions more predictable in behaviour.</p>
<p>The org permission to assign and remove a tag to a project is now sufficient for all tags and will be applied to <code>group admin</code>, <code>org admin</code>, and <code>collaborator</code> roles whilst the permissions for custom roles will remain as they were before this work was delivered. The two differences to your experience will be:</p>
<ul>
<li>When you create a custom role, you do not require separate group permission to work with tags, which also helps improve security as you don't need to provide users with group permissions to enable org level functionality.</li>
<li>The concept of creating and deleting a tag no longer exists. If a tag isn't assigned to a Project, it will not exist.</li>
</ul>
<p>All of the Project Tag APIs will continue to work as they currently do today.</p></description>
</item>
<item>
<title>Slack App: Channel ID entry for configuration</title>
<pubDate>Fri, 08 Dec 2023 00:00:00 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates/2023#Slack-App-Channel-ID-entry-for-configuration</link>
<guid>https://snyk.gitbook.io/product-updates/2023#Slack-App-Channel-ID-entry-for-configuration_December_8_2023</guid>
<description><p><b>Improved</b></p><p>We're excited to share an update for the Slack app, introducing a new method for configuring channels to receive notifications. This addresses slow loading times for channel lists by enabling users to input Channel IDs directly. This enhancement ensures a quick verification process and immediate access to channel information, such as the name, right after entering the ID. Experience improved efficiency and responsiveness with this update.</p>
<figure><img src="https://github.com/snyk/product-updates-docs/gitbook/assets/slack_channel_id_setting.png" alt="" width="375"><figcaption></figcaption></figure>
<p>For more details, please refer to our <a href="https://docs.snyk.io/integrate-with-snyk/notification-and-ticketing-systems-integraitons/slack-app">User docs</a>.</p></description>
</item>
<item>
<title>Snyk Open Source: Pipenv Git support now GA</title>
<pubDate>Fri, 08 Dec 2023 00:00:00 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates/2023#Snyk-Open-Source-Pipenv-Git-support-now-GA</link>
<guid>https://snyk.gitbook.io/product-updates/2023#Snyk-Open-Source-Pipenv-Git-support-now-GA_December_8_2023</guid>
<description><p><b>Improved</b></p><p>We are very pleased to announce that Snyk Open Source support for scanning <a href="https://pipenv-fork.readthedocs.io/en/latest/index.html">Pipenv</a> projects via Git integrations is now GA!</p>
<p>The Open Beta for Pipenv Git support has been enabled by default <a href="https://updates.snyk.io/snyk-open-source-pipenv-git-support-272725">since September</a>, and we are now happy that this is now working well enough to be promoted to GA.</p>
<p>For more details, head over to the <a href="https://docs.snyk.io/scan-using-snyk/supported-languages-and-frameworks/python#pipenv-and-git-repositories">docs</a>.</p></description>
</item>
<item>
<title>Reminder: v1 List All Projects API end-of-life and upcoming brownout</title>
<pubDate>Mon, 04 Dec 2023 00:00:00 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates/2023#Reminder-v1-List-All-Projects-API-end-of-life-and-upcoming-brownout</link>
<guid>https://snyk.gitbook.io/product-updates/2023#Reminder-v1-List-All-Projects-API-end-of-life-and-upcoming-brownout_December_4_2023</guid>
<description><p><b>Deprecated</b></p><p>We announced on <a href="https://headwayapp.co/snyk-io-updates/deprecation-and-end-of-life-for-the-list-all-projects-v1-api-267781">June 22nd</a> that we will end-of-life the <a href="https://snyk.docs.apiary.io/#reference/projects/all-projects/list-all-projects">v1 List All Projects API</a> on December 22nd. Alongside the announcement, we have shared a <a href="https://go.snyk.io/rs/677-THP-415/images/Snyk%20v1%20API%20Migration%20Guide.pdf">migration guide</a> and have released enhancements to our <a href="https://apidocs.snyk.io/?version=2023-11-27#get-/orgs/-org_id-/projects">GA REST APIs</a> to help facilitate the migration. These APIs will provide more consistent versioning, pagination and caching, and improved performance for you.</p>
<p>In addition, we have had two brownouts in <a href="https://headwayapp.co/snyk-io-updates/scheduled-brownouts-for-the-list-all-projects-v1-api-endpoint-276313">October</a> and <a href="https://updates.snyk.io/reminder-v1-list-all-projects-api-end-of-life-and-upcoming-brownouts-278768">November</a>, and there is one more to go on December 6th for 4 hours starting 17:00 UTC.</p>
<p>During this time window, the API will return <code>410 Gone</code> for all requests. If you require further support during these windows, please raise a support ticket. Review the migration guide below and move all your automations over before December 22, 2023!</p></description>
</item>
<item>
<title>Announcing Import API Location header change and support for all Snyk environments</title>
<pubDate>Fri, 01 Dec 2023 00:00:00 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates/2023#Announcing-Import-API-Location-header-change-and-support-for-all-Snyk-environments</link>
<guid>https://snyk.gitbook.io/product-updates/2023#Announcing-Import-API-Location-header-change-and-support-for-all-Snyk-environments_December_1_2023</guid>
<description><p><b>Improved</b></p><p>We recently released a minor change to the <a href="https://snyk.docs.apiary.io/#reference/import-projects/import/import-targets">Import Targets API</a>. This asynchronous API spawns a separate import job, and returns a <code>201 Created</code> response and a <code>Location</code> header which should be followed to fetch additional progress details about the import job.</p>
<p>Previously, the Location header was only valid on Snyk’s US-based region. But following this change, the <code>Location</code> header is now a valid URL across all <a href="https://docs.snyk.io/more-info/data-residency-at-snyk#what-regions-are-available">available regions</a>.</p>
<p>If you are performing validation on the <code>Location</code> header, e.g. to verify it is a domain owned by Snyk before following the URL, please update your validation for your appropriate region URL. Snyk’s region-specific URLs are available <a href="https://docs.snyk.io/more-info/data-residency-at-snyk#what-regions-are-available">here</a>.</p>
<p>For any additional questions, <a href="https://support.snyk.io/hc/en-us">please contact support</a>.</p></description>
</item>
<item>
<title>Snyk Code Improvements: APEX, Go, Java, PHP, Python, Ruby</title>
<pubDate>Thu, 30 Nov 2023 00:00:00 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates/2023#Snyk-Code-Improvements-APEX,-Go,-Java,-PHP,-Python,-Ruby</link>
<guid>https://snyk.gitbook.io/product-updates/2023#Snyk-Code-Improvements-APEX,-Go,-Java,-PHP,-Python,-Ruby_November_30_2023</guid>
<description><p><b>Improved</b></p><p>Over the next two weeks, we continue to enhance Snyk Code. As a result, we will be making the following improvements:</p>
<ul>
<li>APEX: Enabling interfile support. Potential increase in all issues. This will be released week of December 11th</li>
<li>Go: Source improvements to add buffers and refactoring CMDI sources. Potential increase in all issues</li>
<li>Java: Sanitizer improvements enabling detection of ContentType. Potential decrease in CWE-79 issues</li>
<li>PHP: Additional improvements released for PHP interfile. Potential increase in issues</li>
<li>Python: Sanitizer improvements enabling detection of ContentType for frameworks including Django and Flask. Potential decrease in CWE-79 issues</li>
<li>Ruby: General sanitizer improvements. Potential decrease in all issues</li>
</ul>
<p>If you have any questions, please reach out to your account teams.</p></description>
</item>
<item>
<title>Snyk Open Source - Upcoming End-of-Life Notice for Copyright Service: Effective January 8, 2024</title>
<pubDate>Thu, 30 Nov 2023 00:00:00 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates/2023#Snyk-Open-Source-Upcoming-End-of-Life-Notice-for-Copyright-Service-Effective-January-8,-2024</link>
<guid>https://snyk.gitbook.io/product-updates/2023#Snyk-Open-Source-Upcoming-End-of-Life-Notice-for-Copyright-Service-Effective-January-8,-2024_November_30_2023</guid>
<description><p><b>Deprecated</b></p><p>Snyk Open Source product’s copyright feature provides the copyright information of your open source dependencies. Please note that access to such copyright data via the <a href="https://snyk.docs.apiary.io/#reference/dependencies">Dependencies API</a> and <a href="https://docs.snyk.io/manage-risk/dependencies-and-licenses/view-dependencies">Dependencies Report</a> will not be available from <strong>January 8th, 2024</strong>.</p>
<figure><img src="https://github.com/snyk/product-updates-docs/gitbook/assets/dependencies_report.png" alt="" width="375"><figcaption></figcaption></figure>
<p>From January 8th, 2024, <a href="https://docs.snyk.io/manage-risk/dependencies-and-licenses/view-dependencies">the Dependencies report</a>, the csv export from this report, and the <a href="https://snyk.docs.apiary.io/#reference/dependencies">Dependencies API</a> will no longer display copyright data per dependency. Snyk’s <a href="https://github.com/snyk-tech-services/snyk-licenses-texts">License text tool</a> will also no longer produce the copyright information.</p>
<p>Please keep in mind that only the copyright data per dependency is being EOL’d. License data per dependency will continue to exist.</p>
<p>We are actively exploring ways to reintegrate this data in future iterations of our roadmap.</p>
<p>Thank you for your continued support of our services. If you have any questions or concerns, please do not hesitate to reach out to our customer support team.</p></description>
</item>
<item>
<title>Snyk Code Announcement: GA of C/C++</title>
<pubDate>Tue, 28 Nov 2023 00:00:00 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates/2023#Snyk-Code-Announcement-GA-of-C/C++</link>
<guid>https://snyk.gitbook.io/product-updates/2023#Snyk-Code-Announcement-GA-of-C/C++_November_28_2023</guid>
<description><p><b>Improved</b></p><p>We are excited to announce that on Tuesday, December 5th, we will officially launch GA support for C/C++, enabled for all customers. This milestone follows substantial improvements driven by valuable feedback from customer support tickets, calls, and improvements through benchmark applications and open-source repositories. Note that we do not currently support macros and code quality.</p>
<p>For customers with C/C++ code, please anticipate a potential increase in issues.</p>
<p>If you have any questions, please reach out to your account teams.</p></description>
</item>
<item>
<title>"Project Type" filter</title>
<pubDate>Mon, 27 Nov 2023 00:00:00 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates/2023#Project-Type-filter</link>
<guid>https://snyk.gitbook.io/product-updates/2023#Project-Type-filter_November_27_2023</guid>
<description><p><b>New</b></p><p>As your organisation grows, the number and variety of Project types in your system also scales, so the ability to find the Projects you work with can become more difficult. Features such as <a href="https://updates.snyk.io/project-collections-ga-268069">Project Collections</a> improve the ability to organise and work with Projects at scale, so it's important to improve how they can be created.</p>
<p>We're pleased to announce that we've added a "Project Type" filter to the Project Listing page which will improve a user's ability to find the Projects they need to work with. By filtering your Projects by type, you can perform actions such as tagging and creating Project Collections more easily.</p>
<figure><img src="https://github.com/snyk/product-updates-docs/gitbook/assets/project_type_filter.png" alt="" width="327"><figcaption></figcaption></figure></description>
</item>
<item>
<title>Snyk Code Improvements: JavaScript, PHP</title>
<pubDate>Wed, 22 Nov 2023 00:00:00 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates/2023#Snyk-Code-Improvements-JavaScript,-PHP</link>
<guid>https://snyk.gitbook.io/product-updates/2023#Snyk-Code-Improvements-JavaScript,-PHP_November_22_2023</guid>
<description><p><b>Improved</b></p><p>Over the next two weeks, we continue to enhance Snyk Code. As a result, we will be making the following improvements in the next few weeks:</p>
<ul>
<li>JavaScript: Adding support for node-forge npm library. Potential increase in results, specifically increase Increase in results pertaining CWEs that represent cryptographic weaknesses: CWE-310, CWE-547, CWE-916, CWE-327</li>
<li>PHP: Adding PHP Drupal support. Potential increase in all issues</li>
</ul>
<p>If you have any questions, please reach out to your account teams.</p></description>
</item>
<item>
<title>GitHub Cloud App available in Open Beta</title>
<pubDate>Mon, 20 Nov 2023 00:00:00 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates/2023#GitHub-Cloud-App-available-in-Open-Beta</link>
<guid>https://snyk.gitbook.io/product-updates/2023#GitHub-Cloud-App-available-in-Open-Beta_November_20_2023</guid>
<description><p><b>Open beta</b></p><p>Today, Snyk is announcing the Open Beta availability of the GitHub Cloud app. The GitHub Cloud App represents a significant advancement over our current GitHub integrations, offering enhanced features such as role-based, granular access control, increased API rate limits, and serving as a foundation for expanded and enriched developer experiences.</p>
<p>After we make this generally available next year, our intention is that this app will replace the existing OAuth (aka "GitHub Enterprise") and PAT (aka "GitHub") based GitHub integrations on our platform.</p>
<figure><img src="https://github.com/snyk/product-updates-docs/gitbook/assets/github_cloud_app_integration.png" alt="" width="375"><figcaption></figcaption></figure>
<p>The Open Beta kicks off with customers in the US-based instance (app.snyk.io) using GitHub Cloud, and supports a single GitHub Org for a Snyk Org. Over the next month, we are committed to further refining the Cloud app, introducing the following improvements:</p>
<ul>
<li>In the upcoming month, we plan to extend support to EU and AU environments and enable a single GitHub Org to connect with multiple Snyk Orgs.</li>
<li>By the end of the year, we will extend this functionality to customers using GitHub Server (on-prem).</li>
</ul>
<p>We encourage you to connect with your account teams to opt-in, refer to our <a href="https://docs.snyk.io/integrate-with-snyk/git-repository-scm-integrations/snyk-github-cloud-app">User Docs</a> for more detailed information. Please don't hesitate to reach out if you have any questions.</p></description>
</item>
<item>
<title>Snyk Code: PR Checks Reliability Update New Improved</title>
<pubDate>Sat, 18 Nov 2023 00:00:00 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates/2023#Snyk-Code-PR-Checks-Reliability-Update-New-Improved</link>
<guid>https://snyk.gitbook.io/product-updates/2023#Snyk-Code-PR-Checks-Reliability-Update-New-Improved_November_18_2023</guid>
<description><p><b>New**, **Improved</b></p><p>At Snyk Code we have been focused on improving the reliability of Snyk Code PR Checks. We released at the end of October an update to one of our most error-prone services, and we have seen major improvements in the reliability, with the service going from being part of 50% of all errors, to close to none. Today, we have rolled out this improvement to all environments.</p>
<p>For customers using Snyk Code PR Checks through the Snyk Broker:</p>
<ul>
<li>Please update the Broker to version 4.168.4 or higher (recommended to go to the latest version).</li>
<li>If you are using a custom accept.json, update to the latest rules.</li>
<li>If you are using Bitbucket, please make sure you are using Bitbucket 7.0 or above.</li>
</ul>
<p>We continue to improve the overall reliability and scalability of Snyk Code, and we will have more updates in the coming months. If you have any questions, please reach out to your account teams. Thank you.</p></description>
</item>
<item>
<title>Snyk Code: PHP Interfile Re-release</title>
<pubDate>Wed, 15 Nov 2023 00:00:00 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates/2023#Snyk-Code-PHP-Interfile-Re-release</link>
<guid>https://snyk.gitbook.io/product-updates/2023#Snyk-Code-PHP-Interfile-Re-release_November_15_2023</guid>
<description><p><b>Fix</b></p><p>Over the past few weeks, we’ve been working to find the root cause and to update internal testing to ensure we identify these type of issues prior to production. As of today, we have turned on the first batch of rules for PHP interfile.</p>
<p>We are rolling out changes in how the analysis handles data flow which will result in significantly shorter and more accurate data flow in complex cases. From our testing, we expect this will change between 0.5-1% of issues across all languages.</p>
<p>After this step, pending positive internal testing, all the PHP interfile rules will be re-enabled over the next two weeks.</p>
<p>If you have any questions, please reach out to your account teams.</p></description>
</item>
<item>
<title>Removing friction when changing test frequency for Projects in the UI</title>
<pubDate>Wed, 15 Nov 2023 00:00:00 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates/2023#Removing-friction-when-changing-test-frequency-for-Projects-in-the-UI</link>
<guid>https://snyk.gitbook.io/product-updates/2023#Removing-friction-when-changing-test-frequency-for-Projects-in-the-UI_November_15_2023</guid>
<description><p><b>Improved</b></p><p>Earlier this year, we <a href="https://headwayapp.co/snyk-io-updates/project-collections-ga-268069">migrated the ability</a> to perform bulk actions in the Project Listing Page from the Usage page. Another bulk action which was available on the usage page was the "Change Test Frequency" functionality.</p>
<p>To remove friction where you'd have to jump between pages to perform bulk actions on Projects, we've migrated the Change Test Frequency functionality to the Project Listing Page.</p>
<figure><img src="https://github.com/snyk/product-updates-docs/gitbook/assets/change_test_frequency.png" alt="" width="310"><figcaption></figcaption></figure>
<p>For more information on the functionality, check out the <a href="https://docs.snyk.io/snyk-admin/introduction-to-snyk-projects">user documentation</a>.</p></description>
</item>
<item>
<title>Making Project Collections more discoverable and Target centric</title>
<pubDate>Tue, 14 Nov 2023 00:00:00 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates/2023#Making-Project-Collections-more-discoverable-and-Target-centric</link>
<guid>https://snyk.gitbook.io/product-updates/2023#Making-Project-Collections-more-discoverable-and-Target-centric_November_14_2023</guid>
<description><p><b>Improved</b></p><p>In June, we <a href="https://headwayapp.co/snyk-io-updates/project-collections-ga-268069">announced</a> the general availability of Project Collections. Since then, we've been gathering feedback on the feature's usability as we aim to go deeper on the experience with <a href="https://headwayapp.co/snyk-io-updates/deduplicating-targets-through-automatically-created-project-collections-276359">automatically created Project Collections</a>.</p>
<p>Based on the feedback, we needed to improve the discoverability of the feature and the experience for users who work on the Target-level. Therefore, we've just released a couple of improvements to the existing functionality:</p>
<ol>
<li>Collections are now present in the Projects area as a standalone tab so that anyone can dive into them quickly and easily.</li>
<li>You can see at a glance which Target a Project belongs to within a Collection as we have added a sortable Target column. In addition, we've enabled the ability to filter by Target within a Collection.</li>
</ol>
<p>We'll be adding more usability improvements to the feature over time, so your feedback is valued. For more information, head to the <a href="https://docs.snyk.io/snyk-admin/introduction-to-snyk-projects/project-collections-groupings/project-collections">user documentation</a>.</p></description>
</item>
<item>
<title>Reminder: v1 List All Projects API end-of-life and upcoming brownouts</title>
<pubDate>Thu, 09 Nov 2023 00:00:00 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates/2023#Reminder-v1-List-All-Projects-API-end-of-life-and-upcoming-brownouts</link>
<guid>https://snyk.gitbook.io/product-updates/2023#Reminder-v1-List-All-Projects-API-end-of-life-and-upcoming-brownouts_November_9_2023</guid>
<description><p><b>Deprecated</b></p><p>We announced on <a href="https://headwayapp.co/snyk-io-updates/deprecation-and-end-of-life-for-the-list-all-projects-v1-api-267781">June 22nd</a> that we will end-of-life the v1 List All Projects API on December 22nd. Alongside the announcement, we have shared a <a href="https://go.snyk.io/rs/677-THP-415/images/Snyk%20v1%20API%20Migration%20Guide.pdf">migration guide</a> and have released enhancements to our <a href="https://apidocs.snyk.io/?version=2023-11-06\~beta#get-/orgs/-org_id-/projects">GA REST APIs</a> to help facilitate the migration. These APIs will provide more consistent versioning, pagination and caching, and improved performance for you.</p>
<p>In addition, we have two <a href="https://headwayapp.co/snyk-io-updates/scheduled-brownouts-for-the-list-all-projects-v1-api-endpoint-276313">brownouts scheduled</a> where we will be periodically removing this endpoint for a set period of time:</p>
<ul>
<li>November 16th for 2 hours starting at 6:00 UTC</li>
<li>December 6th for 4 hours starting 17:00 UTC</li>
</ul>
<p>During this time window, the API will return 410 Gonefor all requests. If you require further support during these windows, please raise a support ticket. Review the migration guide below and move all your automations over before December 22, 2023!</p></description>
</item>
<item>
<title>CVE and NVD CVSS Score Enhancements - Upcoming Data Changes</title>
<pubDate>Mon, 06 Nov 2023 00:00:00 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates/2023#CVE-and-NVD-CVSS-Score-Enhancements-Upcoming-Data-Changes</link>
<guid>https://snyk.gitbook.io/product-updates/2023#CVE-and-NVD-CVSS-Score-Enhancements-Upcoming-Data-Changes_November_6_2023</guid>
<description><p><b>New</b></p><p>On <strong>November 14th</strong>, Snyk will roll out a change that will broaden Snyk Open Source vulnerabilities granularity to support CVSS vectors assigned by NVD, to support additional compliance workflows.</p>
<h4><strong>Background on Snyk IDs and CVE IDs</strong>:</h4>
<p>For each new vulnerability, Snyk assigns a unique Snyk Identifier (SNYK-ID) and CVSS vector (which translates to score and severity)</p>
<p>This allows Snyk:</p>
<ul>
<li>To publish new vulnerabilities faster, even before they have an officially assigned CVE ID.</li>
<li>To represent the issue in a single, specific package, therefore providing highly accurate information. A CVE ID, on the other hand, represents the vulnerability as a whole security issue and can be associated with multiple affected packages.</li>
</ul>
<p>A CVE ID, on the other hand, represents the vulnerability as a whole security issue and can be associated with multiple affected packages.</p>
<p>In rare cases, Snyk’s Security Analysts assign multiple CVE IDs to one SNYK-ID. This happens in cases where there is very high similarity or duplicates between multiple CVEs.</p>
<h4><strong>Details about the change</strong>:</h4>
<p>Starting November 14th, cases with multiple CVEs and different NVD CVSS vectors will be separated into multiple advisories (multiple Snyk-IDs), one per CVE. These cases amount to less than 0.6% of Snyk’s vulnerabilities.</p>
<p>This will provide customers with increased vulnerability granularity and ensure compatibility with NVD-provided CVSS vectors.</p>
<p>Snyk’s hand-curated CVSS is recommended for accurate and timely analysis, while NVD CVSS is useful for compliance-based needs, like FedRAMP reports.</p>
<p>To create a report of the vulnerabilities with the NVD CVSS Score: Click on Reports → Modify Columns → and select NVD Severity and NVD Score.</p>
<figure><img src="https://github.com/snyk/product-updates-docs/gitbook/assets/modify_columns_nvd_severity_and_score.png" alt=""><figcaption></figcaption></figure>
<h4><strong>Important notes</strong>:</h4>
<ul>
<li><strong>The number of issues you see might increase</strong>. This is due to the change in issue representation to consider NVD CVSS vectors as an independent issue factor.</li>
<li>After this change, in the rare cases in which multiple CVE IDs are associated with one SNYK-ID, the NVD CVSS vector provided will be relevant for both CVE IDs. A retest, a manual test, or a scheduled scan for monitored Projects, is needed to see the changes.</li>
<li>Although the overall number of issues (Snyk Open Source) might increase due to the broadening of the granularity to include NVD and CVSS vectors, <strong>these issues can be solved with the same fix</strong>.</li>
<li>If a new advisory was created from an ignored issue, it will still appear in the Project. If not relevant, the new issue will need to be ignored as well. This is because the new advisory has a different NVD CVSS score, and Snyk cannot assume it is irrelevant to your Project.</li>
<li>The Snyk CVSS will remain similar between the advisories.</li>
<li>The related CVE, which the advisory was separated from, will be included in the advisory details.</li>
</ul></description>
</item>
<item>
<title>Snyk Open Source Improvements: Fixability filters</title>
<pubDate>Mon, 06 Nov 2023 00:00:00 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates/2023#Snyk-Open-Source-Improvements-Fixability-filters</link>
<guid>https://snyk.gitbook.io/product-updates/2023#Snyk-Open-Source-Improvements-Fixability-filters_November_6_2023</guid>
<description><p><b>Improved</b></p><p>Snyk has now made it easier to determine what issues have a fix available and what issues Snyk can potentially help you fix!</p>
<p>When you're analyzing the issues in your project, in addition to our existing fixability filter, we've now introduced a new feature that allows you to identify security issues with a known fix in general, irrespective of whether we can directly assist you.</p>
<p>This enhancement provides you with a comprehensive view of potential vulnerabilities and solutions, enabling you to make more informed decisions about your security posture while we are continously working in supporting more and more ecosystems and fixes.</p>
<p>Try our new "Fixed In" Available filter in the Projects Dashboard and be on top of your issues! You can read more about it <a href="https://docs.snyk.io/scan-using-snyk/snyk-open-source/manage-vulnerabilities/vulnerability-fix-types">here</a>.</p>
<figure><img src="https://github.com/snyk/product-updates-docs/gitbook/assets/fixed_in_filter.png" alt=""><figcaption></figcaption></figure></description>
</item>
<item>
<title>Snyk Code Improvements: Java, Kotlin, Scala</title>
<pubDate>Fri, 03 Nov 2023 00:00:00 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates/2023#Snyk-Code-Improvements-Java,-Kotlin,-Scala</link>
<guid>https://snyk.gitbook.io/product-updates/2023#Snyk-Code-Improvements-Java,-Kotlin,-Scala_November_3_2023</guid>
<description><p><b>Improved</b></p><p>Over the next two weeks, we continue to enhance Snyk Code. As a result, we will be making the following improvements:</p>
<ul>
<li>Java: Adding equality sanitizers to support equality checks. Potential decrease in all issues</li>
<li>Java, Kotlin, Scala: Adding support for Open Redirect URL sanitizers. Potential decrease in CWE-601 issues</li>
</ul>
<p>If you have any questions, please reach out to your account teams.</p></description>
</item>
<item>
<title>Snyk Code Improvements: C#, PHP, Python, VB.NET</title>
<pubDate>Tue, 31 Oct 2023 00:00:00 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates/2023#Snyk-Code-Improvements-C#,-PHP,-Python,-VB.NET</link>
<guid>https://snyk.gitbook.io/product-updates/2023#Snyk-Code-Improvements-C#,-PHP,-Python,-VB.NET_October_31_2023</guid>
<description><p><b>Improved</b></p><p>Over the next two weeks, we continue to enhance Snyk Code. As a result, we will be making the following improvements in the next few weeks:</p>
<ul>
<li>PHP: Improving sanitizers by adding support for PHP8 Type declarations. Potential decrease in issues</li>
<li>Python: Improving sanitizers. Potential decrease in issues</li>
<li>VB.NET: Improving coverage for customer applications. Potential increase in issues</li>
</ul>
<p>If you have any questions, please reach out to your account teams.</p></description>
</item>
<item>
<title>Customize your PRs via API</title>
<pubDate>Mon, 30 Oct 2023 00:00:00 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates/2023#Customize-your-PRs-via-API</link>
<guid>https://snyk.gitbook.io/product-updates/2023#Customize-your-PRs-via-API_October_30_2023</guid>
<description><p><b>New**, **Closed beta</b></p><p>We are very excited to announce our recent Closed Beta feature: the ability to <a href="https://docs.snyk.io/scan-applications/snyk-open-source/open-source-basics/customize-pr-templates-closed-beta">customize settings for how your PRs look using an API.</a></p>
<p>Today, Snyk raises PRs using a default standard format for title, description, and commit message or branch name.</p>
<p>However, we know that you may have your own standards and practices for the content of your PRs. We're building this feature to make it easier for you to customize the content of your PRs for your entire Group. With this API, you can set a template for your expected PR format, which Snyk will use for all PRs.</p>
<p>Read more about the feature <a href="https://docs.snyk.io/scan-applications/snyk-open-source/open-source-basics/customize-pr-templates-closed-beta">here</a>. Please don't hesitate to reach out if you're interested in participating in the Closed Beta and trying out this feature early!</p></description>
</item>
<item>
<title>Snyk Code Rollback: Hardcoded Secrets Improvement</title>
<pubDate>Fri, 27 Oct 2023 00:00:00 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates/2023#Snyk-Code-Rollback-Hardcoded-Secrets-Improvement</link>
<guid>https://snyk.gitbook.io/product-updates/2023#Snyk-Code-Rollback-Hardcoded-Secrets-Improvement_October_27_2023</guid>
<description><p><b>Fix</b></p><p>On Oct 23rd, we deployed an improvement that aligned our hardcoded secrets behavior for JavaScript and Java, causing an increase in CWE-547 (Hardcoded Secrets). Unfortunately the rule change made a larger impact than intended, resulting in reports of false positives. We have decided to roll back the deployment, and this will be pushed to production on Friday, Oct 27th.</p>
<p>Customers may have seen an increase in hardcoded secrets issues, specifically for CWE-547 in JavaScript and Java. Starting Monday, Oct 30th, the issues and any resulting false positives generated last week will be corrected.</p>
<p>If you have any questions, please reach out to your account teams.</p></description>
</item>
<item>
<title>Support for SPDX in SBOM Test APIs Beta</title>
<pubDate>Wed, 25 Oct 2023 00:00:00 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates/2023#Support-for-SPDX-in-SBOM-Test-APIs-Beta</link>
<guid>https://snyk.gitbook.io/product-updates/2023#Support-for-SPDX-in-SBOM-Test-APIs-Beta_October_25_2023</guid>
<description><p><b>New**, **Open beta</b></p><p>We’re pleased to share that Snyk's <a href="https://apidocs.snyk.io/?version=2023-10-13\~beta#post-/orgs/-org_id-/sbom_tests">SBOM Test APIs</a> now support SPDX.</p>
<p><a href="https://spdx.dev/about/overview/">Software Package Data Exchange (SPDX)</a> is part of The Linux Foundation® and described as "an open standard for communicating software bill of material information, including provenance, license, security, and other related information".</p>
<p>As a developer, you can now <a href="https://docs.snyk.io/snyk-api/rest-api-endpoints-test-an-sbom-document-for-vulnerabilities">test SPDX 2.3 JSON documents for vulnerabilities</a>. There is no need to specify this in your request, Snyk will automatically detect the SBOM format and test accordingly. This release adds to our existing support for CycloneDX — ensuring you can use both of the leading SBOM specifications.</p>
<p>As always, we’re excited to hear your feedback. Please reach out if you have any questions.</p></description>
</item>
<item>
<title>Decoupling Snyk Orb from Snyk CLI Docker Images</title>
<pubDate>Tue, 24 Oct 2023 00:00:00 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates/2023#Decoupling-Snyk-Orb-from-Snyk-CLI-Docker-Images</link>
<guid>https://snyk.gitbook.io/product-updates/2023#Decoupling-Snyk-Orb-from-Snyk-CLI-Docker-Images_October_24_2023</guid>
<description><p><b>Improved</b></p><p>As a continued effort to help our users deliver secure code to production, we have decoupled <a href="https://github.com/snyk/snyk-orb">Snyk Orb</a> from the <a href="https://github.com/snyk/cli/blob/66b77c1e4a8b97b4a67088fc231545ffff1e9c40/docker/README.md">deprecated</a> <a href="https://hub.docker.com/r/snyk/snyk-cli">Snyk CLI Docker Images</a>. Please note that these are breaking changes and require additional steps after an upgrade to Snyk Orb <a href="https://github.com/snyk/snyk-orb/releases/tag/v2.0.0">v2.0.0</a>.</p>
<p>Your existing CircleCI setup will continue to function without interruption, as we are introducing these breaking changes following semantic release conventions. However, to benefit from future improvements to Snyk CLI, we strongly recommend that you upgrade Snyk Orb at your earliest convenience. A readme with code examples is <a href="https://github.com/snyk/snyk-orb/blob/master/README.md">here</a> to help you get started.</p>
<p>Once upgraded, please make the following changes, which are breaking changes:</p>
<ul>
<li>remove the deprecated <code>scan-iac</code> job, an example of how it was used in previous versions \&lt;v2.0.0 is inline</li>
</ul>
<p>```
description: &gt;
Use the Snyk orb inside a build job to scan a container image for known
vulnerabilities</p>
<p>usage:
version: 2.1</p>
<p>orbs:
snyk: snyk/snyk@1.7.2</p>
<p>workflows:
test:
jobs:
- snyk/scan-iac
```</p>
<ul>
<li>and, please switch to using <code>snyk/scan</code> instead, an example is inline</li>
</ul>
<p>```
description: &gt;
Use the Snyk orb inside a build job to scan a container image for known
vulnerabilities</p>
<p>usage:
version: 2.1</p>
<p>orbs:
snyk: snyk/snyk@2.0.0</p>
<p>workflows:
test:
jobs:
- snyk/scan:
command: iac test
```</p>
<p>To learn more about our CI/CD integrations, our product docs are <a href="https://docs.snyk.io/integrations/snyk-ci-cd-integrations">here</a>.</p></description>
</item>
<item>
<title>Decoupling Snyk Scan from Snyk CLI Docker Images</title>
<pubDate>Tue, 24 Oct 2023 00:00:00 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates/2023#Decoupling-Snyk-Scan-from-Snyk-CLI-Docker-Images</link>
<guid>https://snyk.gitbook.io/product-updates/2023#Decoupling-Snyk-Scan-from-Snyk-CLI-Docker-Images_October_24_2023</guid>
<description><p><b>Improved</b></p><p>As a continued effort to help our users deliver secure code to production, we have decoupled <a href="https://bitbucket.org/snyk/snyk-scan/src/develop/">Snyk Scan</a> from the <a href="https://github.com/snyk/cli/blob/66b77c1e4a8b97b4a67088fc231545ffff1e9c40/docker/README.md">deprecated</a> <a href="https://hub.docker.com/r/snyk/snyk-cli">Snyk CLI Docker Images</a>. Please note that these are breaking changes, and require additional steps after an upgrade to Snyk Scan <a href="https://bitbucket.org/snyk/snyk-scan/src/develop/CHANGELOG.md">v1.0.0</a>.</p>
<p>Your existing Bitbucket setup will continue to function without interruption, as we are introducing these breaking changes following semantic release conventions. However, to benefit from future improvements to <a href="https://docs.snyk.io/snyk-cli">Snyk CLI</a>, we strongly recommend that you upgrade Snyk Scan at your earliest convenience. A readme with code examples is <a href="https://bitbucket.org/snyk/snyk-scan/src/develop/README.md">here</a> to help you get started.</p>
<p>Once upgraded, you are required to switch from using deprecated Snyk CLI base images to <a href="https://hub.docker.com/r/snyk/snyk">Snyk Images</a> base images.</p>
<p>To do so, please:</p>
<ul>
<li>update the <code>LANGUAGE</code> variable to use <a href="https://docs.snyk.io/integrations/snyk-ci-cd-integrations/bitbucket-pipelines-integration-overview/migrating-to-bitbucket-pipelines-v1.0.0#equivalent-snyk-images">supported tags</a> from <a href="https://hub.docker.com/r/snyk/snyk/tags">Snyk Images</a>,</li>
<li>or, you can follow <a href="https://docs.snyk.io/integrations/snyk-ci-cd-integrations/bitbucket-pipelines-integration-overview/user-defined-custom-images">these</a> instructions to build your own image.</li>
</ul>
<p>To learn more about our CI/CD integrations, our product docs are <a href="https://docs.snyk.io/integrations/snyk-ci-cd-integrations">here</a>.</p></description>
</item>
<item>
<title>Snyk Code: Python 2 Deprecation of Support</title>
<pubDate>Thu, 19 Oct 2023 00:00:00 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates/2023#Snyk-Code-Python-2-Deprecation-of-Support</link>
<guid>https://snyk.gitbook.io/product-updates/2023#Snyk-Code-Python-2-Deprecation-of-Support_October_19_2023</guid>
<description><p><b>Deprecated</b></p><p>Starting October 26th, Snyk Code will begin the 3 month process of deprecating Python 2 language support. Further, we plan to End of Life (EOL) on January 23, 2024, where Python 2 support will be terminated. For context, Python 2 has been unsupported by Python.org since January 2020.</p>
<p>This means that no new development work and no new support tickets related to Python 2 will be processed. Existing Python 2 projects will continue to be scanned until EOL. After EOL, Python 2 findings will no longer appear in your results.</p>
<p>Note that support for Python 3 will not be affected and continue as usual.</p>
<p>If you are using Python 2, please reach out to your account teams.</p></description>
</item>
<item>
<title>Azure cloud environment scanning is now GA (Snyk IaC)</title>
<pubDate>Wed, 18 Oct 2023 00:00:00 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates/2023#Azure-cloud-environment-scanning-is-now-GA-(Snyk-IaC)</link>
<guid>https://snyk.gitbook.io/product-updates/2023#Azure-cloud-environment-scanning-is-now-GA-(Snyk-IaC)_October_18_2023</guid>
<description><p><b>None</b></p><p>We're pleased to share that scanning deployed Azure cloud environments is now GA for Snyk IaC customers on an enterprise plan. You can now secure your Azure infrastructure from code - with IaC template scanning for Azure Resource Manager(ARM) and Terraform - to the cloud.</p>
<p>Users can now:</p>
<ul>
<li>Onboard Azure subscriptions via API and UI, and scan and test Azure resources with our <a href="https://security.snyk.io/rules/cloud/azure">security rules</a></li>
<li>Find and fix misconfigurations identified by Snyk in the org-wide Cloud issues UI, or in the <a href="https://apidocs.snyk.io/?version=2023-09-29%7Ebeta#get-/orgs/-org_id-/issues">REST API for issues</a></li>
<li>View an inventory of Azure resources with the <a href="https://apidocs.snyk.io/?version=2023-09-29%7Ebeta#get-/orgs/-org_id-/cloud/resources">GET /cloud/resources</a> endpoint</li>
</ul>
<p>Please see our <a href="https://docs.snyk.io/integrations/cloud-platforms-integrations/azure-integration-for-cloud-configurations">User Docs</a> for more details, and contact your account team with any questions.</p></description>
</item>
<item>
<title>Expanded ecosystem coverage for SBOM Test APIs</title>
<pubDate>Tue, 17 Oct 2023 00:00:00 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates/2023#Expanded-ecosystem-coverage-for-SBOM-Test-APIs</link>
<guid>https://snyk.gitbook.io/product-updates/2023#Expanded-ecosystem-coverage-for-SBOM-Test-APIs_October_17_2023</guid>
<description><p><b>New**, **Open beta</b></p><p>We're thrilled to share that our SBOM Test APIs now support a wider range of Open Source languages and ecosystems! Now you can test CycloneDX SBOM documents for vulnerabilities across the following purl types: <code>cargo</code>, <code>cocoapods</code>, <code>composer</code>, <code>gem</code>, <code>golang</code>, <code>hex</code>, <code>maven</code>, <code>npm</code>, <code>nuget</code>, <code>pypi</code>, <code>swift</code>, or <code>generic</code> for unmanaged C/C++.</p>
<p>We hope this milestone helps you adopt SBOMs within your developer workflows and expand testing coverage for a greater number of assets.</p>
<p>Please see our <a href="https://docs.snyk.io/snyk-api/rest-api-endpoints-test-an-sbom-document-for-vulnerabilities">User Docs</a> for more information and reach out if you have any questions.</p></description>
</item>
<item>
<title>CCSS: New Severity Framework for IaC+</title>
<pubDate>Tue, 17 Oct 2023 00:00:00 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates/2023#CCSS-New-Severity-Framework-for-IaC+</link>
<guid>https://snyk.gitbook.io/product-updates/2023#CCSS-New-Severity-Framework-for-IaC+_October_17_2023</guid>
<description><p><b>New</b></p><p>We are pleased to announce Snyk’s move to CCSS, a severity framework, for IaC+.</p>
<p>Prior to October 16, 2023, Snyk security researchers used an internal severity framework to determine the severity of the rules for IaC+ (new version of Snyk IaC).</p>
<p>To provide greater accuracy, additional ways to prioritize issues, and transparency in determining the IaC+ rules severity, Snyk is moving to use the Common Configuration Scoring System (CCSS).</p>
<p>The National Institute of Standards and Technology (NIST) developed CCSS. Also, it is derived from the Common Vulnerability Scoring System (CVSS), which was developed to measure the severity of vulnerabilities and is used today in Snyk Open Source and Snyk Container products.</p>
<p>Please see our <a href="https://docs.snyk.io/manage-risk/priorities-for-fixing-issues/severity-levels#severity-levels-and-ccss">documentation</a> and explore all the new scores and severities at <a href="https://security.snyk.io/rules/cloud/">https://security.snyk.io/rules/cloud/</a>.</p></description>
</item>
<item>
<title>Native support for Apple silicon in Snyk CLI</title>
<pubDate>Fri, 13 Oct 2023 00:00:00 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates/2023#Native-support-for-Apple-silicon-in-Snyk-CLI</link>
<guid>https://snyk.gitbook.io/product-updates/2023#Native-support-for-Apple-silicon-in-Snyk-CLI_October_13_2023</guid>
<description><p><b>New</b></p><p>We are pleased to announce that – going forward as of <a href="https://github.com/snyk/cli/releases/tag/v1.1230.0">version 1.1230.0</a> – Snyk CLI natively supports <a href="https://en.wikipedia.org/wiki/Apple_silicon">Apple silicon</a>. You are no longer required to manually install <a href="https://support.apple.com/en-gb/HT211861">Apple’s Rosetta 2</a> before installing Snyk CLI.</p>
<p>For our Apple silicon users this means whether you are installing directly – via any of our <a href="https://github.com/snyk/cli#install-snyk-cli">supported installation methods</a> – or via an IDE plugin, the correct and latest Apple silicon build will be selected and installed on the system automatically.</p>
<p>With this improvement, our Apple silicon users will be able to</p>
<ul>
<li>experience a simplified Snyk CLI installation,</li>
<li>and secure code without compromising on productivity, performance, or their compliance needs.</li>
</ul>
<p>To get started with Snyk CLI, or for more information, <a href="https://docs.snyk.io/snyk-cli/getting-started-with-the-snyk-cli">please read the docs</a>.</p></description>
</item>
<item>
<title>The New REST Issues API is now in Beta!</title>
<pubDate>Fri, 13 Oct 2023 00:00:00 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates/2023#The-New-REST-Issues-API-is-now-in-Beta!</link>
<guid>https://snyk.gitbook.io/product-updates/2023#The-New-REST-Issues-API-is-now-in-Beta!_October_13_2023</guid>
<description><p><b>New**, **Open beta</b></p><p>We are excited to announce the Beta release of the new Issues API REST endpoints, which unifies all Snyk issues (SCA, SAST, Cloud) across projects or orgs into one API call. The Unified Issues API approach offers several key benefits:</p>
<ul>
<li>Simplifies the user experience with one paginated API call across all projects or orgs</li>
<li>Saves time by eliminating the need to stitch data across various calls and offering a consistent schema to parse responses with</li>
<li>Highlights our commitment to building Snyk as a holistic security platform</li>
</ul>
<p>The Beta version builds on the Experimental versions with the following new features:</p>
<ul>
<li>Stable UUIDs which will not change with releases of future versions thus minimizing breaking changes going forward</li>
<li>New Risk Score and Factors allowing for assessing risk using broader issue, application and business context</li>
<li>Increased performance profile with faster response times</li>
</ul>
<p>Please check out the API docs for <a href="https://apidocs.snyk.io/?version=2023-09-29%7Ebeta#get-/groups/-group_id-/issues">listing all issues by group</a>, and <a href="https://apidocs.snyk.io/?version=2023-09-29%7Ebeta#get-/orgs/-org_id-/issues">by org</a>.</p></description>
</item>
<item>
<title>Snyk Code Rollback: PHP Interfile</title>
<pubDate>Tue, 10 Oct 2023 00:00:00 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates/2023#Snyk-Code-Rollback-PHP-Interfile</link>
<guid>https://snyk.gitbook.io/product-updates/2023#Snyk-Code-Rollback-PHP-Interfile_October_10_2023</guid>
<description><p><b>Fix</b></p><p>Following the <a href="https://status.snyk.io/incidents/lvn0gz5rqpbp">incident last Friday, October 6th</a>, we’re temporarily rolling back PHP Interfile starting today as part of our mitigation strategy. For customers with PHP code, you may see a decreased number of results.</p>
<p>We recognize the importance of PHP Interfile and are actively working towards a solution.</p>
<p>We don’t have a confirmed timeline yet, but will provide updates once the situation stabilizes.</p>
<p>Please reach out with any questions.</p></description>
</item>
<item>
<title>Deduplicating Targets through automatically created Project Collections</title>
<pubDate>Tue, 10 Oct 2023 00:00:00 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates/2023#Deduplicating-Targets-through-automatically-created-Project-Collections</link>
<guid>https://snyk.gitbook.io/product-updates/2023#Deduplicating-Targets-through-automatically-created-Project-Collections_October_10_2023</guid>
<description><p><b>New**, **Closed beta</b></p><p>Following the release of <a href="https://updates.snyk.io/project-collections-ga-268069">Project Collections in June</a>, we’re building on the story further to help improve managing your projects at scale, whilst removing some friction our users see.</p>
<p>Users will often scan the same project through multiple methods depending on the purpose. Scanning projects from the SCM enables you to leverage features such as PR checks, while scanning projects through a CI/CD pipeline (via the CLI) will create a gating mechanism so that certain vulnerabilities do not reach critical environments. However, a Target is created for a single project for each different scan method used (the CLI and SCM), which also results in duplicate projects, and duplicate issues which can lead to inefficiencies in working within the projects area and inaccurate counts in reporting.</p>
<p>We’re proud to announce that we’re releasing closed beta functionality which will improve efficiency when working with projects and accuracy of reporting if you scan the same project from multiple methods. When the same project is scanned from the SCM and the CLI, Snyk will automatically group those projects together within a newly created Project Collection. From this new Project Collection, you can choose which scan method’s results you want to filter out so that you work with your projects more efficiently, and you can generate more accurate reports on the filtered Collections. The Project Collection’s new issue count will be reflected in the Collection listing page, and in the reporting area too.</p>
<p>Snyk will not merge or delete any projects or issues because knowing where in your SDLC a vulnerability was introduced has value.</p></description>
</item>
<item>
<title>Scheduled brownouts for the List All Projects v1 API endpoint</title>
<pubDate>Mon, 09 Oct 2023 00:00:00 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates/2023#Scheduled-brownouts-for-the-List-All-Projects-v1-API-endpoint</link>
<guid>https://snyk.gitbook.io/product-updates/2023#Scheduled-brownouts-for-the-List-All-Projects-v1-API-endpoint_October_9_2023</guid>
<description><p><b>New</b></p><p>We recently announced a plan to <a href="https://updates.snyk.io/deprecation-and-end-of-life-for-the-list-all-projects-v1-api-267781">sunset the v1 List all projects API</a> (from June 22nd 2023, with an end-of-life on December 22nd 2023) in favor of the <a href="https://apidocs.snyk.io/?version=2023-05-29#get-/orgs/-org_id-/projects">REST List All Projects for an org API</a>.</p>
<p>Starting from October, we will be scheduling brownouts where we will be periodically removing this endpoint for a scheduled period of time. Here is the schedule:</p>
<ul>
<li>October 23rd for 1 hour starting at 12:00 UTC</li>
<li>November 16th for 2 hours starting at 06:00 UTC</li>
<li>December 6th for 4 hours starting 17:00 UTC</li>
</ul>
<p>During these time windows, the API will return <code>410 Gone</code> for all requests. If you require further support during this period, please raise a support ticket.</p>
<p>Please refer to this <a href="https://go.snyk.io/rs/677-THP-415/images/Snyk%20v1%20API%20Migration%20Guide.pdf">guide</a> to move all your automations over to replacement endpoints. If you require further support during this period, please raise a support ticket.</p></description>
</item>
<item>
<title>Upcoming High Severity Vulnerability in curl and libcurl</title>
<pubDate>Thu, 05 Oct 2023 00:00:00 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates/2023#Upcoming-High-Severity-Vulnerability-in-curl-and-libcurl</link>
<guid>https://snyk.gitbook.io/product-updates/2023#Upcoming-High-Severity-Vulnerability-in-curl-and-libcurl_October_5_2023</guid>
<description><p><b>New</b></p><p><code>curl</code> is a popular command-line tool for transferring data using various network protocols. <code>curl</code> is used almost ubiquitously and shipped with almost all Linux distributions.</p>
<p>The <code>curl</code> maintainer announced recently that on <strong>Oct 11, 2023</strong>, at around 6:00 UTC, a new version <strong>8.4.0</strong> of <code>curl</code> and <code>libcurl</code> will be released, to address a High severity vulnerability, which is assigned to <a href="https://security.snyk.io/vuln/SNYK-UNMANAGED-CURL-5931782">CVE-2023-38545</a>.</p>
<p>In the maintainer’s own words:</p>
<blockquote>
<p>This is probably the worst security problem found in curl in a long time.</p>
</blockquote>
<p>Please be advised to follow updates and upgrade to the latest version once available.</p>
<p>While not all security data is currently available, and the exact impact of this issue is still to be determined, Snyk Security Team is monitoring for updates, will update the <a href="https://security.snyk.io/vuln/SNYK-UNMANAGED-CURL-5931782">curl security advisory</a> accordingly, and will share more information in the following blog post: <a href="https://snyk.io/blog/curl-high-severity-vulnerability-oct-2023/">High severity vulnerability found in libcurl and curl</a>.</p></description>
</item>
<item>
<title>Additional options for Snyk SBOM CLI</title>
<pubDate>Tue, 03 Oct 2023 00:00:00 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates/2023#Additional-options-for-Snyk-SBOM-CLI</link>
<guid>https://snyk.gitbook.io/product-updates/2023#Additional-options-for-Snyk-SBOM-CLI_October_3_2023</guid>
<description><p><b>Improved</b></p><p>We're pleased to share that the Snyk SBOM CLI Extension now supports additional options for working with Maven, npm, Gradle, Python, Yarn, and NuGet projects.</p>
<p>These will help you produce a more accurate CycloneDX or SPDX SBOM based on your project's configuration. These options are available in CLI version 1.1228.0 and beyond.</p>
<p>Please see our <a href="https://docs.snyk.io/snyk-cli/commands/sbom">User Docs</a> for more details.</p></description>
</item>
<item>
<title>IaC+ (New Version of Snyk IaC) is in Early Access</title>
<pubDate>Tue, 03 Oct 2023 00:00:00 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates/2023#IaC+-(New-Version-of-Snyk-IaC)-is-in-Early-Access</link>
<guid>https://snyk.gitbook.io/product-updates/2023#IaC+-(New-Version-of-Snyk-IaC)-is-in-Early-Access_October_3_2023</guid>
<description><p><b>Open beta</b></p><h4><strong>IaC+ is now in Early Access</strong></h4>
<p>IaC+ is a new version of Snyk IaC that includes:</p>
<ul>
<li>Multi-file analysis for Terraform— support for modules and variables files</li>
<li>Repository-based projects for SCM—capturing issues for an entire repository, instead of by singular IaC file, in alignment with Snyk Code</li>
<li>Expanded security rule set—mapped to more than a dozen compliance standards (CIS Benchmarks, PCI DSS, SOC 2, &amp; more)</li>
<li>Cloud-to-code fixes—automatic mappings of cloud misconfigurations to the IaC source code for AWS and Terraform to expedite fixes</li>
</ul>
<p>In addition to more consistent support for languages such as ARM support across all workflows (IDE, SCM, CLI, and Terraform Cloud) and custom rules in OPA’s Rego query language to enforce custom security controls across the SDLC (code to cloud).</p>
<p>Get started with IaC+:</p>
<ul>
<li>Turn on IaC+ via <a href="https://docs.snyk.io/snyk-admin/manage-settings/snyk-preview">Snyk Preview</a></li>
<li>Check out our <a href="https://docs.snyk.io/scan-infrastructure/introduction-to-iac+">Snyk IaC documentation</a> for more information</li>
</ul>
<p>Note: IaC+ is currently available for Enterprise plans.</p></description>
</item>
<item>
<title>Open beta availability of Git repository cloning</title>
<pubDate>Wed, 27 Sep 2023 00:00:00 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates/2023#Open-beta-availability-of-Git-repository-cloning</link>
<guid>https://snyk.gitbook.io/product-updates/2023#Open-beta-availability-of-Git-repository-cloning_September_27_2023</guid>
<description><p><b>Open beta</b></p><p><strong>Today, Snyk is pleased to announce open beta availability of</strong> <a href="https://docs.snyk.io/more-info/how-snyk-handles-your-data#git-repository-cloning"><strong>Git repository cloning</strong></a> <strong>– a new, and more scalable way for Snyk to provide code security and code quality improvements via</strong> <a href="https://docs.snyk.io/integrations/git-repository-scm-integrations"><strong>SCM integrations</strong></a> <strong>– helping you develop fast and stay secure.</strong></p>
<p>The open beta is rolling out to all customers, and across all of Snyk’s deployments in the coming days, and will be available – via <a href="https://docs.snyk.io/snyk-admin/manage-settings/snyk-preview">Snyk Preview</a> – for all SCM integrations (GitHub, GitHub Enterprise, GitLab, Bitbucket Server, Bitbucket Cloud App, Bitbucket Cloud (Legacy), and Azure Repos), and SCM “flows” (<a href="https://docs.snyk.io/getting-started/quickstart/import-a-project">import</a>, <a href="https://docs.snyk.io/scan-application-code/run-pr-checks">PR checks</a>, <a href="https://docs.snyk.io/getting-started/running-tests#run-tests-automatically-with-the-snyk-web-ui">recurring tests</a>).</p>
<p>When enabled by a <a href="https://docs.snyk.io/snyk-admin/introduction-to-snyk-administration">Snyk Organization administrator</a>, these flows will be backed by a temporary and shallow Git clone of repository contents, helping Snyk perform its security analyses <a href="https://docs.snyk.io/more-info/how-snyk-handles-your-data#how-git-cloning-supports-more-reliable-results">more reliably</a> and <a href="https://docs.snyk.io/more-info/how-snyk-handles-your-data#how-git-cloning-supports-more-accurate-results">more accurately</a>. This capability has particular benefit for customers using SCM integrations at scale, as it protects against a breach of SCM API rate- and content- limits, and improves Snyk’s analysis of very large repos (sometimes referred to as “monorepos”), by surfacing previously unreachable contents.</p>
<p>Be on the lookout for this new capability, scheduled to land in your Snyk Organization in the coming days.</p>
<p>Meanwhile, you can read more <a href="https://docs.snyk.io/more-info/how-snyk-handles-your-data#git-repository-cloning">in the docs</a>.</p></description>
</item>
<item>
<title>Snyk Code Improvements: Java, Javascript, .NET (C#), Ruby, Python</title>
<pubDate>Tue, 26 Sep 2023 00:00:00 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates/2023#Snyk-Code-Improvements-Java,-Javascript,-.NET-(C#),-Ruby,-Python</link>
<guid>https://snyk.gitbook.io/product-updates/2023#Snyk-Code-Improvements-Java,-Javascript,-.NET-(C#),-Ruby,-Python_September_26_2023</guid>
<description><p><b>Improved</b></p><p>Over the next two weeks, we continue to enhance Snyk Code. As a result, the following improvements will be implemented:</p>
<ul>
<li>Java: Improve support for Micronaut and adding support for "unsafe reflection" vulnerabilities. Potential increase in issues, and issues affecting CWE-470</li>
<li>JavaScript: add support for FS/Promise Node.js APIs and sanitizer alignment. Potential increase in issues</li>
<li>.NET (C#): Improved Type Sanitization. Potential decrease in issues</li>
<li>Python: Improvements to sanitizers. Potential decrease in issues</li>
<li>Ruby: Improved support for ActiveRecord. Potential increase in issues</li>
<li>All Languages: Improvement for Path Traversal Sanitizers. Potential decrease in issues affecting CWE-22</li>
</ul>
<p>If you have any questions, please reach out to your account teams.</p></description>
</item>
<item>
<title>Expansion of Malicious Packages Coverage</title>
<pubDate>Wed, 20 Sep 2023 00:00:00 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates/2023#Expansion-of-Malicious-Packages-Coverage</link>
<guid>https://snyk.gitbook.io/product-updates/2023#Expansion-of-Malicious-Packages-Coverage_September_20_2023</guid>
<description><p><b>Improved</b></p><p>We're pleased to announce a significant expansion of the <a href="https://security.snyk.io/">Snyk Vulnerability Database's</a> coverage of malicious packages.</p>
<p>Following our work to mitigate software supply chain attacks, we've added thousands of new malicious packages to the Snyk Vulnerability Database.</p>
<p>As a result, you may notice new Critical severity issues categorized as CWE-506 during your project scans if the newly added malicious packages are detected.</p>
<p>Malicious packages represent a rising threat in software supply chain attacks. We recommend visiting our <a href="https://docs.snyk.io/manage-issues/priorities-for-fixing-issues/malicious-packages">user documentation</a> to stay informed about this crucial security aspect. Here, you can learn more about what malicious packages are, how Snyk detects them, and the recommended actions to take when encountering malicious package issues in your projects.</p></description>
</item>
<item>
<title>Snyk Code Announcement: GA of Kotlin and VB.NET</title>
<pubDate>Tue, 19 Sep 2023 00:00:00 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates/2023#Snyk-Code-Announcement-GA-of-Kotlin-and-VB.NET</link>
<guid>https://snyk.gitbook.io/product-updates/2023#Snyk-Code-Announcement-GA-of-Kotlin-and-VB.NET_September_19_2023</guid>
<description><p><b>Improved</b></p><p>We are excited to announce that on Thursday, September 28th, we will officially launch GA support for Kotlin and VB.NET, enabled for all customers. This milestone is a result of months of development, including feedback from 275 customers who conducted scans, significant enhancements driven by input received through customer calls and support tickets, the assessment of benchmark applications and open-source repositories, as well as a comprehensive review of industry and competitor research findings.</p>
<p>For customers with Kotlin or VB.NET code, please anticipate a potential increase in issues.</p>
<p>If you have any questions, please reach out to your account teams.</p></description>
</item>
<item>
<title>Snyk Container - SBOM Generation CLI Support</title>
<pubDate>Tue, 19 Sep 2023 00:00:00 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates/2023#Snyk-Container-SBOM-Generation-CLI-Support</link>
<guid>https://snyk.gitbook.io/product-updates/2023#Snyk-Container-SBOM-Generation-CLI-Support_September_19_2023</guid>
<description><p><b>Open beta</b></p><p>We're excited to share that Snyk now supports generating CycloneDX/SPDX SBOMs for images using the Snyk Container CLI.</p>
<p>Use the <code>snyk container sbom --format=&lt;cyclonedx1.4+json|cyclonedx1.4+xml|spdx2.3+json&gt; &lt;IMAGE&gt;</code> command to generate SBOM for your image.</p>
<p>This change is available in CLI version <code>1.1226.0</code>.</p>
<p>To learn more, check out our user <a href="https://docs.snyk.io/snyk-cli/commands/sbom">documentation</a>. If you have any questions or feedback, please reach out to your account team.</p></description>
</item>
<item>
<title>Snyk Code Improvements: C#, Java, Python</title>
<pubDate>Fri, 15 Sep 2023 00:00:00 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates/2023#Snyk-Code-Improvements-C#,-Java,-Python</link>
<guid>https://snyk.gitbook.io/product-updates/2023#Snyk-Code-Improvements-C#,-Java,-Python_September_15_2023</guid>
<description><p><b>Improved</b></p><p>Over the next two weeks, we continue to enhance Snyk Code. As a result, the following improvements will be implemented:</p>
<ul>
<li>C#, Java, Python: aligning issue severity across languages for consistency. Customers should expect similar or fewer issues</li>
<li>Java: improving java sanitizers. Customers should expect similar or fewer issues</li>
<li>Java/JSP: re-enabling processing of JSP taglib directives. Customers should expect potential increase in issues (released Wed, 9/27)</li>
</ul>
<p>If you have any questions, please reach out to your account teams.</p></description>
</item>
<item>
<title>Snyk Code Announcement: PHP Improvements</title>
<pubDate>Wed, 13 Sep 2023 00:00:00 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates/2023#Snyk-Code-Announcement-PHP-Improvements</link>
<guid>https://snyk.gitbook.io/product-updates/2023#Snyk-Code-Announcement-PHP-Improvements_September_13_2023</guid>
<description><p><b>Improved</b></p><p>Snyk Code has been at the forefront of PHP static analysis since its launch 2 years ago.</p>
<p>In 2 weeks time we will roll out a new PHP analysis engine that is smarter. From our benchmarks, we expect a similar number of matches overall, but of much higher quality. This is due to three improvements:</p>
<ul>
<li>The new engine is capable of deeper analysis, and so doesn’t use approximations as often. This removes many false positive matches.</li>
<li>Object-orientated code that makes use of classes, methods and properties is analysed much better, adding new correct matches.</li>
<li>Interfile analysis is enabled, which detects vulnerabilities across multiple source files.</li>
</ul>
<p>If you have any questions, please contact support or your account manager.</p></description>
</item>
<item>
<title>Snyk Open Source: Pipenv Git support</title>
<pubDate>Wed, 06 Sep 2023 00:00:00 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates/2023#Snyk-Open-Source-Pipenv-Git-support</link>
<guid>https://snyk.gitbook.io/product-updates/2023#Snyk-Open-Source-Pipenv-Git-support_September_6_2023</guid>
<description><p><b>Open beta</b></p><p>We are very pleased to announce that Snyk Open Source now supports scanning Pipenv projects via Git integrations!</p>
<p>With this update, you can now import your Pipenv projects into the Snyk web UI simply by <a href="https://docs.snyk.io/integrations/git-repository-scm-integrations">connecting</a> your existing Git repositories.</p>
<p>We'll do the hard work of discovering all the dependencies and reporting all related vulnerabilities and licenses.</p>
<p>To get started, head over to the <a href="https://docs.snyk.io/scan-application-code/snyk-open-source/snyk-open-source-supported-languages-and-package-managers/snyk-for-python">docs</a> or just re/import your repos and check out your shiny new Pipenv projects 🤗</p></description>
</item>
<item>
<title>Snyk Code Announcement: GA of Swift and Scala</title>
<pubDate>Tue, 05 Sep 2023 00:00:00 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates/2023#Snyk-Code-Announcement-GA-of-Swift-and-Scala</link>
<guid>https://snyk.gitbook.io/product-updates/2023#Snyk-Code-Announcement-GA-of-Swift-and-Scala_September_5_2023</guid>
<description><p><b>Improved</b></p><p>We are excited to announce that on Wednesday, September 6th, we will officially launch GA support for Swift and Scala, enabled for all customers. This milestone follows substantial improvements driven by valuable feedback from customer support tickets, calls, and improvements through benchmark applications and open-source repositories.</p>
<p>For customers with Swift or Scala code, please anticipate a potential increase in issues.</p>
<p>If you have any questions, please reach out to your account teams.</p></description>
</item>
<item>
<title>SBOM Test APIs</title>
<pubDate>Tue, 05 Sep 2023 00:00:00 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates/2023#SBOM-Test-APIs</link>
<guid>https://snyk.gitbook.io/product-updates/2023#SBOM-Test-APIs_September_5_2023</guid>
<description><p><b>Open beta</b></p><p>We're excited to share that Snyk now supports testing CycloneDX SBOMs for vulnerabilities through a set of async APIs.</p>
<p>Right now this feature is in open beta and support is limited to the npm and Maven ecosystems. Support for additional ecosystems and SPDX are coming soon.</p>
<p>To learn more, check out the <a href="https://apidocs.snyk.io/?version=2023-08-31\~beta#post-/orgs/-org_id-/sbom_tests">API docs</a> and <a href="https://docs.snyk.io/snyk-api/rest-api-endpoints-test-an-sbom-document-for-vulnerabilities">user docs</a>. We look forward to hearing your feedback, so please don't hesitate to reach out to your account team.</p></description>
</item>
<item>
<title>Scheduled Maintenance Complete</title>
<pubDate>Sun, 03 Sep 2023 00:00:00 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates/2023#Scheduled-Maintenance-Complete</link>
<guid>https://snyk.gitbook.io/product-updates/2023#Scheduled-Maintenance-Complete_September_3_2023</guid>
<description><p><b>Fix</b></p><p>The scheduled maintenance on Sunday, September 3rd from 14:30-15:30 UTC has been completed successfully. Snyk's US based instance is now available. More details about the maintenance can be found at <a href="https://status.snyk.io/">status.snyk.io</a>.</p></description>
</item>
<item>
<title>Upcoming Scheduled Maintenance</title>
<pubDate>Thu, 31 Aug 2023 00:00:00 GMT</pubDate>
<link>https://snyk.gitbook.io/product-updates/2023#Upcoming-Scheduled-Maintenance</link>
<guid>https://snyk.gitbook.io/product-updates/2023#Upcoming-Scheduled-Maintenance_August_31_2023</guid>
<description><p><b>Fix</b></p><p>As part of our ongoing commitments to improve the performance and stability of Snyk, we'll be performing scheduled maintenance of our systems on <strong>Sunday, September 3rd</strong> during <strong>14:30-15:30 UTC</strong>. You can check <a href="https://status.snyk.io">status.snyk.io</a> for the latest status.</p>
<p>During this time, Snyk will be completely unavailable for all customers in the US based instance (<a href="https://app.snyk.io">app.snyk.io</a>) <strong>for up to 1 hour</strong>. After the maintenance has been completed, all functionality will return and all historical data will be available. We apologize for any inconvenience this may cause.</p></description>