From e9dfd9bf38fcd24edfc96f69a5f1c9966e1245e0 Mon Sep 17 00:00:00 2001 From: mikeromard Date: Thu, 21 May 2026 10:40:32 -0300 Subject: [PATCH 01/29] reproduced Commit c0c5232 --- .../snyk-2.0-platform-improvements.md | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/discover-snyk/getting-started/snyk-2.0-platform-improvements.md b/discover-snyk/getting-started/snyk-2.0-platform-improvements.md index 504d6d489eec..3d9370b808f9 100644 --- a/discover-snyk/getting-started/snyk-2.0-platform-improvements.md +++ b/discover-snyk/getting-started/snyk-2.0-platform-improvements.md @@ -1,15 +1,15 @@ # Snyk 2.0 platform improvements -## What is Snyk 2.0? +## What is Snyk 2.0? Snyk 2.0 is a series of platform improvements rolling out gradually from April 2026 throughout the year to address navigation complexity, asset visibility, and triage inefficiency. As Snyk completes each component, users will gradually see Snyk platform interface updates. During the transition period, users can toggle between the new and classic interfaces. -| Improvement | Description | Availability | +| Improvement | Description | Availability | | ---------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | --------------------------------------- | -| Navigation | A unified menu with a new scope selector for global search. Context-aware shortcuts reduce common tasks to two or three clicks. | April 2026 (Early Access) May 2026 (GA) | -| Dark mode | Full dark mode across the platform. | In development | +| Navigation | A unified menu with a new scope selector for global search. Context-aware shortcuts reduce common tasks to two or three clicks. | April 2026 (Early Access) July 2026 (GA) | +| Dark mode | Full dark mode across the platform. | In development | | Asset management | View all repositories, containers, configurations, and AI models in a single inventory. Snyk automatically tags assets by team, environment, and deployment status. | In development | -| Issue triage | Using AI, Snyk prioritizes issues based on exploitability, reachability, and business impact. You can use bulk actions to fix similar issues across Snyk Projects. The system learns from your ignore and fix decisions. | In development | +| Issue triage | Snyk prioritizes issues based on exploitability, reachability, and business impact. You can use bulk actions to fix similar issues across Snyk Projects. The system learns from your ignore and fix decisions. | In development | | Settings | A visual policy builder replaces YAML editing. Snyk provides role templates for common team structures and real-time validation before you save. | In development | | Reports | | | @@ -17,7 +17,7 @@ Snyk 2.0 is a series of platform improvements rolling out gradually from April 2 | Feature area | Current use | Snyk 2.0 solution | Status | | --------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------- | -| Navigation |

| |

Closed Beta: April 2026

GA: May 2026

| +| Navigation | | |

Closed Beta: April 2026

GA: July 2026

| | Asset visibility | | | In development | | Issue triage | | | In development | | Policy and settings | Complex and scattered configurations across interfaces and | | In development | @@ -30,9 +30,9 @@ Updates apply automatically. You can toggle between the new and classic interfac To join the Early Access program, contact your Snyk account team. Provide feedback using the in-app form or email [snyk2.0@snyk.io](mailto:snyk2.0@snyk.io). -## How does it impact your workflow? +## How does this impact your workflow? -* **Developers:** Find and fix issues using navigation shortcuts and prioritization. Apply bulk actions to fix similar issues across multiple repositories. Enable dark mode to match your development environment. +* **Developers:** Apply bulk actions to fix similar issues across multiple repositories. Enable dark mode to match your development environment. * **Security teams:** View all assets and associated risks in a unified inventory. Faster mean-time-to-fix using prioritization and bulk actions. Manage policies more easily using the visual builder. * **Administrators:** A simpler setup for roles and permissions using templates. Validate policies in real time before you commit changes. This means better visibility into team activity and easier integration management. @@ -44,7 +44,6 @@ For dedicated support, use [snyk2.0@snyk.io](mailto:snyk2.0@snyk.io). ## Get help -* **Join Early Access:** Contact your account team or email [snyk2.0@snyk.io](mailto:snyk2.0@snyk.io). * **Report issues:** Click the in-app feedback button or email support with "Snyk 2.0" in the subject line. * **Ask questions:** Visit the Snyk Community forum or contact support. From 589ee92f1a5b21ae421b8820e4503cefce550a24 Mon Sep 17 00:00:00 2001 From: mikeromard Date: Thu, 21 May 2026 10:42:22 -0300 Subject: [PATCH 02/29] reproduced Commit 125b12b --- .../event-forwarding/google-security-command-center.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/developer-tools/integrations/event-forwarding/google-security-command-center.md b/developer-tools/integrations/event-forwarding/google-security-command-center.md index 3e1ed533d49a..8d5f9bcd7d50 100644 --- a/developer-tools/integrations/event-forwarding/google-security-command-center.md +++ b/developer-tools/integrations/event-forwarding/google-security-command-center.md @@ -25,7 +25,7 @@ Service Accounts are not available at the Organization level in Google Cloud IAM * **Google** **Cloud:** A Google Cloud organization with Security Command Center enabled. See the Google Cloud [Activate Security Command Center](https://cloud.google.com/security-command-center/docs/activate-scc-for-an-organization) page for more details on how to enable it. * **Google SCC API**: You must [enable the SCC API](https://console.cloud.google.com/apis/library) in the same Project as the Service Account -## Create the Finding Source using the Google Cloud SCC Console +## Create the Finding Source using the Google Cloud SCC Console& * In the SCC console, navigate to **Marketplace** and search for **Snyk**. Alternatively, navigate directly to the [Snyk for SCC marketplace listing](https://console.cloud.google.com/marketplace/product/snyk-marketplace/snyk-google-scc). * Click **SIGN UP WITH PARTNER** to install the Snyk for SCC integration. During this process, you will create a **Findings Source** for Snyk and a **Service Account** with [Security Center Findings Editor](https://cloud.google.com/security-command-center/docs/access-control-org#securitycenter.findingsEditor) permissions. @@ -35,8 +35,8 @@ Service Accounts are not available at the Organization level in Google Cloud IAM The setup process will grant the Snyk Service Account the `Security Center Findings Editor` role on the Project you select. However, how you use Security Command Center determines if an additional step is needed. -* **If you use Google SCC at the Organization level** (most common for businesses): - * You must also add an IAM policy binding at the Organization level. +* **If you use Google SCC at the Organization level** (most common for businesses): + * You must also add an IAM policy binding at the Organization level. * Grant the Snyk Service Account the `Security Center Findings Editor` role there as well. This is required because Snyk posts findings to your Organization's central SCC dashboard. * **If you use Google SCC in a standalone, Project-level mode**: No extra steps are needed. The Project-level permission is sufficient. {% endhint %} @@ -44,7 +44,7 @@ The setup process will grant the Snyk Service Account the `Security Center Findi * Navigate to Google Cloud IAM and locate the **Service Accoun**t you created in the previous step, then [create a service account key](https://cloud.google.com/iam/docs/keys-create-delete#creating) in JSON format. * Make a note of the **Source ID** (Findings Source name) and the **Service Account Ke**y, as you will need to provide them to the Snyk Web UI. -You can then set up the integration in Snyk using the Snyk Web UI or REST API. +You can then set up the integration in Snyk using the Snyk Web UI. ## Set up the integration using the Snyk Web UI From 8d4caf506f0da7dcd65c1d06187026cfc101e4c7 Mon Sep 17 00:00:00 2001 From: mikeromard Date: Thu, 21 May 2026 10:44:00 -0300 Subject: [PATCH 03/29] Reproduced Commit 9777888 --- .../getting-started/snyk-2.0-platform-improvements.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/discover-snyk/getting-started/snyk-2.0-platform-improvements.md b/discover-snyk/getting-started/snyk-2.0-platform-improvements.md index 3d9370b808f9..d657e856db94 100644 --- a/discover-snyk/getting-started/snyk-2.0-platform-improvements.md +++ b/discover-snyk/getting-started/snyk-2.0-platform-improvements.md @@ -6,7 +6,7 @@ Snyk 2.0 is a series of platform improvements rolling out gradually from April 2 | Improvement | Description | Availability | | ---------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | --------------------------------------- | -| Navigation | A unified menu with a new scope selector for global search. Context-aware shortcuts reduce common tasks to two or three clicks. | April 2026 (Early Access) July 2026 (GA) | +| Navigation | A unified menu with a new scope selector for global search. Context-aware shortcuts reduce common tasks to two or three clicks. | April 2026 (Early Access) | | Dark mode | Full dark mode across the platform. | In development | | Asset management | View all repositories, containers, configurations, and AI models in a single inventory. Snyk automatically tags assets by team, environment, and deployment status. | In development | | Issue triage | Snyk prioritizes issues based on exploitability, reachability, and business impact. You can use bulk actions to fix similar issues across Snyk Projects. The system learns from your ignore and fix decisions. | In development | @@ -17,7 +17,7 @@ Snyk 2.0 is a series of platform improvements rolling out gradually from April 2 | Feature area | Current use | Snyk 2.0 solution | Status | | --------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------- | -| Navigation |
  • High friction
  • Six to eight clicks to find specific issues using deep breadcrumb paths.
|
  • Unified menu with a new scope selector.
  • Context-aware shortcuts.
  • Navigation reduced to maximum three clicks.
|

Closed Beta: April 2026

GA: July 2026

| +| Navigation |
  • High friction
  • Six to eight clicks to find specific issues using deep breadcrumb paths.
|
  • Unified menu with a new scope selector.
  • Context-aware shortcuts.
  • Navigation reduced to maximum three clicks.
|

Closed Beta: April 2026

| | Asset visibility |
  • Separate views for Code, containers, and infrastructure
  • Users must check multiple pages to see which applications are affectedby a new vulnerability.
|
  • Unified inventory for all repositories, configurations, and AI models.
  • Ability to tag assets by team, environment, and deployment status.
| In development | | Issue triage | |
  • AI-driven prioritization based on exploitability or reachability.
  • Bulk actions to fix similar problems across Snyk Projects
  • System learns learns from your ignore and fix decisions.
| In development | | Policy and settings | Complex and scattered configurations across interfaces and |
  • Visual policy builder that replaces manual YAML editing A
| In development | From 67e2f4efa8059822bb6a3356ce01c5c0ed548ac6 Mon Sep 17 00:00:00 2001 From: mikeromard Date: Thu, 21 May 2026 10:45:19 -0300 Subject: [PATCH 04/29] Reproduced Commit 6c4bf3c --- ...operating-system-distributions-supported-by-snyk-container.md | 1 + 1 file changed, 1 insertion(+) diff --git a/scan-fix-and-prevent/scan-with-snyk/snyk-container/how-snyk-container-works/operating-system-distributions-supported-by-snyk-container.md b/scan-fix-and-prevent/scan-with-snyk/snyk-container/how-snyk-container-works/operating-system-distributions-supported-by-snyk-container.md index 87d237452109..0f26984b2415 100644 --- a/scan-fix-and-prevent/scan-with-snyk/snyk-container/how-snyk-container-works/operating-system-distributions-supported-by-snyk-container.md +++ b/scan-fix-and-prevent/scan-with-snyk/snyk-container/how-snyk-container-works/operating-system-distributions-supported-by-snyk-container.md @@ -119,6 +119,7 @@ This is the list of supported operating systems and distributions: ## [Ubuntu](https://ubuntu.com/) +* Ubuntu 26.04 - Resolute Raccoon * Ubuntu 25.10 - Questing Quokka * Ubuntu 25.04 - Plucky Puffin * Ubuntu 24.10 - Oracular Oriole From ed6142c7e68e36e17c21b64edd8f667938bebce7 Mon Sep 17 00:00:00 2001 From: mikeromard Date: Thu, 21 May 2026 10:46:28 -0300 Subject: [PATCH 05/29] Reproduced Commit 9cee3a0 --- .../jira-and-slack-integrations/jira-integration.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/developer-tools/integrations/jira-and-slack-integrations/jira-integration.md b/developer-tools/integrations/jira-and-slack-integrations/jira-integration.md index 6c1091bf62ce..b2f79e1b733d 100644 --- a/developer-tools/integrations/jira-and-slack-integrations/jira-integration.md +++ b/developer-tools/integrations/jira-and-slack-integrations/jira-integration.md @@ -21,6 +21,10 @@ If your Jira instance is private, use [the Snyk Broker deployment method](https: It is best practice to set up a new user in Jira for this integration, instead of using the credentials of an existing account. +{% hint style="info" %} +Jira Service Accounts cannot be used to authenticate the integration at this stage. You must use an individual user account with the appropriate permissions. +{% endhint %} + Cloud-hosted Jira implementations require a username and API token authentication. Jira API tokens are generated in [Atlassian API tokens](https://id.atlassian.com/manage/api-tokens). Self-hosted implementations can also authenticate with a username and password. Enter the Jira account credentials in the Snyk Web UI: **Organization Settings > Integrations** page: Base URL, Username/email, and API token. From 0dab5ea10b6d6023cb6762198ba00414e0263390 Mon Sep 17 00:00:00 2001 From: mikeromard Date: Thu, 21 May 2026 10:48:41 -0300 Subject: [PATCH 06/29] Reproduced commit Commit 2befdd6 --- .../snyk-2.0-platform-improvements.md | 26 +++++++------------ 1 file changed, 9 insertions(+), 17 deletions(-) diff --git a/discover-snyk/getting-started/snyk-2.0-platform-improvements.md b/discover-snyk/getting-started/snyk-2.0-platform-improvements.md index d657e856db94..6bb277a22aba 100644 --- a/discover-snyk/getting-started/snyk-2.0-platform-improvements.md +++ b/discover-snyk/getting-started/snyk-2.0-platform-improvements.md @@ -4,25 +4,17 @@ Snyk 2.0 is a series of platform improvements rolling out gradually from April 2026 throughout the year to address navigation complexity, asset visibility, and triage inefficiency. As Snyk completes each component, users will gradually see Snyk platform interface updates. During the transition period, users can toggle between the new and classic interfaces. -| Improvement | Description | Availability | -| ---------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | --------------------------------------- | -| Navigation | A unified menu with a new scope selector for global search. Context-aware shortcuts reduce common tasks to two or three clicks. | April 2026 (Early Access) | -| Dark mode | Full dark mode across the platform. | In development | -| Asset management | View all repositories, containers, configurations, and AI models in a single inventory. Snyk automatically tags assets by team, environment, and deployment status. | In development | -| Issue triage | Snyk prioritizes issues based on exploitability, reachability, and business impact. You can use bulk actions to fix similar issues across Snyk Projects. The system learns from your ignore and fix decisions. | In development | -| Settings | A visual policy builder replaces YAML editing. Snyk provides role templates for common team structures and real-time validation before you save. | In development | -| Reports | | | +| Improvement | Description | Availability | +| ---------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------- | +| Navigation |

A unified menu with a new scope selector.

Context-aware shortcuts reduce common tasks to two or three clicks.

| April 2026 (Early Access) | +| Dark mode | Full dark mode across the platform. | In development | +| Asset management | View all repositories, containers, configurations, and AI models in a single inventory. | In development | +| Issue triage |

Snyk prioritizes issues based on exploitability, reachability, and business impact.

Use bulk actions to fix similar issues across Snyk Projects.

| In development | +| Day2Operations | Snyk 2.0 rduces operational friction between finding a vulnerability and acting on it, through grouped navigation, issue deduplication, and bulk triage actions. | In development | ## What is Snyk 2.0 trying to solve? -| Feature area | Current use | Snyk 2.0 solution | Status | -| --------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------- | -| Navigation |
  • High friction
  • Six to eight clicks to find specific issues using deep breadcrumb paths.
|
  • Unified menu with a new scope selector.
  • Context-aware shortcuts.
  • Navigation reduced to maximum three clicks.
|

Closed Beta: April 2026

| -| Asset visibility |
  • Separate views for Code, containers, and infrastructure
  • Users must check multiple pages to see which applications are affectedby a new vulnerability.
|
  • Unified inventory for all repositories, configurations, and AI models.
  • Ability to tag assets by team, environment, and deployment status.
| In development | -| Issue triage | |
  • AI-driven prioritization based on exploitability or reachability.
  • Bulk actions to fix similar problems across Snyk Projects
  • System learns learns from your ignore and fix decisions.
| In development | -| Policy and settings | Complex and scattered configurations across interfaces and |
  • Visual policy builder that replaces manual YAML editing A
| In development | -| Reports and Analytics | Reports can be difficult to find and categorized. |
  • Improved look and feel for the Analytics section
  • Intuitive grouping and enhanced searchability.
| In development | -| Interface | Light-only UI causing eye strain during long sessions. | Support for dark mode with the ability to sync automatically with system preferences. | In development | +
Feature areaCurrent useSnyk 2.0 solutionStatus
Navigation
  • High friction
  • Six to eight clicks to find specific issues using deep breadcrumb paths.
  • Unified menu with a new scope selector.
  • Context-aware shortcuts.


April 2026 (Early Access)
Asset visibility
  • Separate views for Code, containers, and infrastructure
  • Users must check multiple pages to see which applications are affected by a new vulnerability.
  • Unified inventory for all repositories, configurations, and AI models.
  • Ability to tag assets by team, environment, and deployment status.
In development
Issue triageUsers are experiencing alert overload

  • Issue deduplications across product lines and scan surfaces
  • Bulk actions to fix similar problems across Snyk Projects

In development
Policy and settingsComplex and scattered configurations across interfacesAn intuitive, unified view of the platform's settingsIn development
InterfaceLight-only UI causing eye strain during long sessions.Support for dark mode with the ability to sync automatically with system preferences.In development
## What do you need to do? @@ -30,7 +22,7 @@ Updates apply automatically. You can toggle between the new and classic interfac To join the Early Access program, contact your Snyk account team. Provide feedback using the in-app form or email [snyk2.0@snyk.io](mailto:snyk2.0@snyk.io). -## How does this impact your workflow? +## How will this impact your workflow? * **Developers:** Apply bulk actions to fix similar issues across multiple repositories. Enable dark mode to match your development environment. * **Security teams:** View all assets and associated risks in a unified inventory. Faster mean-time-to-fix using prioritization and bulk actions. Manage policies more easily using the visual builder. From ae87f0e2083dc88e7f736345e9d7a77e4988e7a7 Mon Sep 17 00:00:00 2001 From: mikeromard Date: Thu, 21 May 2026 11:45:46 -0300 Subject: [PATCH 07/29] Reproduced Commit 1aa314b --- developer-tools/.gitbook/assets/rest-spec.json | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/developer-tools/.gitbook/assets/rest-spec.json b/developer-tools/.gitbook/assets/rest-spec.json index 694adb771315..0a882de4eb34 100644 --- a/developer-tools/.gitbook/assets/rest-spec.json +++ b/developer-tools/.gitbook/assets/rest-spec.json @@ -25098,6 +25098,10 @@ ], "description": "Inline configured policy options for determining outcome of this specific test.\n\nIf centrally managed policies are in scope, inline policies are overridden\nby managed policies. Policy references explain which policies were\neffective for test evaluation." }, + "monitor": { + "description": "Indicates whether the test result should be monitored with recurring tests.", + "type": "boolean" + }, "project_business_criticality": { "maxLength": 256, "type": "string" From 5be4c6427d6ea46c4fe35d601a2637a38b6bdd32 Mon Sep 17 00:00:00 2001 From: mikeromard Date: Thu, 21 May 2026 11:47:54 -0300 Subject: [PATCH 08/29] Reproduced Commit 8b4ba54 --- discover-snyk/whats-snyk.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/discover-snyk/whats-snyk.md b/discover-snyk/whats-snyk.md index e625d62fb09f..bf177dee7cde 100644 --- a/discover-snyk/whats-snyk.md +++ b/discover-snyk/whats-snyk.md @@ -1,6 +1,6 @@ # What's Snyk? -Snyk is a platform that allows you to scan, prioritize, and fix security vulnerabilities in your code, open-source dependencies, container images, and infrastructure as code configurations. The Snyk platform uses a risk-based approach, focusing security efforts on issues that matter, and eliminating the noise of vulnerabilities that have no meaningful impact. +Snyk is a platform that allows you to scan, prioritize, and fix security vulnerabilities in your code, open-source dependencies, container images, infrastructure as code configurations, and after your web application or API is live. The Snyk platform uses a risk-based approach, focusing security efforts on issues that matter, and eliminating the noise of vulnerabilities that have no meaningful impact. To manage and govern the security program, Snyk gives security teams immediate visibility into coverage and business context across all application assets, smart policies to automate and scale in large environments, and analytics and reporting to measure the performance of your security program. @@ -12,7 +12,7 @@ To manage and govern the security program, Snyk gives security teams immediate v ## The Snyk developer-first approach -Snyk provides visibility in a developer’s workflow and actionable insights. The benefit is engaging developers in security practices as part of their development work. Thus, the focus is on building a secure application rather than overhead-intensive work, such as putting in hard QA gates. +Snyk provides visibility in a developer’s workflow and actionable insights. The benefit is engaging developers in security practices as part of their development work. Thus, the focus is on building a secure application rather than overhead-intensive work, such as putting in hard quality assurance gates. Developers now assemble applications with a combination of proprietary and open-source code, run that code in containers, and then deploy with infrastructure as code configurations using technologies like Kubernetes and Terraform. @@ -23,6 +23,7 @@ A robust security process secures each component where they are built and mainta * Secure your code: use [Snyk Open Source](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-open-source) to fix vulnerabilities in your open source dependencies and [Snyk Code](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-code) to fix vulnerabilities in your source code. * Secure your containers: use [Snyk Container](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-container) to fix vulnerabilities in container images and Kubernetes applications. * Secure your infrastructure: use [Snyk Infrastructure as Code](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-iac) (IaC) to fix misconfigurations in Terraform, CloudFormation, Kubernetes, and Azure templates. +* Secure your APIs and web applications: use [Snyk API & Web](https://snyk.io/product/dast-api-web/) to discover and test the security of all your APIs and web apps, including those AI-generated. ## Choose how to run Snyk From 9b8f5364c7a24f956fe304ef743b37727ebd273b Mon Sep 17 00:00:00 2001 From: mikeromard Date: Thu, 21 May 2026 11:49:37 -0300 Subject: [PATCH 09/29] Reproduced Commit 52fc230 --- developer-tools/snyk-cli/commands/sbom.md | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/developer-tools/snyk-cli/commands/sbom.md b/developer-tools/snyk-cli/commands/sbom.md index a2537cea953c..459a1ab0a7c6 100644 --- a/developer-tools/snyk-cli/commands/sbom.md +++ b/developer-tools/snyk-cli/commands/sbom.md @@ -10,7 +10,7 @@ The `snyk sbom` feature requires an internet connection. ## Usage -`$ snyk sbom --format= [--org=] [--file=] [--unmanaged] [--dev] [--all-projects] [--name=] [--version=] [--exclude=[,...]] [--detection-depth=] [--prune-repeated-subdependencies|-p] [--maven-aggregate-project] [--scan-unmanaged] [--scan-all-unmanaged] [--sub-project=] [--gradle-sub-project=] [--all-sub-projects] [--configuration-matching=] [--configuration-attributes=[,]] [--init-script=] [--json-file-output=] [--include-provenance] [--go-module-level] []` +`$ snyk sbom --format= [--org=] [--file=] [--unmanaged] [--dev] [--all-projects] [--allow-incomplete-sbom] [--name=] [--version=] [--exclude=[,...]] [--detection-depth=] [--prune-repeated-subdependencies|-p] [--maven-aggregate-project] [--scan-unmanaged] [--scan-all-unmanaged] [--sub-project=] [--gradle-sub-project=] [--all-sub-projects] [--configuration-matching=] [--configuration-attributes=[,]] [--init-script=] [--json-file-output=] [--include-provenance] [--go-module-level] []` ## Description @@ -116,6 +116,19 @@ Default: no limit Prune dependency trees, removing duplicate sub-dependencies. +### `[--allow-incomplete-sbom]` + +Continue generating an SBOM when one or more detected projects fail to resolve, instead of aborting on the first failure. + +Without this option, the `sbom` command fails as soon as any project cannot be resolved and no SBOM is produced (fail-fast). + +With this option: + +- Every detected project is scanned. Projects that resolve successfully contribute their components, including transitive dependencies, to the SBOM. Projects that fail to resolve are excluded from the SBOM and are reported as scan errors. +- The command exits with code `0` even if some projects could not be resolved. If every project fails, the SBOM is still produced but contains zero components. + +This option works in any `sbom` invocation, including single-project scans, `--all-projects`, and `--unmanaged`. It is most useful in multi-project workspaces where a single broken manifest would otherwise prevent generating an SBOM for the rest of the workspace. + ### `[--json-file-output]` Optional. Save the SBOM output as a JSON data structure directly to the specified file. This requires the SBOM `--format` to include `+json`. From 5cff29c3176ae3afb272c4d4719d2e6981458f39 Mon Sep 17 00:00:00 2001 From: mikeromard Date: Thu, 21 May 2026 11:52:35 -0300 Subject: [PATCH 10/29] reproduced Commit d48345a --- .../compatibility-matrix.md | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/developer-tools/snyk-ide-plugins-and-extensions/compatibility-matrix.md b/developer-tools/snyk-ide-plugins-and-extensions/compatibility-matrix.md index 2714a3d68261..ffcd85460f9a 100644 --- a/developer-tools/snyk-ide-plugins-and-extensions/compatibility-matrix.md +++ b/developer-tools/snyk-ide-plugins-and-extensions/compatibility-matrix.md @@ -4,15 +4,15 @@ This matrix shows the compatible CLI version range for each IDE plugin version r | Release Date | IDE Plugin | Compatible CLIs | | ------------ | --------------------------------- | --------------------- | -| 2026-04-13 | JetBrains 2.21.0 | v1.1304.0 - v1.1304.2 | -| 2026-04-13 | Visual Studio 2.9.0 | v1.1304.0 - v1.1304.2 | -| 2026-04-13 | VSCode v2.31.0 | v1.1304.0 - v1.1304.2 | -| 2026-04-13 | Eclipse v3.9.0 (v20260413.115019) | v1.1304.0 - v1.1304.2 | +| 2026-04-13 | JetBrains 2.21.0 | v1.1304.0 - v1.1304.3 | +| 2026-04-13 | Visual Studio 2.9.0 | v1.1304.0 - v1.1304.3 | +| 2026-04-13 | VSCode v2.31.0 | v1.1304.0 - v1.1304.3 | +| 2026-04-13 | Eclipse v3.9.0 (v20260413.115019) | v1.1304.0 - v1.1304.3 | | 2026-03-09 | VSCode v2.30.0 | v1.1303.0 - v1.1303.2 | | 2026-03-02 | Visual Studio 2.8.0 | v1.1303.0 - v1.1303.2 | | 2026-03-02 | VSCode v2.29.0 | v1.1303.0 - v1.1303.2 | | 2026-03-02 | Eclipse v3.8.0 (v20260302.094734) | v1.1303.0 - v1.1303.2 | -| 2026-03-02 | JetBrains 2.20.0 | v1.1304.0 - v1.1304.2 | +| 2026-03-02 | JetBrains 2.20.0 | v1.1304.0 - v1.1304.3 | | 2026-02-05 | VSCode v2.28.1 | v1.1302.0 - v1.1302.1 | | 2026-01-19 | JetBrains 2.19.0 | v1.1302.0 - v1.1302.1 | | 2026-01-19 | Visual Studio 2.7.0 | v1.1302.0 - v1.1302.1 | @@ -37,12 +37,12 @@ This matrix shows the compatible CLI version range for each IDE plugin version r | 2025-07-17 | Visual Studio 2.3.0 | v1.1298.0 - v1.1300.2 | | 2025-07-17 | Eclipse v3.3.0 (v20250717.103834) | v1.1298.0 - v1.1300.2 | | 2025-07-17 | VSCode v2.23.0 | v1.1298.0 - v1.1300.2 | -| 2025-05-26 | JetBrains v2.13.1 | v1.1297.0 - v1.1297.3 | -| 2025-05-16 | Visual Studio 2.2.1 | v1.1297.0 - v1.1297.3 | -| 2025-05-16 | Eclipse v3.2.0 (v20250516.122216) | v1.1297.0 - v1.1297.3 | -| 2025-05-16 | JetBrains v2.13.0 | v1.1297.0 - v1.1297.3 | -| 2025-05-16 | VSCode v2.22.0 | v1.1297.0 - v1.1297.3 | -| 2025-05-16 | Eclipse v3.1.0 (v20250514.173250) | v1.1297.0 - v1.1297.3 | +| 2025-05-26 | JetBrains v2.13.1 | v1.1297.1 - v1.1297.3 | +| 2025-05-16 | Visual Studio 2.2.1 | v1.1297.1 - v1.1297.3 | +| 2025-05-16 | Eclipse v3.2.0 (v20250516.122216) | v1.1297.1 - v1.1297.3 | +| 2025-05-16 | JetBrains v2.13.0 | v1.1297.1 - v1.1297.3 | +| 2025-05-16 | VSCode v2.22.0 | v1.1297.1 - v1.1297.3 | +| 2025-05-16 | Eclipse v3.1.0 (v20250514.173250) | v1.1297.1 - v1.1297.3 | ## Notes From 8d6af37fc5269e608966d943bea07a109ecfad3f Mon Sep 17 00:00:00 2001 From: mikeromard Date: Thu, 21 May 2026 11:53:59 -0300 Subject: [PATCH 11/29] Reproduced Commit 695fe0b --- .../java-and-kotlin/README.md | 1 + .../supported-languages/supported-languages-list/groovy.md | 1 + 2 files changed, 2 insertions(+) diff --git a/discover-snyk/supported-languages-package-managers-and-frameworks/java-and-kotlin/README.md b/discover-snyk/supported-languages-package-managers-and-frameworks/java-and-kotlin/README.md index 3c3d86b6e4c8..8e7f18e389e2 100644 --- a/discover-snyk/supported-languages-package-managers-and-frameworks/java-and-kotlin/README.md +++ b/discover-snyk/supported-languages-package-managers-and-frameworks/java-and-kotlin/README.md @@ -29,6 +29,7 @@ For Java and Kotlin, the following frameworks and libraries are supported: {% column %} * Amazon AWS SDK * Android Standard Library +* Apache Camel * Apache Commons * Apache Tomcat * Apache XML diff --git a/discover-snyk/supported-languages/supported-languages-list/groovy.md b/discover-snyk/supported-languages/supported-languages-list/groovy.md index 3fa333b609df..ea13a610b67a 100644 --- a/discover-snyk/supported-languages/supported-languages-list/groovy.md +++ b/discover-snyk/supported-languages/supported-languages-list/groovy.md @@ -12,6 +12,7 @@ For an overview of the supported security rules, visit [Groovy rules](https://ap For Groovy, Snyk supports the following frameworks and libraries: +* Apache Camel * groovy-cli-picollo * Groovy standard library * groovy-cli-commons From 3695c5b0fdb80f0006a2cdb334129d2e6a812225 Mon Sep 17 00:00:00 2001 From: mikeromard Date: Thu, 21 May 2026 12:05:04 -0300 Subject: [PATCH 12/29] Reproduced Commit 3b8f94e --- .../javascript/README.md | 62 +++++++++++-------- 1 file changed, 35 insertions(+), 27 deletions(-) diff --git a/discover-snyk/supported-languages/supported-languages-list/javascript/README.md b/discover-snyk/supported-languages/supported-languages-list/javascript/README.md index c0f842332460..0678b50f39e1 100644 --- a/discover-snyk/supported-languages/supported-languages-list/javascript/README.md +++ b/discover-snyk/supported-languages/supported-languages-list/javascript/README.md @@ -1,7 +1,7 @@ # JavaScript {% hint style="info" %} -JavaScript is supported for Snyk Code and Snyk Open Source. +JavaScript is supported for Snyk Code and Snyk Open Source. {% endhint %} ## JavaScript for Snyk Code @@ -92,14 +92,12 @@ The following frameworks and libraries are supported: * WebCryptoAPI * xpath * yargs - - {% endcolumn %} {% endcolumns %} ### Supported file formats -The following file formats are supported: `.ejs`, `.es`, `.es6`, `.htm`, `.html`, `.js`, `.jsx`, `.ts`, `.cts`, `.mts`, `.tsx`, `.vue`, `.mjs`, `.cjs`, `.erb` . +The following file formats are supported: `.ejs`, `.es`, `.es6`, `.htm`, `.html`, `.js`, `.jsx`, `.ts`, `.cts`, `.mts`, `.tsx`, `.vue`, `.mjs`, `.cjs`, `.erb` . ### Available features @@ -116,7 +114,7 @@ Snyk supports the following package managers and versions: Supported Lockfile versions: `Lockfile v1`, `Lockfile v2`, `Lockfile v3` * pnpm: `pnpm 7`, `pnpm 8`, `pnpm 9`, `pnpm 10` -* Yarn: `Yarn 1`, `Yarn 2`, `Yarn 3`, `Yarn 4` +* Yarn: `Yarn 1`, `Yarn 2`, `Yarn 3`, `Yarn 4` Snyk's default package registry is [npmjs.org](https://www.npmjs.org/). Private package registries are supported. For more information, visit [Package repository integrations.](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-open-source/package-repository-integrations) @@ -140,14 +138,14 @@ Lerna is partially supported. * Automatic and manual Fix PRs (for npm, pnpm, and Yarn) * License scanning * Reports -* Test your app's SBOM and packages using `pkg:npm` PURLs, using [SBOM test](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/commands/sbom-test) command. +* Test your app's SBOM and packages using `pkg:npm` PURLs, using [SBOM test](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/commands/sbom-test) command. ### Language and package manager considerations {% hint style="info" %} -Only official releases are tracked. Commits, including into the default branch, are not identified unless included in an official release or tag. +Only official releases are tracked. Commits, including into the default branch, are not identified unless included in an official release or tag. -In the case of JavaScript packages this means a release to the npmjs.org package registry. +In the case of JavaScript packages this means a release to the npmjs.org package registry. {% endhint %} #### devDependencies analysis @@ -247,7 +245,7 @@ npm install --lockfile-version=2 ### Support for pnpm -For all supported pnpm versions, the following features are available: +For all supported pnpm versions, the following features are available: * CLI support * SCM support @@ -263,7 +261,7 @@ If the mentioned pnpm lockfile is not present, Snyk treats the Project as an `np #### Lockfile versions -Snyk uses the `pnpm-lock.yaml` lockfile to generate a dependency tree for your Project. +Snyk uses the `pnpm-lock.yaml` lockfile to generate a dependency tree for your Project. The supported lockfile versions are 5.4, 6.x and 9.x, as used by pnpm 7, 8, 9 and 10. @@ -275,9 +273,9 @@ Snyk uses the Yarn lockfile (`yarn.lock`) to generate a representation of Projec The files Snyk relies on to scan a Project may change on version upgrades of the package manager. Snyk lists only versions verified internally as supported. -If you are using a newer version of Yarn than is not listed on this page, it is possible that Snyk performs as expected because Yarn is using a lockfile version that is already supported. That version of Yarn has likely not been evaluated and, thus not added to this page. +If you are using a newer version of Yarn than is not listed on this page, it is possible that Snyk performs as expected because Yarn is using a lockfile version that is already supported. That version of Yarn has likely not been evaluated and, thus not added to this page. -For all supported Yarn versions, the following features are available: +For all supported Yarn versions, the following features are available: * CLI support * SCM support @@ -315,7 +313,7 @@ ls packages | xargs -I PKG_NAME snyk monitor --file=packages/PKG_NAME/package.js The following table lists the steps to start scanning your dependencies. It covers basic commands, such as `snyk test` and `snyk monitor`. For a full list of CLI commands, see the [CLI commands and options summary](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/cli-commands-and-options-summary). -
Package managerGetting startedDescription
npm
  1. Install npm.
  2. Ensure you are in a directory with npm Project files, that is, package.json and package-lock.json.
  3. (Optional) Run npm install.
  4. Run Snyk commands.
  5. (Optional) Run command options for snyk test and snyk monitor.

Snyk analyzes your package-lock.json files to build a dependency tree.

If the package-lock.json is missing, Snyk analyzes your node_modules folder.

Alternatively, run npm install to generate the lockfile first.

pnpm
  1. Install pnpm.
  2. Ensure that you are in a directory with pnpm Project files, that is, package.json or pnpmand pnpm-lock.yaml.
  3. (Optional) Run pnpm install.
  4. Run Snyk commands.
  5. (Optional) Run command options for snyk test and snyk monitor.
Snyk analyzes yourpnpm-lock.yaml files to build a dependency tree.

If the pnpm-lock.yaml is missing, Snyk analyzes your node_modules folder.

Alternatively, run pnpm install to generate the lockfile first.
Yarn
  1. Install Yarn.
  2. Ensure you are in a directory with Yarn Project files, that is, package.json and yarn.lock.
  3. (Optional) Run yarn install
  4. Run Snyk commands.
  5. (Optional) Run command options for snyk test and snyk monitor.

Snyk analyzes your yarn.lock files to build a dependency tree.

If the yarn.lock is missing, Snyk analyzes your node_modules folder.

Alternatively, run yarn install to generate the lockfile first.

+
Package managerGetting startedDescription
npm
  1. Install npm.
  2. Ensure you are in a directory with npm Project files, that is, package.json and package-lock.json.
  3. (Optional) Run npm install.
  4. Run Snyk commands.
  5. (Optional) Run command options for snyk test and snyk monitor.

Snyk analyzes your package-lock.json files to build a dependency tree.

If the package-lock.json is missing, Snyk analyzes your node_modules folder.

Alternatively, run npm install to generate the lockfile first.

pnpm
  1. Install pnpm.
  2. Ensure that you are in a directory with pnpm Project files, that is, package.json or pnpmand pnpm-lock.yaml.
  3. (Optional) Run pnpm install.
  4. Run Snyk commands.
  5. (Optional) Run command options for snyk test and snyk monitor.
Snyk analyzes yourpnpm-lock.yaml files to build a dependency tree.

If the pnpm-lock.yaml is missing, Snyk analyzes your node_modules folder.

Alternatively, run pnpm install to generate the lockfile first.
Yarn
  1. Install Yarn.
  2. Ensure you are in a directory with Yarn Project files, that is, package.json and yarn.lock.
  3. (Optional) Run yarn install
  4. Run Snyk commands.
  5. (Optional) Run command options for snyk test and snyk monitor.

Snyk analyzes your yarn.lock files to build a dependency tree.

If the yarn.lock is missing, Snyk analyzes your node_modules folder.

Alternatively, run yarn install to generate the lockfile first.

### Support for monorepos and workspaces @@ -323,32 +321,42 @@ Yarn, npm, and pnpm support workspaces, to help manage monorepos containing mult #### SCM scanning considerations -Npm workspaces are not explicitly supported in Snyk SCM integrations scans. +Npm workspaces are not explicitly supported in Snyk SCM integrations scans. Root-level `package.json` manifest files with adjacent lockfiles are scanned as normal. + +For nested manifest files with no lockfiles, Snyk approximates what the dependency tree looks like at build time without using the root lockfile. + +Yarn workspaces Projects must have the `package.json` and `yarn.lock` files in the root directory. + +Yarn 1.x workspaces fail to import using SCM and return an `Out of sync package.json and package-lock.json detected` error. This occurs with internal workspace packages when the `yarn.lock` file is at the repository root, but the `package.json` file is in a subdirectory. -* Root-level `package.json` manifest files with adjacent lockfiles are scanned as normal. +As an SCM workaround, in the Snyk web UI, navigate to **Settings** > **Snyk Open Source** > **Languages** > **JavaScript** and clear the checkbox **Require package.json and package-lock.json/yarn.lock files to be in sync**. + +As a workaround using the CLI, use the `--strict-out-of-sync=false` flag to allow testing without causing errors. + +{% hint style="info" %} +Upgrading to Yarn 2+ does not resolve this issue for SCM scans. SCM workspace Projects require both the `package.json` and `yarn.lock` files to be in the root directory. +{% endhint %} - For nested manifest files with no lockfiles, Snyk approximates what the dependency tree looks like at build time without using the root lockfile. +Pnpm workspaces must have the `package.json`, `pnpm-lock.yaml` and `pnpm-workspace.yaml` files in the root directory. -Yarn workspaces projects must have the `package.json` and `yarn.lock` files in the root directory. +Pnpm [workspace protocol](https://pnpm.io/workspaces#workspace-protocol-workspace) is not supported for SCM scans. -Pnpm workspaces must have the `package.json`, `pnpm-lock.yaml` and `pnpm-workspace.yaml` files in the root directory. +Dependencies should be defined explicitly with specific versions, or versions using standard semver. (eg `"foo": "^1.1.0"` ) -* pnpm [workspace protocol](https://pnpm.io/workspaces#workspace-protocol-workspace) is not supported for SCM scans. - * Dependencies should be defined explicitly with specific versions, or versions using standard semver. (eg `"foo": "^1.1.0"` ) - * Dependencies that are defined using workspace protocol for the version (eg `"foo" : "workspace:*"` ) will be listed in SCM scans as undefined version. +Dependencies that are defined using workspace protocol for the version (eg `"foo" : "workspace:*"` ) will be listed in SCM scans as undefined version. -For all workspaces, Fix PRs and Upgrade PRs do not support workspaces lockfile updates. PRs for these projects will update the `package.json` only. +For all workspaces, Fix PRs and Upgrade PRs do not support workspaces lockfile updates. PRs for these Projects will update the `package.json` only. #### CLI scanning considerations Workspaces are supported in the Snyk CLI for the following CLI options: -* `--all-projects` : Discovers and scan all Yarn, npm and pnpm workspaces Projects, along with Projects from other supported ecosystems. The root lock file is referenced when scanning the workspace Projects. -* `--detection-depth` : Specifies how many sub-directory levels to search. -* `--strict-out-of-sync=false` : Allows testing out-of-sync lockfiles for packages in a workspace. When this option is set to `false` , you can run Snyk tests with unsynchronized manifest and lock files without causing errors. -* `--policy-path` : Specifies the path to a policy used by Snyk during testing. +* `--all-projects`: Discovers and scan all Yarn, npm and pnpm workspaces Projects, along with Projects from other supported ecosystems. The root lock file is referenced when scanning the workspace Projects. +* `--detection-depth`: Specifies how many sub-directory levels to search. +* `--strict-out-of-sync=false`: Allows testing out-of-sync lockfiles for packages in a workspace. When this option is set to `false`, you can run Snyk tests with unsynchronized manifest and lock files without causing errors. +* `--policy-path`: Specifies the path to a policy used by Snyk during testing. -#### Examples of scanning workspaces with the CLI +#### Examples of scanning workspaces with the CLI To scan all workspaces Projects in the current directory and five sub-directories deep, plus any other Projects types detected, use the following command: From c44e742bcf0b9d0c3c05d470c23e38f91294e592 Mon Sep 17 00:00:00 2001 From: mikeromard Date: Thu, 21 May 2026 12:06:03 -0300 Subject: [PATCH 13/29] Reproduced Commit 3af4d7a --- .../project-repositories/snyk-repo-content-sync.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scan-fix-and-prevent/scan-with-snyk/project-repositories/snyk-repo-content-sync.md b/scan-fix-and-prevent/scan-with-snyk/project-repositories/snyk-repo-content-sync.md index a40bbad15127..029fa87b37e0 100644 --- a/scan-fix-and-prevent/scan-with-snyk/project-repositories/snyk-repo-content-sync.md +++ b/scan-fix-and-prevent/scan-with-snyk/project-repositories/snyk-repo-content-sync.md @@ -27,7 +27,7 @@ Repo content sync automatically manages your Projects based on changes in your r Push events trigger synchronization using webhooks. Snyk creates a webhook when you initially import a repository. * Manifest, Docker, and configuration files: adding, deleting, or renaming these files triggers an automatic update. You can view details of these actions in your Snyk import logs. -* Exclusions: Snyk respects existing folder exclusions configured using the import flow or `.snyk` files. +* Exclusions: Snyk respects existing folder exclusions configured using the import flow. ## Considerations for Early Access From 4a53c421bb96649aa5584cd267c812b8efef6f76 Mon Sep 17 00:00:00 2001 From: mikeromard Date: Thu, 21 May 2026 12:07:49 -0300 Subject: [PATCH 14/29] Reproduced Commit 3308e3a --- developer-tools/.gitbook/assets/rest-spec.json | 9 --------- developer-tools/snyk-api/changelog.md | 10 ++++++++++ 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/developer-tools/.gitbook/assets/rest-spec.json b/developer-tools/.gitbook/assets/rest-spec.json index 0a882de4eb34..a915016113ce 100644 --- a/developer-tools/.gitbook/assets/rest-spec.json +++ b/developer-tools/.gitbook/assets/rest-spec.json @@ -45682,15 +45682,6 @@ "format": "uuid", "type": "string" } - }, - { - "$ref": "#/components/parameters/StartingAfter" - }, - { - "$ref": "#/components/parameters/EndingBefore" - }, - { - "$ref": "#/components/parameters/Limit" } ], "responses": { diff --git a/developer-tools/snyk-api/changelog.md b/developer-tools/snyk-api/changelog.md index 2edec6c09291..ed3323a87dee 100644 --- a/developer-tools/snyk-api/changelog.md +++ b/developer-tools/snyk-api/changelog.md @@ -1,3 +1,13 @@ +## 2026-03-25 - Updated 2026-05-19 + +### GET - `/orgs/{org_id}/container_import/{integration_id}/policy` - Updated +- deleted the `query` request parameter `ending_before` +![Badge](https://img.shields.io/badge/Breaking-yellow) +- deleted the `query` request parameter `limit` +![Badge](https://img.shields.io/badge/Breaking-yellow) +- deleted the `query` request parameter `starting_after` +![Badge](https://img.shields.io/badge/Breaking-yellow) + ## 2026-03-25 - Updated 2026-05-12 ### GET - `/orgs/{org_id}/issues` - Updated From 1878c7bd5bd54cf8f18ab93782785da271ba87cf Mon Sep 17 00:00:00 2001 From: mikeromard Date: Thu, 21 May 2026 12:09:34 -0300 Subject: [PATCH 15/29] Reproduced Commit e6f6f8f --- developer-tools/snyk-cli/commands/container-monitor.md | 2 +- developer-tools/snyk-cli/commands/container-test.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/developer-tools/snyk-cli/commands/container-monitor.md b/developer-tools/snyk-cli/commands/container-monitor.md index 9f564dbc1613..89ba1938cf75 100644 --- a/developer-tools/snyk-cli/commands/container-monitor.md +++ b/developer-tools/snyk-cli/commands/container-monitor.md @@ -148,7 +148,7 @@ When `app-vulns` is enabled, use the `--nested-jars-depth=n` option to set how m ### `--exclude-base-image-vulns` -Do not show vulnerabilities introduced only by the base image. Works for operating system packages only. Available when using `snyk container test` only. Provided for compatibility with `snyk container test`. Using this option with `snyk container monitor` will not have any effect +Do not show vulnerabilities introduced only by the base image. Works for operating system packages only. ### `--prune-repeated-subdependencies` diff --git a/developer-tools/snyk-cli/commands/container-test.md b/developer-tools/snyk-cli/commands/container-test.md index fe31d2275cba..0e5e16061785 100644 --- a/developer-tools/snyk-cli/commands/container-test.md +++ b/developer-tools/snyk-cli/commands/container-test.md @@ -132,7 +132,7 @@ When `app-vulns` is enabled, use the `--nested-jars-depth=n` option to set how m ### `--exclude-base-image-vulns` -Do not show vulnerabilities introduced only by the base image. Available when using `snyk container test` only. Works for operating system packages only. +Do not show vulnerabilities introduced only by the base image. Works for operating system packages only. ### `--platform=` From b4bd96e5c44484f6aa32ea48a400fdb1ed659aed Mon Sep 17 00:00:00 2001 From: mikeromard Date: Thu, 21 May 2026 12:11:50 -0300 Subject: [PATCH 16/29] Reproduced Commit 8f13226 --- developer-tools/snyk-cli/commands/ignore.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/developer-tools/snyk-cli/commands/ignore.md b/developer-tools/snyk-cli/commands/ignore.md index 98b75a1e432b..e9b3140a0f6e 100644 --- a/developer-tools/snyk-cli/commands/ignore.md +++ b/developer-tools/snyk-cli/commands/ignore.md @@ -79,7 +79,7 @@ Supported formats: Default: 30 days or none if used with `--file-path` -Note: The `expiry` field is not required. If you need a permanent ignore, omit the option. +Note: The `expiry` field is not required, it will use the default if omitted. If you need a permanent ignore, set the expiry to a date far in the future (for example, `9999-01-01`). To ensure that expiration dates are enforced for ignores, you must specify a valid expiration date. The date must be in the Date Time String Javascript format like YYYY-MM-DDThh:mm:ss.fffZ. If the specified expiration date does not adhere to this format, the ignore will be respected and persist indefinitely. From b5fae018f0c50186910446d135317184112a75f6 Mon Sep 17 00:00:00 2001 From: mikeromard Date: Thu, 21 May 2026 12:12:49 -0300 Subject: [PATCH 17/29] Reproduced Commit 3855c19 --- .../snyk-ide-plugins-and-extensions/compatibility-matrix.md | 5 ----- 1 file changed, 5 deletions(-) diff --git a/developer-tools/snyk-ide-plugins-and-extensions/compatibility-matrix.md b/developer-tools/snyk-ide-plugins-and-extensions/compatibility-matrix.md index ffcd85460f9a..7e61b653f411 100644 --- a/developer-tools/snyk-ide-plugins-and-extensions/compatibility-matrix.md +++ b/developer-tools/snyk-ide-plugins-and-extensions/compatibility-matrix.md @@ -38,11 +38,6 @@ This matrix shows the compatible CLI version range for each IDE plugin version r | 2025-07-17 | Eclipse v3.3.0 (v20250717.103834) | v1.1298.0 - v1.1300.2 | | 2025-07-17 | VSCode v2.23.0 | v1.1298.0 - v1.1300.2 | | 2025-05-26 | JetBrains v2.13.1 | v1.1297.1 - v1.1297.3 | -| 2025-05-16 | Visual Studio 2.2.1 | v1.1297.1 - v1.1297.3 | -| 2025-05-16 | Eclipse v3.2.0 (v20250516.122216) | v1.1297.1 - v1.1297.3 | -| 2025-05-16 | JetBrains v2.13.0 | v1.1297.1 - v1.1297.3 | -| 2025-05-16 | VSCode v2.22.0 | v1.1297.1 - v1.1297.3 | -| 2025-05-16 | Eclipse v3.1.0 (v20250514.173250) | v1.1297.1 - v1.1297.3 | ## Notes From 252218af896a744ed3462aa1c5d1cb1c8d7f4aee Mon Sep 17 00:00:00 2001 From: mikeromard Date: Thu, 21 May 2026 12:14:50 -0300 Subject: [PATCH 18/29] Reproduced Commit 4f7aa41 --- .../snyk-container/how-snyk-container-works/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/scan-fix-and-prevent/scan-with-snyk/snyk-container/how-snyk-container-works/README.md b/scan-fix-and-prevent/scan-with-snyk/snyk-container/how-snyk-container-works/README.md index c3952d3374f5..17f9743fec72 100644 --- a/scan-fix-and-prevent/scan-with-snyk/snyk-container/how-snyk-container-works/README.md +++ b/scan-fix-and-prevent/scan-with-snyk/snyk-container/how-snyk-container-works/README.md @@ -41,6 +41,7 @@ Some software components from upstream providers are not installed using a packa * Node.js * OpenJDK 8 binaries +* OpenJDK binaries from Eclipse Temurin distributions ## Recurring container image scans From ff4249d4f79481f2e2595fe4852dbc8fd54d9cf1 Mon Sep 17 00:00:00 2001 From: mikeromard Date: Thu, 21 May 2026 12:16:26 -0300 Subject: [PATCH 19/29] Reproduced Commit 841b4c2 --- ...integration-from-classic-broker-to-universal-broker.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/upgrade-an-organization-integration-from-classic-broker-to-universal-broker.md b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/upgrade-an-organization-integration-from-classic-broker-to-universal-broker.md index 17b18cab86cc..5b72bce6e373 100644 --- a/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/upgrade-an-organization-integration-from-classic-broker-to-universal-broker.md +++ b/platform-administration/implementation-and-setup/enterprise-setup/snyk-broker/universal-broker/upgrade-an-organization-integration-from-classic-broker-to-universal-broker.md @@ -1,10 +1,12 @@ # Upgrade an Organization integration from Classic Broker to Universal Broker {% hint style="info" %} -Universal Broker operators declare their desired deployment model before running any Broker client, specifying what Broker connections to support. Thus the Classic Broker approach of `org->integrations->broker connections` is evolving to be `broker connections -> integration/org`. +Before running a Broker client, Universal Broker operators declare their desired deployment model to specify which Broker connections to support. This changes the Classic Broker approach from `organization > integrations > broker connections` to `broker connections > integration/organization`. + +You do not need to re-import repositories. The migration acts as a token rotation, and Snyk preserves your existing targets and data if your connection settings remain unchanged. {% endhint %} -## Migrating a single Organization +## Migrate a single Organization To upgrade existing Classic Broker integrations to Universal Broker for one Organization at a time: @@ -25,7 +27,7 @@ If you run into issues, you can roll back to the Classic Broker client as long a 2. If any other Classic Broker Organization is left with the same Broker token, after you disconnect the Universal Broker token, use the API endpoint Clone an integration (with settings and credentials) to copy the integration settings from another Organization and reuse the previously used Classic Broker token through the API. 3. If there are no Classic Broker Organizations left with the old Broker token, then after you disconnect the Universal Broker connection, set up a new Classic Brokered connection. Copy the Broker token from the new Brokered connection as a parameter and restart the Broker container. -## Migrating multiple Organizations +## Migrate multiple Organizations The bulk migration workflow allows you to migrate multiple Organizations at the same time. To do this: From f9bc2cefe6e0b681055a266528e3b7a6e0cdf043 Mon Sep 17 00:00:00 2001 From: mikeromard Date: Thu, 21 May 2026 12:47:30 -0300 Subject: [PATCH 20/29] Reproduced Commit c08d79a --- .../.gitbook/assets/rest-spec.json | 185 +++++++++++++++++- developer-tools/snyk-api/changelog.md | 21 ++ 2 files changed, 203 insertions(+), 3 deletions(-) diff --git a/developer-tools/.gitbook/assets/rest-spec.json b/developer-tools/.gitbook/assets/rest-spec.json index a915016113ce..3b1be1b66378 100644 --- a/developer-tools/.gitbook/assets/rest-spec.json +++ b/developer-tools/.gitbook/assets/rest-spec.json @@ -521,6 +521,16 @@ ], "type": "string" }, + "created_at": { + "default": "last", + "enum": [ + "max", + "min", + "first", + "last" + ], + "type": "string" + }, "issues": { "default": "last", "enum": [ @@ -1251,7 +1261,7 @@ } }, "MetaFieldsGroupValues": { - "description": "Meta fields to include in the response. Multiple fields can be specified.\n\nAvailable fields:\n - `count` - Number of assets with this value\n - `last_seen_at` - Aggregated last_seen_at timestamp (default aggregation: last)\n - `updated_at` - Aggregated updated_at timestamp (default aggregation: last)\n - `risk_score` - Aggregated risk score from discovery sources (default aggregation: last)\n - `issues` - Aggregated issue counts (critical, high, medium, low, total) (default aggregation: last)\n - `labels` - Labels across assets (default aggregation: last)\n - `tags` - Tags across assets (default aggregation: last)\n - `built_at` - Aggregated container image build timestamp (default aggregation: last)\n - `all` - Include all available meta fields\n\nAll fields default to the `last` aggregation function, which returns the value\nfrom the asset with the most recent updated_at in the group. Use the `aggregate`\nparameter to override the aggregation function per field.\n\nIf not specified, the meta object is not included in the response.\n\nNote: Requesting meta fields may impact response time as aggregations\nrequire additional computation.\n", + "description": "Meta fields to include in the response. Multiple fields can be specified.\n\nAvailable fields:\n - `count` - Number of assets with this value\n - `created_at` - Aggregated asset creation timestamp (default aggregation: last)\n - `last_seen_at` - Aggregated last_seen_at timestamp (default aggregation: last)\n - `updated_at` - Aggregated updated_at timestamp (default aggregation: last)\n - `risk_score` - Aggregated risk score from discovery sources (default aggregation: last)\n - `issues` - Aggregated issue counts (critical, high, medium, low, total) (default aggregation: last)\n - `labels` - Labels across assets (default aggregation: last)\n - `tags` - Tags across assets (default aggregation: last)\n - `built_at` - Aggregated container image build timestamp (default aggregation: last)\n - `all` - Include all available meta fields\n\nAll fields default to the `last` aggregation function, which returns the value\nfrom the asset with the most recent updated_at in the group. Use the `aggregate`\nparameter to override the aggregation function per field.\n\nIf not specified, the meta object is not included in the response.\n\nNote: Requesting meta fields may impact response time as aggregations\nrequire additional computation.\n", "example": [ "count", "risk_score", @@ -1265,6 +1275,7 @@ "items": { "enum": [ "count", + "created_at", "last_seen_at", "updated_at", "risk_score", @@ -1777,7 +1788,7 @@ } }, "SortGroupValues": { - "description": "Comma-separated sort fields for group values. Prefix with `-` for descending order.\nMultiple sort fields are supported (e.g., `-issues,count`).\nDefaults to `count` (ascending) when not specified.\nResults are always tie-broken by `value` for deterministic ordering.\n\nAvailable sort fields:\n - `value` - Sort by the group value string (alphabetical)\n - `count` - Sort by the number of assets in each group\n - `last_seen_at` - Sort by the aggregated last_seen_at timestamp\n - `updated_at` - Sort by the aggregated updated_at timestamp\n - `risk_score` - Sort by the aggregated risk score\n - `built_at` - Sort by the aggregated container image build timestamp\n - `issues` - Sort by issue severity (critical → high → medium → low)\n", + "description": "Comma-separated sort fields for group values. Prefix with `-` for descending order.\nMultiple sort fields are supported (e.g., `-issues,count`).\nDefaults to `created_at` (ascending) when not specified.\nResults are always tie-broken by `value` for deterministic ordering.\n\nAvailable sort fields:\n - `value` - Sort by the group value string (alphabetical)\n - `count` - Sort by the number of assets in each group\n - `created_at` - Sort by the aggregated created_at timestamp\n - `last_seen_at` - Sort by the aggregated last_seen_at timestamp\n - `updated_at` - Sort by the aggregated updated_at timestamp\n - `risk_score` - Sort by the aggregated risk score\n - `built_at` - Sort by the aggregated container image build timestamp\n - `issues` - Sort by issue severity (critical → high → medium → low)\n", "example": "-count", "in": "query", "name": "sort", @@ -1977,7 +1988,7 @@ "in": "query", "name": "type", "schema": { - "$ref": "#/components/schemas/TypeDef" + "$ref": "#/components/schemas/IssueTypeFilter" }, "style": "form" }, @@ -2563,6 +2574,149 @@ } } }, + "501": { + "content": { + "application/vnd.api+json": { + "schema": { + "additionalProperties": false, + "example": { + "errors": [ + { + "detail": "Permission denied for this resource", + "status": "403" + } + ], + "jsonapi": { + "version": "1.0" + } + }, + "properties": { + "errors": { + "example": [ + { + "detail": "Permission denied for this resource", + "status": "403" + } + ], + "items": { + "additionalProperties": false, + "example": { + "detail": "Not Found", + "status": "404" + }, + "properties": { + "code": { + "description": "An application-specific error code, expressed as a string value.", + "example": "entity-not-found", + "type": "string" + }, + "detail": { + "description": "A human-readable explanation specific to this occurrence of the problem.", + "example": "The request was missing these required fields: ...", + "type": "string" + }, + "id": { + "description": "A unique identifier for this particular occurrence of the problem.", + "example": "f16c31b5-6129-4571-add8-d589da9be524", + "format": "uuid", + "type": "string" + }, + "meta": { + "additionalProperties": true, + "example": { + "key": "value" + }, + "type": "object" + }, + "source": { + "additionalProperties": false, + "example": { + "pointer": "/data/attributes" + }, + "properties": { + "parameter": { + "description": "A string indicating which URI query parameter caused the error.", + "example": "param1", + "type": "string" + }, + "pointer": { + "description": "A JSON Pointer [RFC6901] to the associated entity in the request document.", + "example": "/data/attributes", + "type": "string" + } + }, + "type": "object" + }, + "status": { + "description": "The HTTP status code applicable to this problem, expressed as a string value.", + "example": "400", + "pattern": "^[45]\\d\\d$", + "type": "string" + }, + "title": { + "description": "A short, human-readable summary of the problem that SHOULD NOT change from occurrence to occurrence of the problem, except for purposes of localization.", + "example": "Bad request", + "type": "string" + } + }, + "required": [ + "status", + "detail" + ], + "type": "object" + }, + "minItems": 1, + "type": "array" + }, + "jsonapi": { + "additionalProperties": false, + "example": { + "version": "1.0" + }, + "properties": { + "version": { + "description": "Version of the JSON API specification this server supports.", + "example": "1.0", + "pattern": "^(0|[1-9]\\d*)\\.(0|[1-9]\\d*)$", + "type": "string" + } + }, + "required": [ + "version" + ], + "type": "object" + } + }, + "required": [ + "jsonapi", + "errors" + ], + "type": "object" + } + } + }, + "description": "Not Implemented: The requested operation is not implemented", + "headers": { + "deprecation": { + "$ref": "#/components/headers/DeprecationHeader__0" + }, + "snyk-request-id": { + "$ref": "#/components/headers/RequestIdResponseHeader__0" + }, + "snyk-version-lifecycle-stage": { + "$ref": "#/components/headers/VersionStageResponseHeader__0" + }, + "snyk-version-requested": { + "$ref": "#/components/headers/VersionRequestedResponseHeader__0" + }, + "snyk-version-served": { + "$ref": "#/components/headers/VersionServedResponseHeader__0" + }, + "sunset": { + "$ref": "#/components/headers/SunsetHeader__0" + } + } + }, "503": { "content": { "application/vnd.api+json": { @@ -15112,6 +15266,11 @@ "minimum": 0, "type": "integer" }, + "created_at": { + "description": "Aggregated created_at timestamp across assets in this group.\nThe aggregation function is controlled by the `aggregate[created_at]` parameter (default: last).\nNull if no assets have a created_at value.\n", + "format": "date-time", + "type": "string" + }, "issues": { "$ref": "#/components/schemas/GroupValueIssuesAggregation" }, @@ -16898,6 +17057,20 @@ "example": "issue", "type": "string" }, + "IssueTypeFilter": { + "description": "An issue type to filter issues by.", + "enum": [ + "package_vulnerability", + "license", + "cloud", + "code", + "custom", + "config", + "secrets" + ], + "example": "cloud", + "type": "string" + }, "IssuesCountAttributes": { "example": { "critical": 5, @@ -32927,6 +33100,9 @@ } } } + }, + "501": { + "$ref": "#/components/responses/501" } }, "summary": "Get an issue", @@ -51295,6 +51471,9 @@ } } } + }, + "501": { + "$ref": "#/components/responses/501" } }, "summary": "Get an issue", diff --git a/developer-tools/snyk-api/changelog.md b/developer-tools/snyk-api/changelog.md index ed3323a87dee..d63244e55e7a 100644 --- a/developer-tools/snyk-api/changelog.md +++ b/developer-tools/snyk-api/changelog.md @@ -1,5 +1,26 @@ ## 2026-03-25 - Updated 2026-05-19 +### GET - `/orgs/{org_id}/issues` - Updated +- added the new enum value `secrets` to the `query` request parameter `type` + + + +### GET - `/orgs/{org_id}/issues/{issue_id}` - Updated +- added the non-success response with the status `501` + + + +### GET - `/groups/{group_id}/issues` - Updated +- added the new enum value `secrets` to the `query` request parameter `type` + + + +### GET - `/groups/{group_id}/issues/{issue_id}` - Updated +- added the non-success response with the status `501` + + +## 2026-03-25 - Updated 2026-05-19 + ### GET - `/orgs/{org_id}/container_import/{integration_id}/policy` - Updated - deleted the `query` request parameter `ending_before` ![Badge](https://img.shields.io/badge/Breaking-yellow) From 4145b5cc2cd56cf54f0841ca43dca9793147ca7a Mon Sep 17 00:00:00 2001 From: mikeromard Date: Thu, 21 May 2026 12:49:21 -0300 Subject: [PATCH 21/29] Reproduced Commit 0ad1bf3 --- developer-tools/.gitbook/assets/rest-spec.json | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/developer-tools/.gitbook/assets/rest-spec.json b/developer-tools/.gitbook/assets/rest-spec.json index 3b1be1b66378..c57417d9ef87 100644 --- a/developer-tools/.gitbook/assets/rest-spec.json +++ b/developer-tools/.gitbook/assets/rest-spec.json @@ -27099,6 +27099,14 @@ }, "type": "object" }, + "resolve_uv_options": { + "properties": { + "include_dev_dependencies": { + "type": "boolean" + } + }, + "type": "object" + }, "scm_credentials": { "additionalProperties": false, "description": "The encrypted SCM credentials object passed along from Registry", From 9cbce0c3bc3b4469f8d57c26856b3ec68a787a4e Mon Sep 17 00:00:00 2001 From: mikeromard Date: Thu, 21 May 2026 12:50:19 -0300 Subject: [PATCH 22/29] Reproduced Commit e170cd7 --- .../snyk-ide-plugins-and-extensions/compatibility-matrix.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/developer-tools/snyk-ide-plugins-and-extensions/compatibility-matrix.md b/developer-tools/snyk-ide-plugins-and-extensions/compatibility-matrix.md index 7e61b653f411..d88843c623fb 100644 --- a/developer-tools/snyk-ide-plugins-and-extensions/compatibility-matrix.md +++ b/developer-tools/snyk-ide-plugins-and-extensions/compatibility-matrix.md @@ -37,7 +37,7 @@ This matrix shows the compatible CLI version range for each IDE plugin version r | 2025-07-17 | Visual Studio 2.3.0 | v1.1298.0 - v1.1300.2 | | 2025-07-17 | Eclipse v3.3.0 (v20250717.103834) | v1.1298.0 - v1.1300.2 | | 2025-07-17 | VSCode v2.23.0 | v1.1298.0 - v1.1300.2 | -| 2025-05-26 | JetBrains v2.13.1 | v1.1297.1 - v1.1297.3 | +| 2025-05-26 | JetBrains v2.13.1 | v1.1297.2 - v1.1297.3 | ## Notes From ed6482e8579e51ccf772ff37a33c42007b0d8e48 Mon Sep 17 00:00:00 2001 From: mikeromard Date: Thu, 21 May 2026 13:14:18 -0300 Subject: [PATCH 23/29] Reproduced Commit 4f9c13f --- .../api-endpoints-index-and-tips/README.md | 4 +- discover-snyk/SUMMARY.md | 1 + .../authentication-and-access.md | 10 +- .../connect-your-development-tools.md | 44 +-- .../supported-languages-list/bazel.md | 269 ++++++++++++++++++ discover-snyk/whats-new.md | 190 ++++++------- scan-fix-and-prevent/SUMMARY.md | 3 - .../snyk-open-source/snyk-for-bazel/README.md | 22 -- .../snyk-for-bazel/dep-graph-api.md | 190 ------------- .../example-of-snyk-for-bazel.md | 65 ----- 10 files changed, 392 insertions(+), 406 deletions(-) create mode 100644 discover-snyk/supported-languages/supported-languages-list/bazel.md delete mode 100644 scan-fix-and-prevent/scan-with-snyk/snyk-open-source/snyk-for-bazel/README.md delete mode 100644 scan-fix-and-prevent/scan-with-snyk/snyk-open-source/snyk-for-bazel/dep-graph-api.md delete mode 100644 scan-fix-and-prevent/scan-with-snyk/snyk-open-source/snyk-for-bazel/example-of-snyk-for-bazel.md diff --git a/developer-tools/snyk-api/api-endpoints-index-and-tips/README.md b/developer-tools/snyk-api/api-endpoints-index-and-tips/README.md index d1144717e826..4ba8b53c663a 100644 --- a/developer-tools/snyk-api/api-endpoints-index-and-tips/README.md +++ b/developer-tools/snyk-api/api-endpoints-index-and-tips/README.md @@ -474,7 +474,7 @@ Additional information: [Reachability](https://app.gitbook.com/o/-M4tdxG8qotLgGZ ### [Monitor Dep Graph](../reference/monitor-v1.md) -**More information:** [Dep Graph API (Bazel)](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-open-source/snyk-for-bazel/dep-graph-api) +**More information:** [Dep Graph API (Bazel)](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/L7HyJj9FsK1W4pNt8Gzl/supported-languages/supported-languages-list/bazel#dep-graph-api) ## Organizations (v1) @@ -880,7 +880,7 @@ This endpoint deletes the specified Targets and also deletes all the Projects in ### [Test Dep Graph](../reference/test-v1.md#test-dep-graph) -**More information:** [Dep Graph API](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-open-source/snyk-for-bazel/dep-graph-api) (Bazel);\ +**More information:** [Dep Graph API](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/L7HyJj9FsK1W4pNt8Gzl/supported-languages/supported-languages-list/bazel#dep-graph-api) (Bazel);\ [Unmanaged JavaScript](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/L7HyJj9FsK1W4pNt8Gzl/supported-languages/supported-languages-list/javascript#unmanaged-javascript);\ [Start scanning](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/L7HyJj9FsK1W4pNt8Gzl/scan-with-snyk/start-scanning) diff --git a/discover-snyk/SUMMARY.md b/discover-snyk/SUMMARY.md index b2576f8ea975..b50df865a608 100644 --- a/discover-snyk/SUMMARY.md +++ b/discover-snyk/SUMMARY.md @@ -13,6 +13,7 @@ * [Technical specifications and guidance](supported-languages/technical-specifications-and-guidance.md) * [Supported languages list](supported-languages/supported-languages-list/README.md) * [Apex](supported-languages-package-managers-and-frameworks/apex.md) + * [Bazel](supported-languages/supported-languages-list/bazel.md) * [C/C++](supported-languages/supported-languages-list/c-c++.md) * [COBOL](supported-languages/supported-languages-list/cobol.md) * [Dart and Flutter](supported-languages/supported-languages-list/dart-and-flutter.md) diff --git a/discover-snyk/implementation-and-setup/enterprise-implementation-guide/configure-group-settings-and-policies/authentication-and-access.md b/discover-snyk/implementation-and-setup/enterprise-implementation-guide/configure-group-settings-and-policies/authentication-and-access.md index 0a4b453f54af..133e51cc1ee0 100644 --- a/discover-snyk/implementation-and-setup/enterprise-implementation-guide/configure-group-settings-and-policies/authentication-and-access.md +++ b/discover-snyk/implementation-and-setup/enterprise-implementation-guide/configure-group-settings-and-policies/authentication-and-access.md @@ -4,7 +4,7 @@ {% stepper %} {% step %} -### Configure SSO settings at the Group level +#### Configure SSO settings at the Group level {% hint style="success" %} **Key decision:** Choose between **Open to all** or **Require an invite** based on your security policy and license management needs. @@ -22,7 +22,7 @@ Any identity provider is supported, including tools such as Entra ID, OKTA, and {% endstep %} {% step %} -### Manage user accounts +#### Manage user accounts {% hint style="success" %} **Key decision**: Identify which administrators require Group Admin status and ensure they transition from personal accounts to SSO accounts before the general rollout. @@ -40,7 +40,7 @@ Custom mapping requires Snyk professional services. Contact your account team fo {% endstep %} {% step %} -### (Optional) Provision users with the API +#### (Optional) Provision users with the API {% hint style="success" %} **Key decision**: Determine if you need to pre-allocate users to specific Organizations and roles before their first login to prevent broad default access. @@ -60,7 +60,7 @@ Determine if Snyk pre-defined roles meet your requirements or if you must create {% stepper %} {% step %} -### Review Tenant-level roles +#### Review Tenant-level roles {% hint style="success" %} **Key decision:** Determine if you need centralized oversight across multiple Groups to manage analytics and global user membership. @@ -78,7 +78,7 @@ Features like Snyk Analytics are available only on Enterprise plans. You can swi {% endstep %} {% step %} -### Review Group-level roles +#### Review Group-level roles {% hint style="success" %} **Key decision:** Determine if your team leads can operate with the fixed permissions of an Organization Admin or if they require a restricted custom role. diff --git a/discover-snyk/implementation-and-setup/enterprise-implementation-guide/create-a-template-organization/connect-your-development-tools.md b/discover-snyk/implementation-and-setup/enterprise-implementation-guide/create-a-template-organization/connect-your-development-tools.md index 0f325775eee8..0502bc77db64 100644 --- a/discover-snyk/implementation-and-setup/enterprise-implementation-guide/create-a-template-organization/connect-your-development-tools.md +++ b/discover-snyk/implementation-and-setup/enterprise-implementation-guide/create-a-template-organization/connect-your-development-tools.md @@ -34,7 +34,7 @@ Group level repository discovery video guide {% stepper %} {% step %} -#### Select your SCM platform +**Select your SCM platform** {% hint style="success" %} **Key decision:** Choose the SCM platform that hosts your primary development work and determine if you require **Snyk Broker** for an on-premise connection. @@ -47,7 +47,7 @@ If your SCM is behind a firewall, you must install and configure Snyk Broker to {% endstep %} {% step %} -#### Authenticate the integration +**Authenticate the integration** {% hint style="success" %} **Key decision:** Determine which service account or administrative user will provide the initial OAuth or Personal Access Token (PAT) to ensure the connection remains stable. @@ -59,7 +59,7 @@ If your SCM is behind a firewall, you must install and configure Snyk Broker to {% endstep %} {% step %} -#### Align with your Organization structure +**Align with your Organization structure** {% hint style="success" %} **Key decision:** Decide if you will use a single Group-level integration or if specific Organizations require separate credentials based on your established hierarchy. @@ -89,7 +89,7 @@ If you are using multiple SCMs, Snyk recommends using separate Organizations for {% stepper %} {% step %} -#### Establish granular authentication +**Establish granular authentication** {% hint style="success" %} **Key decision:** Determine if this specific Organization requires a unique access token or a different service account than the one used at the Group level. @@ -104,7 +104,7 @@ Set up your Org-level integrations by navigating in your Organization to the **I {% endstep %} {% step %} -#### Consider specific Snyk Broker tokens +**Consider specific Snyk Broker tokens** {% hint style="success" %} **Key decision:** Identify if this Organization requires a dedicated Snyk Broker token to segment network traffic or satisfy distinct security requirements. @@ -121,7 +121,7 @@ If you are using Azure Repos, Snyk recommends using Universal Broker to avoid Az {% endstep %} {% step %} -#### Define team-specific automation +**Define team-specific automation** {% hint style="success" %} **Key decision:** Decide which PR check behaviors and fix strategies apply to this team’s specific development workflow. @@ -146,7 +146,7 @@ Integrate Snyk with your container registries to import and monitor images for k {% stepper %} {% step %} -### Select your registry provider +#### Select your registry provider {% hint style="success" %} **Key decision:** Identify which container registries (for example, Docker Hub, Amazon ECR, Google Artifact Registry) host your production-ready images and determine if they reside behind a firewall. @@ -159,7 +159,7 @@ If your registry is on-premise or behind a firewall, you must use Snyk Broker to {% endstep %} {% step %} -### Authenticate and authorize +#### Authenticate and authorize {% hint style="success" %} **Key decision:** Use a dedicated service account with read-only permissions to the registry to maintain a stable connection and follow the principle of least privilege. @@ -174,7 +174,7 @@ For Amazon ECR, Snyk recommends using Cross-Account Role authentication for enha {% endstep %} {% step %} -### Configure scan frequency and visibility +#### Configure scan frequency and visibility {% hint style="success" %} **Key decision:** Decide on a monitoring frequency that balances security visibility with your team's remediation capacity. @@ -217,7 +217,7 @@ Configure additional integrations to build a complete inventory of your code-bas {% stepper %} {% step %} -### Access the inventory +#### Access the inventory {% hint style="success" %} **Key decision**: Determine if you have the necessary Group Administrator or **Edit Essentials** permissions to manage the global asset inventory. @@ -231,7 +231,7 @@ To start building your inventory: {% endstep %} {% step %} -### Configure SCM integrations for asset discovery +#### Configure SCM integrations for asset discovery {% hint style="success" %} **Key decision**: Decide whether to use a broad-access service account token to ensure Snyk can discover all repositories across your development teams. @@ -245,7 +245,7 @@ This configuration is specific to asset management and is separate from the Orga {% endstep %} {% step %} -### Define application context and tags +#### Define application context and tags {% hint style="success" %} **Key decision**: Choose which metadata (tags) and application structures are most critical for your risk assessment and reporting. @@ -280,7 +280,7 @@ If you prefer to use helm charts for Broker configuration or are configuring a C {% stepper %} {% step %} -### Determine deployment requirements +#### Determine deployment requirements {% hint style="success" %} **Key decision**: Determine your redundancy strategy. While a single Universal Broker instance can manage multiple integrations, Snyk recommends configuring at least two replicas of the client for high availability. @@ -294,7 +294,7 @@ Before installation, verify your environment: {% endstep %} {% step %} -### Configure the Universal Broker connection +#### Configure the Universal Broker connection {% hint style="success" %} **Key decision**: Choose whether to link the Broker token to the Group level for broad asset discovery or to a specific Organization for isolated team access. Universal Broker uses a CLI tool to dynamically configure connections rather than generating a static Broker token in the UI. @@ -311,13 +311,13 @@ If you are setting up Snyk Essentials for asset management with over 1,000 repos {% endstep %} {% step %} -### Deploy the Broker instance +#### Deploy the Broker instance {% hint style="success" %} **Key decision**: Decide on the deployment method (Docker or Kubernetes) that best fits your internal DevOps standards. {% endhint %} -#### Docker deployment +**Docker deployment** Run the Docker command using the unified `snyk/broker:universal` image and your specific environment variables: @@ -332,7 +332,7 @@ docker run --restart always \ snyk/broker:universal ``` -#### Kubernetes deployment +**Kubernetes deployment** Deploy using the official Snyk Universal Broker Helm chart. Ensure your secrets are stored securely as Kubernetes secrets. @@ -347,7 +347,7 @@ helm pull oci://registry-1.docker.io/snyk/snyk-universal-broker helm install my- {% endstep %} {% step %} -### Verify the connection +#### Verify the connection {% hint style="success" %} **Key decision**: Determine if you need to configure additional environment variables for a proxy server (`HTTPS_PROXY`) or a custom certificate authority (`NODE_EXTRA_CA_CERTS`) to establish the connection out to Snyk. @@ -376,7 +376,7 @@ Enable Snyk Code to activate static application security testing (SAST) for your {% stepper %} {% step %} -### Verify Snyk Code availability +#### Verify Snyk Code availability {% hint style="success" %} **Key decision**: Determine if Snyk Code should be enabled globally for all Organizations or phased in for specific high-priority development teams. @@ -386,7 +386,7 @@ Before enabling Snyk Code, ensure your Snyk license includes SAST capabilities. {% endstep %} {% step %} -### Enable Snyk Code in Settings +#### Enable Snyk Code in Settings {% hint style="success" %} **Key decision**: You must enable Snyk Code before importing your first Projects to ensure Snyk performs a code analysis scan during the initial onboarding. @@ -400,7 +400,7 @@ Snyk Code is disabled by default in new Organizations. If you enable it after yo {% endstep %} {% step %} -### (Optional) Enable Snyk Code at scale using the API +#### (Optional) Enable Snyk Code at scale using the API {% hint style="success" %} **Key decision**: If you are managing dozens or hundreds of Organizations, use the Snyk API to enable Snyk Code programmatically rather than using the web UI. @@ -413,7 +413,7 @@ To enable Snyk Code for multiple Organizations: {% endstep %} {% step %} -### Align with your import strategy +#### Align with your import strategy {% hint style="success" %} **Key decision**: Choose the import method that provides the best resolution for your specific programming languages. diff --git a/discover-snyk/supported-languages/supported-languages-list/bazel.md b/discover-snyk/supported-languages/supported-languages-list/bazel.md new file mode 100644 index 000000000000..83ff82dff847 --- /dev/null +++ b/discover-snyk/supported-languages/supported-languages-list/bazel.md @@ -0,0 +1,269 @@ +# Bazel + +## Applicability + +{% hint style="info" %} +Snyk supports Bazel only for Snyk Open Source. + +Snyk for Bazel provides support for using the [Bazel build and test tool](https://docs.bazel.build/versions/master/bazel-overview.html) with Snyk Open Source. The instructions in this documentation apply to Bazel v 7 only. +{% endhint %} + +Snyk supports testing Projects whose dependencies are managed by Bazel. Snyk recommends testing and monitoring using the Dep Graph API. + +Unlike npm, Bazel does not rely on dependency manifest files or lock files. Instead, you manage build configurations in [BUILD](https://docs.bazel.build/versions/master/build-ref.html#BUILD_files) files using [Starlark](https://docs.bazel.build/versions/master/skylark/language.html), a domain-specific language based on Python 3. + +You manually specify all dependencies (package name, location, and version), including transitive dependencies. Bazel fetches these dependencies during builds. + +Bazel has limited native integration with package registries, such as npmjs.org or Maven Central. You can add Bazel rules to help install dependencies from external registries. + +Because Bazel dependencies are specified as code in BUILD files using Starlark, Snyk cannot easily discover the dependencies from a Project. + +## Dep Graph API + +To secure Bazel Projects, you must use the Snyk Dep Graph API. This API accepts a generic dependency graph and returns a report containing any relevant vulnerabilities for those dependencies. + +### Requirements and considerations + +The Dep Graph API requires specific permissions. If you do not have access, contact Snyk Support. + +You can test Bazel dependencies across any supported ecosystem, except C++, which is not supported by these endpoints. + +Use the Snyk Dep Graph API endpoints [Test Dep Graph](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/reference/test-v1) and [Monitor Dep Graph](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/reference/monitor-v1) to test and monitor dependencies managed by Bazel. The monitor capability allows you to submit a tree for Snyk to monitor for vulnerabilities. + +### Test and monitor dependencies + +To integrate Snyk into your Bazel workflow, follow these steps to manually generate and submit a dependency graph to the Snyk API: + +1. Create a [Dep Graph JSON object](https://github.com/snyk/dep-graph) listing all the dependency packages and versions for each type of dependency (for example, Maven or CocoaPods). +2. Send the Dep Graph JSON object as a POST request to the Test Dep Graph endpoint, along with your [auth token](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/authentication-for-api), as part of a Bazel test rule. +3. Check the API response for pass or fail status and any resulting vulnerabilities. + +For example: + +```bash +curl -X POST 'https://api.snyk.io/v1/test/dep-graph' \ + -H 'Authorization: token {{your token}}' \ + -H 'Content-Type: application/json; charset=utf-8' \ + -d @dep-graph.json +``` + +### Dep Graph JSON syntax + +The Test Dep Graph API accepts a Snyk Dep Graph JSON object. This object describes the root application and the graph of direct and transitive dependencies. + +The [schema](https://github.com/snyk/dep-graph#depgraphdata) for this format is: + +{% code overflow="wrap" fullWidth="false" %} +```json +export interface DepGraphData { + schemaVersion: string; + pkgManager: { + name: string; + version?: string; + repositories?: Array<{ + alias: string; + }>; + }; + pkgs: Array<{ + id: string; + info: { + name: string; + version?: string; + }; + }>; + graph: { + rootNodeId: string; + nodes: Array<{ + nodeId: string; + pkgId: string; + info?: { + versionProvenance?: { + type: string; + location: string; + property?: { + name: string; + }; + }, + labels?: { + [key: string]: string | undefined; + }; + }; + deps: Array<{ + nodeId: string; + }>; + }>; + }; +} +``` +{% endcode %} + +Specific components in the Dep Graph object include: + +* `schemaVersion` - the version of the Dep Graph schema. Set this to `1.2.0`. +* `pkgManager.name` - can be one of `deb`, `gomodules`, `gradle`, `maven`, `npm`, `nuget`, `paket`, `pip`, `rpm`, `rubygems`, or `cocoapods`. +* `pkgs` - an array of objects containing `id`, `name` and `version` of all packages in the Dep Graph. The `id` must be in the form `name@version`. List each of your dependencies in this array, including an item representing the Project itself. +* `graph.nodes` - an array of objects describing the relationships between entries in `pkgs`. This is typically the Project node with all other packages defined as a flat array of direct dependencies in `deps.` +* `graph.rootNodeId` - specifies the `id` of the entry in `graph.nodes` to use as the root node of the graph. Set this to the `nodeId` of the Project node. + +### Dep Graph Test API response + +The Test Dep Graph API returns a JSON object describing any issues (vulnerabilities and licenses) found in the Dep Graph dependencies. + +An example response with a single vulnerability: + +{% code overflow="wrap" %} +```json +{ + "ok": false, + "packageManager": "maven", + "issuesData": { + "SNYK-JAVA-CHQOSLOGBACK-30208": { + "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "alternativeIds": [], + "creationTime": "2017-03-19T14:58:38Z", + "credit": [ + "Unknown" + ], + "cvssScore": 9.8, + "description": "## Overview\n[ch.qos.logback:logback-core](https://mvnrepository.com/artifact/ch.qos.logback/logback-core) is a logback-core module.\n\nAffected versions of this package are vulnerable to Arbitrary Code Execution. A configuration can be ...", + "disclosureTime": "2017-03-13T06:59:00Z", + "exploit": "Not Defined", + "fixedIn": [ + "1.1.11" + ], + "functions": [], + "id": "SNYK-JAVA-CHQOSLOGBACK-30208", + "identifiers": { + "CVE": [ + "CVE-2017-5929" + ], + "CWE": [ + "CWE-502" + ] + }, + "language": "java", + "mavenModuleName": { + "artifactId": "logback-core", + "groupId": "ch.qos.logback" + }, + "modificationTime": "2020-06-12T14:36:56.271247Z", + "moduleName": "ch.qos.logback:logback-core", + "packageManager": "maven", + "packageName": "ch.qos.logback:logback-core", + "patches": [], + "proprietary": false, + "publicationTime": "2017-03-21T15:30:44Z", + "references": [ + { + "title": "GitHub Commit #1", + "url": "https://github.com/qos-ch/logback/commit/f46044b805bca91efe5fd6afe52257cd02f775f8" + }, + { + "title": "GitHub Commit #2", + "url": "https://github.com/qos-ch/logback/commit/979b042cb1f0b4c1e5869ccc8912e68c39f769f9" + }, + { + "title": "Logback News", + "url": "https://logback.qos.ch/news.html" + }, + { + "title": "NVD", + "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5929" + }, + { + "title": "NVD", + "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5929/" + } + ], + "semver": { + "vulnerable": [ + "[, 1.1.11)" + ] + }, + "severity": "high", + "title": "Arbitrary Code Execution" + } + }, + "issues": [ + { + "pkgName": "ch.qos.logback:logback-core", + "pkgVersion": "1.0.13", + "issueId": "SNYK-JAVA-CHQOSLOGBACK-30208", + "fixInfo": {} + } + ], + "org": { + "id": "3e5fe3fe-9181-4f0f-a231-39764485e73f", + "name": "stephen.elson-xnf" + } +} +``` +{% endcode %} + +Specific components in the response object include: + +* `ok` - Boolean value summarizing whether Snyk found any vulnerabilities in the supplied dependencies. You can use this for a quick pass or fail test. +* `issuesData` - a hash of each unique vulnerability found. Each vulnerability contains useful properties, such as `title`, `description`, `identifiers`, `publicationTime`, `severity`, and so on. +* `issues` - an array of mappings from vulnerabilities in `issuesData` to package. This mapping shortens the response length because a vulnerability can apply to multiple packages. + +### Example of dependency mapping for a Bazel Project + +For a Bazel Project with a single dependency on a Maven package, you can specify the dependency as follows: + +```python +maven_jar( + name = "logback-core", + artifact = "ch.qos.logback:logback-core:1.0.13", + sha1 = "dc6e6ce937347bd4d990fc89f4ceb469db53e45e", +) +``` + +Use the provided template to construct the following Dep Graph JSON object: + +```json +{ + "depGraph": { + "schemaVersion": "1.2.0", + "pkgManager": { + "name": "maven" + }, + "pkgs": [ + { + "id": "app@1.0.0", + "info": { + "name": "app", + "version": "1.0.0" + } + }, + { + "id": "ch.qos.logback:logback-core@1.0.13", + "info": { + "name": "ch.qos.logback:logback-core", + "version": "1.0.13" + } + } + ], + "graph": { + "rootNodeId": "root-node", + "nodes": [ + { + "nodeId": "root-node", + "pkgId": "app@1.0.0", + "deps": [ + { + "nodeId": "ch.qos.logback:logback-core@1.0.13" + } + ] + }, + { + "nodeId": "ch.qos.logback:logback-core@1.0.13", + "pkgId": "ch.qos.logback:logback-core@1.0.13", + "deps": [] + } + ] + } + } +} +``` + +This package (`ch.qos.logback:logback-core@1.0.13`) contains a vulnerability described in detail in the resulting JSON response object. \ No newline at end of file diff --git a/discover-snyk/whats-new.md b/discover-snyk/whats-new.md index d446520f9c34..27cf1b9ebfba 100644 --- a/discover-snyk/whats-new.md +++ b/discover-snyk/whats-new.md @@ -27,7 +27,7 @@ The most recent updates include significant changes to the user docs, such as fe * The [Pull Request experience](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/prevent/pull-request-checks/pull-request-experience#pull-request-experience-feature-requirements) documentation has been updated to reflect that if you are using inline comments or Agent Fix, you must now specify a dedicated GitHub account by providing a GitHub Personal Access Token (PAT) in your integration settings. * The [Enterprise implementation guide](implementation-and-setup/enterprise-implementation-guide/) now has embedded video tutorials to guide you in your Enterprise setup as a new user of Snyk. * The [High availability mode](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/snyk-broker/high-availability-mode) from Snyk Broker is now enabled by default. -* The [Container registry sync](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-container/use-snyk-container/sync-your-container-registry) from Snyk Container is now Generally Available. +* The [Container registry sync](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-container/use-snyk-container/sync-your-container-registry) from Snyk Container is now Generally Available. * The [Container registry import policy](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/reference/containerregistryimportpolicy) API was enhanced by refactoring schema names, adding test components, and full CRUD operations. ## March 2026 @@ -134,23 +134,23 @@ The most recent updates include significant changes to the user docs, such as fe December - January 2025 Documentation updates -### December 2025 +#### December 2025 -#### **Snyk API** +**Snyk API** * The API docs navigation was enhanced with additional package-related reference pages (including `ContainerRegistryImagePolicy`). -#### **Snyk Integrations** +**Snyk Integrations** * The [Partner integrations](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/partner-integrations) page has been updated, including additional coverage for Coding Assistants and how they can use Snyk Studio (MCP) in agentic workflows. * [JavaScript](supported-languages/supported-languages-list/javascript/) navigation has been enhanced with better redirect and routing features. -#### **Snyk Studio** +**Snyk Studio** * The [Snyk Studio - Agentic integrations](integrations/snyk-studio-agentic-integrations/) documentation has been updated to provide a clearer explanation of MCP usage and the available Snyk Studio tools. * The [Quickstart guides for Snyk Studio](integrations/snyk-studio-agentic-integrations/quickstart-guides-for-snyk-studio/) were updated with new and refreshed setup guidance, including [Cursor](integrations/snyk-studio-agentic-integrations/quickstart-guides-for-snyk-studio/cursor-guide.md) and [Windsurf](integrations/snyk-studio-agentic-integrations/quickstart-guides-for-snyk-studio/windsurf-guide.md). -#### **Other updates** +**Other updates** * GitHub Cloud App and GitHub Server App have been added to the list of [supported SCMs for Dockerfile analysis](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-container/scan-your-dockerfile#supported-scms-for-dockerfile-analysis). * The `snyk-scm-contributors-count` docs were updated with prerequisites and setup notes. See [snyk-scm-contributors-count](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/scan-and-maintain-projects-using-the-cli/cli-tools/snyk-scm-contributors-count). @@ -158,55 +158,55 @@ The most recent updates include significant changes to the user docs, such as fe * The IaC issue-reporting walkthrough from the 'Getting started with Snyk IaC' page was updated to remove outdated screenshots and copy. * PR template variables were updated on the [Variables list and description](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/fix/snyk-pull-or-merge-requests/customize-pr-templates/variables-list-and-description) page with a new container base image `short name` values for cleaner PR titles and messages. -### November 2025 +#### November 2025 -#### **Snyk Container** +**Snyk Container** * The list of [operated distribution systems supported by Snyk Container](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-container/how-snyk-container-works/operating-system-distributions-supported-by-snyk-container) has been updated with support for Chisel. -#### **Snyk CLI** +**Snyk CLI** * The latest [Snyk CLI version](https://app.gitbook.com/o/-m4tdxg8qotlggznlpfr/s/ieejsxqqu36y0vmfv8zf/snyk-cli/snyk-cli/install-the-snyk-cli) available is v1.1301.0. * The [CLI help](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/fix/prioritize-issues-for-fixing/reachability-analysis#using-reachability-analysis-with-snyk-cli) has been updated with commands for reachability analysis. -#### Snyk IDE +Snyk IDE * The Automated Org Selection feature uses repository context to choose an Organization. Manual configuration overrides this automated selection. If the selection fails, Snyk defaults to your preferred Organization setting. The feature is available for the [Eclipse plugin](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/developer-tools/snyk-ide-plugins-and-extensions/eclipse-plugin/configuration-of-the-eclipse-plugin), the [JetBrains plugin](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/snyk-ide-plugins-and-extensions/jetbrains-plugin/configuration-for-the-snyk-jetbrains-plugin-and-ide-proxy), the [Visual Studio extension](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/developer-tools/snyk-ide-plugins-and-extensions/visual-studio-extension/visual-studio-extension-configuration-environment-variables-and-proxy), and the [Visual Studio Code extension](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/snyk-ide-plugins-and-extensions/visual-studio-code-extension/visual-studio-code-extension-configuration-environment-variables-and-proxy). -#### **Snyk integrations** +**Snyk integrations** * The Amazon Q guide for Snyk Studio now includes [updated instructions](integrations/snyk-studio-agentic-integrations/quickstart-guides-for-snyk-studio/amazon-q-guide.md#install-the-snyk-mcp-server-in-the-amazon-q-ide-extension) for configuring the Snyk MCP Server in VS Code and JetBrains. -#### **Other updates** +**Other updates** * [Reachabilty analysis](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/fix/prioritize-issues-for-fixing/reachability-analysis) has been updated with instructions on how it works and how to use it in both the Snyk Web UI and the Snyk CLI and clear support for specific languages and package managers. * The [Pre-defined roles](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/snyk-platform-administration/user-roles/pre-defined-roles#role-types) documentation has been updated to communicate that the Organization Admin role and associated permissions supersede any Group Member role restrictions. * The [severity condition](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/prevent/policies/security-policies/security-policies-conditions) is now available in Group-level policies. Use this feature to create more granular policies for Snyk Code and Snyk Open Source findings, for example, ignoring a finding or changing its severity. -### October 2025 +#### October 2025 -#### **Snyk API** +**Snyk API** * A new [API migration guide](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/api-end-of-life-eol-process-and-migration-guides/guides-to-migration/v1-reporting-apis-to-export-api-migration-guide) is available to help you migrate from the v1 Reporting API to the REST Exporting API. * The Export API has been improved with the option to [limit the link expiration](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/using-specific-snyk-apis/export-api-specifications-columns-and-filters#data-retention). -#### **Snyk Broker** +**Snyk Broker** * The [Universal Broker](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/reference/universal-broker) release status has transitioned to Generally Available. * The page [Upgrade an Organization from Classic Broker to Universal Broker](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/snyk-broker/universal-broker/upgrade-an-organization-integration-from-classic-broker-to-universal-broker#migrating-multiple-organizations) has been updated with steps to migrate multiple Organizations at a time. -#### **Snyk CLI** +**Snyk CLI** * Snyk CLI now supports uploading files and folders for Snyk Code scanning. The command [`code-test`](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/commands/code-test) has been updated with options reflecting these capabilities. * The latest [Snyk CLI version](https://app.gitbook.com/o/-m4tdxg8qotlggznlpfr/s/ieejsxqqu36y0vmfv8zf/snyk-cli/snyk-cli/install-the-snyk-cli) available is v1.1300.2. -#### **Snyk integrations** +**Snyk integrations** * The list of Snyk MCP quick guides now includes [Devin guide](integrations/snyk-studio-agentic-integrations/quickstart-guides-for-snyk-studio/devin-guide.md), [Factory guide](integrations/snyk-studio-agentic-integrations/quickstart-guides-for-snyk-studio/factory-guide.md), [Factory terminal guide](integrations/snyk-studio-agentic-integrations/quickstart-guides-for-snyk-studio/factory-terminal-ide-guide.md). * The Snyk MCP Server has been rebranded as [Snyk Studio](integrations/snyk-studio-agentic-integrations/). * [SCM integration support for Python](supported-languages/supported-languages-list/python/scm-integrations-and-python.md) has been updated with support for Python 3.14. -#### **Other updates** +**Other updates** * The [Operating system distributions supported by Snyk Container](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-container/how-snyk-container-works/operating-system-distributions-supported-by-snyk-container#minimus) has been updated to include include support for Minimus, Ubuntu 25.10 - Questing Quokka, and Ubuntu 25.04 - Plucky Puffin. * For [Ruby](supported-languages/supported-languages-list/ruby.md), versions 2.3.X are no longer supported. The Ruby-specific versions have been updated to include more version patches. @@ -214,20 +214,20 @@ The most recent updates include significant changes to the user docs, such as fe * You can now label your assets with metadata on repository assets and build artifacts, helping tag, manage security, and group items by features. An asset label differs from an asset tag, which enables key-value tags for structured metadata, allowing for granular filtering, policy creation, and improved system alignment. * [JavaScript for open source](supported-languages/supported-languages-list/javascript/#javascript-for-snyk-open-source) has been updated to include full support for pnpm Projects. -### September 2025 +#### September 2025 -#### **Snyk Container** +**Snyk Container** * The instructions for [installing the Snyk Controller on Amazon Elastic Kubernetes Service (Amazon AKS)](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-container/kubernetes-integration/install-the-snyk-controller/install-the-snyk-controller-on-amazon-elastic-kubernetes-service-amazon-eks#create-an-eks-node-role-for-your-node-group-and-add-the-trust-relationship-for-the-iam-role) have been updated with details for configuring trust relationships for the IAM role. * The list of [operating system distributions supported by Snyk Container](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-container/how-snyk-container-works/operating-system-distributions-supported-by-snyk-container) has been updated to include SUSE Linux Enterprise Server 15.7 and Rocky Linux 10. -#### **Snyk integrations** +**Snyk integrations** * The SCM integration for Bitbucket Data Center/Server now supports the Required Builds feature for granular control over pull requests. To learn more, visit [Required Builds](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/scm-integrations/organization-level-integrations/bitbucket-data-center-server#required-builds). * [GitLab](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/prevent/pull-request-checks/analyze-pr-checks-results#gitlab) is supported for PR check results. This feature blocks merge requests with security issues when the "Pipelines must succeed" setting is enabled. * The Snyk MCP quick guides list has been enriched with the following guides: [Claude Code](integrations/snyk-studio-agentic-integrations/quickstart-guides-for-snyk-studio/claude-code-guide.md), [Continue](integrations/snyk-studio-agentic-integrations/quickstart-guides-for-snyk-studio/continue-guide.md), [JetBrains AI Assistant](integrations/snyk-studio-agentic-integrations/quickstart-guides-for-snyk-studio/jetbrains-ai-assistant.md), [JetBrains Junie](integrations/snyk-studio-agentic-integrations/quickstart-guides-for-snyk-studio/jetbrains-junie.md) -#### **Other updates** +**Other updates** * For Java and Kotlin, the list of [supported Gradle versions](supported-languages-package-managers-and-frameworks/java-and-kotlin/#supported-package-managers-and-package-registries) now includes Gradle 9. * For [Ruby](supported-languages/supported-languages-list/ruby.md), an end-of-support notice has been added to say that starting Oct 1, 2025, Fix PRs are no longer supported for Projects using Ruby versions 3.1.x and lower. The table of supported Ruby versions has also been updated. @@ -237,40 +237,40 @@ The most recent updates include significant changes to the user docs, such as fe * Learn how to resolve duplicated and unenriched assets discovered outside Group and Organization-level SCM integrations. * You can now [exclude specific values](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/prevent/analytics/reports-tab#exclude-filters) when you filter your reports. -### August 2025 +#### August 2025 -#### **Snyk API** +**Snyk API** * The [Export API](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/reference/export) has been enhanced with the project\_target\_file field. * A new dataset for usage events has been added to the [Export API.](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/reference/export) -#### **Snyk CLI** +**Snyk CLI** * [Experimental builds](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/releases-and-channels-for-the-snyk-cli#experimental-builds) information is now available for the CLI releases and channels. * The [AI-BOM](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/commands/aibom) Snyk CLI command is now available with any stable CLI release. * A new Snyk CLI analytics page is now available, providing information about [Essential Operational Analytics](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/snyk-cli-analytics#essential-operational-analytics) and [Optional Usage Analytics](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/snyk-cli-analytics#optional-usage-analytics). -#### **Snyk integrations** +**Snyk integrations** * You can now add the Snyk MCP server to [Goose CLI](integrations/snyk-studio-agentic-integrations/quickstart-guides-for-snyk-studio/gemini-cli-guide-1.md) to secure code generated with agentic workflows through an LLM. * You can now integrate Akamai with the Snyk API & Web to discover and scan your API. See the [API Security](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/partner-integrations#api-security) section under Partner integrations page for more details. * The [Jira Cloud documentation](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/jira-and-slack-integrations/snyk-security-in-jira-cloud-integration) has been updated for parity with the current version. -#### **Other updates** +**Other updates** * A new [Risk exposure report](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/prevent/analytics/reports-tab/exposure-and-coverage-reports#risk-exposure-report) has been released, providing you with a single, consolidated view of your security risks. * The rollout to General Availability has started for the [Pull Request Experience](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/prevent/pull-request-checks/pull-request-experience). * The [Operating system distributions supported by Snyk Container](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-container/how-snyk-container-works/operating-system-distributions-supported-by-snyk-container) now includes Debian 14 - Forky. * Snyk now supports [Ruby versions](supported-languages/supported-languages-list/ruby.md#technical-specifications) 3.3 \[3.3.9] and 3.4 \[3.4.5]. If the Ruby version is not specified in the gemfile, it will default to version 3.1. -### July 2025 +#### July 2025 -#### **Snyk API** +**Snyk API** * The [Export API](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/reference/export) is now available as GA. * The Assets API is now available as Early Access. -#### **Snyk CLI** +**Snyk CLI** * MCP updates: * [Updated the list of supported Snyk security tools into an AI system](integrations/snyk-studio-agentic-integrations/#snyk-studio-tools). @@ -280,29 +280,29 @@ The most recent updates include significant changes to the user docs, such as fe * Added PAT support for [Snyk CLI](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/authenticate-to-use-the-cli). * Added PAT support for Snyk CI/CD integrations ([CircleCI](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/snyk-ci-cd-integrations/circleci-integration-using-a-snyk-orb), [Jenkins](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/snyk-ci-cd-integrations/jenkins-plugin-integration-with-snyk), [Maven](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/snyk-ci-cd-integrations/maven-plugin-integration-with-snyk)). -#### **Snyk Code** +**Snyk Code** * Support for Python, JavaScript and Typescript now includes more frameworks. -#### **Snyk Container** +**Snyk Container** [Operating system distributions supported by Snyk Container](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-container/how-snyk-container-works/operating-system-distributions-supported-by-snyk-container) has been updated to include: SUSE Linux Enterprise (SLE) 15.3+, Red Hat Enterprise Linux 10, and Oracle Linux 10. -#### **Snyk IDE** +**Snyk IDE** * Added PAT support for all [Snyk IDE](https://app.gitbook.com/o/-m4tdxg8qotlggznlpfr/s/ieejsxqqu36y0vmfv8zf/integrations/snyk-ide-plugins-and-extensions/) plugins and extensions. * Added an [IDE Plugin Compatibility Matrix](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/developer-tools/snyk-ide-plugins-and-extensions/compatibility-matrix) for all supported versions. -#### **Snyk integrations** +**Snyk integrations** * [Snyk Agent Fix in the PR](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/prevent/pull-request-checks/pull-request-experience#snyk-agent-fix-in-the-pr) has added support for Bitbucket integrations, still in Early Access. * The [minimum version](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/prevent/pull-request-checks/configure-pull-request-checks) of Bitbucket Server and Bitbucket Data Center required to use the integrations with PR checks has been updated to 7.4 and 8 respectively. -#### **Snyk Open Source** +**Snyk Open Source** [Scan open-source libraries and licenses](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-open-source/scan-open-source-libraries-and-licenses/), [Snyk License Compliance Management](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-open-source/scan-open-source-libraries-and-licenses/snyk-license-compliance-management), and [Fix your vulnerabilities](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-open-source/manage-vulnerabilities/fix-your-vulnerabilities) have been updated with the new **Issues** tab layout. -#### **Other updates** +**Other updates** * A new architecture for user documentation on developer tools is now available. This update groups the main developer tools into a single section and distinctly separates them from the integrations documentation. * [Analytics](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/prevent/analytics/overview-tab) has a fresh new look. @@ -310,15 +310,15 @@ The most recent updates include significant changes to the user docs, such as fe * The [Developer IDE and CLI usage report](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/prevent/analytics/reports-tab/prevention-reports#developer-ide-and-cli-usage-report) has been improved with MCP-related data to provide better visibility into MCP usage. * [Okta custom mapping documentation](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-okta#construct-a-value-expression-that-creates-a-roles-array-to-be-sent-to-snyk) has been updated to clarify handling of the `Arrays.flatten(appuser.snyk_orgs)` value during setup. -### June 2025 +#### June 2025 -#### **Snyk Broker** +**Snyk Broker** * Updated the Snyk Broker documentation to include distinct steps for setting up the [Container Registry Agent with Docker](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/snyk-broker/snyk-broker-container-registry-agent#configuring-and-running-the-container-registry-agent), whether using the Classic or Universal Broker. * Updated the [Using the API to set up Universal Broker](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/snyk-broker/universal-broker/using-the-api-to-set-up-universal-broker/README.md) documentation with a Prerequisites section and clarified that the Snyk Broker App ID differs for each [region](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/ELvljsaLKPkSpffOkmsQ/regional-hosting-and-data-residency#broker-client-urls). * Snyk Learn courses have been integrated into the [Universal Broker](ehttps://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/snyk-broker/universal-broker/) pages. -#### **Other updates** +**Other updates** * [Usage settings](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/snyk-hierarchy/usage-settings) has been updated with the new **Billing and Usage** dashboard, available with the new Snyk Platform Access plan. * [Snyk Platform Access credits](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/ELvljsaLKPkSpffOkmsQ/snyk-platform-access-credits) has been added with brief information on the new Snyk Platform Access plan. @@ -327,131 +327,131 @@ The most recent updates include significant changes to the user docs, such as fe * [Consistent Ignores](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/fix/prioritize-issues-for-fixing/ignore-issues/consistent-ignores-for-snyk-code/) for Snyk Code now fully supports CLI Upload. * The page on Docker Desktop Extension integration has been removed, due to the end of support. -### May 2025 +#### May 2025 -#### **Snyk CLI** +**Snyk CLI** * The `--platform` option was added to the [`container sbom`](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/commands/container-sbom) command. * The MCP information was expanded to [Developer guardrails for agentic workflows](integrations/snyk-studio-agentic-integrations/). -#### **IDE plugins and extensions** +**IDE plugins and extensions** * Information was added to the [JetBrains plugin troubleshooting](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/snyk-ide-plugins-and-extensions/jetbrains-plugin/troubleshooting-for-the-jetbrains-plugin). * Region information was updated on all [IDE pages](https://app.gitbook.com/o/-m4tdxg8qotlggznlpfr/s/ieejsxqqu36y0vmfv8zf/integrations/snyk-ide-plugins-and-extensions/). -#### **Snyk Code** +**Snyk Code** * Legacy ignores can be converted using [bulk ignore conversion](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/fix/prioritize-issues-for-fixing/ignore-issues/consistent-ignores-for-snyk-code/convert-project-scoped-ignores-to-asset-scoped-ignores#bulk-ignore-conversion). * DeepCode AI Fix has a new name: [Snyk Agent Fix](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-code/manage-code-vulnerabilities/fix-code-vulnerabilities-automatically). -#### **Snyk Container** +**Snyk Container** [Configure the integration with Docker Hub](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-container/container-registry-integrations/integrate-with-docker-hub/configure-the-integration-with-docker-hub) has been updated to state that Snyk does not support Organization Access Tokens (OAT). -#### **Snyk Integrations** +**Snyk Integrations** The [Bitbucket Cloud App](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/scm-integrations/organization-level-integrations/bitbucket-cloud-app) and [Jira App](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/jira-and-slack-integrations/snyk-security-in-jira-cloud-integration) integrations are now available in the `SNYK-US-02` environment. -#### **Other updates** +**Other updates** * For [SCM integrations with Python](supported-languages/supported-languages-list/python/scm-integrations-and-python.md), the list of dependencies that are not supported has been updated to include `pip` for Python 2.7 and 3.7. * [Python dependency filtering results](supported-languages/supported-languages-list/python/scm-integrations-and-python.md) have been updated to clarify the conditions in which certain packages and configurations are skipped by SCM scans. * The list of supported package managers has been updated to include `conan`. See [C/C++](supported-languages/supported-languages-list/c-c++.md), [SBOM test](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/commands/sbom-test), [Test an SBOM document for vulnerabilities](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/using-specific-snyk-apis/sbom-apis/rest-api-endpoint-test-an-sbom-document-for-vulnerabilities). * [Instructions for upgrading an Organization integration from Classic Broker to Universal Broker](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/snyk-broker/universal-broker/upgrade-an-organization-integration-from-classic-broker-to-universal-broker) were clarified. -### April 2025 +#### April 2025 -#### **Snyk API** +**Snyk API** * Several APIs have been updated; see the [Changelog](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/changelog). * The navigation in the API section now reflects the use of Authentication and the Changelog for both the V1 and REST APIs. * The [Authentication for API](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/authentication-for-api) page has been updated with region information and clarity on using the bearer token. * The [API endpoints index and tips](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/api-endpoints-index-and-tips) page now has a note about how to find your `org_id`. -#### **Snyk Essentials** +**Snyk Essentials** * [The Inventory Overview tab](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/manage-assets/assets-inventory-layouts) is now available to provide insights and prescriptive guidance to improve your application security. * [The Visibility column](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/manage-assets/assets-inventory-components#visibility) has been added to show the visibility status of your repositories. -#### **Snyk Broker** +**Snyk Broker** Additional updates have been made to the [Universal Broker](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/reference/universal-broker) documentation to clarify the instructions and add details about the use of the APIs. -#### **Snyk CLI** +**Snyk CLI** Information has been added about Snyk support for the Model Context Protocol (MCP) through the [`snyk mcp` experimental CLI command](integrations/snyk-studio-agentic-integrations/usage-analytics.md). -#### **Snyk Code** +**Snyk Code** * [Consistent Ignores ](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/fix/prioritize-issues-for-fixing/ignore-issues/consistent-ignores-for-snyk-code)is now available in Early Access. Your development teams can create ignores that are consistently respected regardless of how and where the test is run and what branch is being tested. * Snyk Code supports gRPC libraries. -#### **Snyk Container** +**Snyk Container** * [Using Custom Base Image Recommendation](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-container/use-snyk-container/use-custom-base-image-recommendations) has been updated with clarifications on how Snyk recommends images. * The list of [Operating system distributions supported by Snyk Container](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-container/how-snyk-container-works/operating-system-distributions-supported-by-snyk-container) has been updated to include Alpine Linux 3.21, Ubuntu 25.04 - Plucky Puffin, and Ubuntu 24.10 - Oracular Oriole. * The section describing the automated integration process for Amazon Elastic Container Registry (ECR) has been removed, as Snyk no longer supports this method. -#### **Snyk Integrations** +**Snyk Integrations** * For the [Jira integration](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/jira-and-slack-integrations/jira-integration#prerequisites-for-jira-integration-with-snyk), Snyk now supports Jira versions 5 to 10. * For [SCM integrations with Gradle](supported-languages-package-managers-and-frameworks/java-and-kotlin/git-repositories-with-maven-and-gradle.md), Snyk now supports `allprojects` and `subprojects` blocks, as well as Spring Boot plugins BOMs. -#### **Other updates** +**Other updates** * DAST scanning is now available with [Snyk API & Web](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/overview#select-scanning-methods), enabling users to discover and test the security of their APIs and web apps, including AI-generated ones. * PR Checks is now available with a General Availability release status. -### March 2025 +#### March 2025 -#### **Snyk Broker** +**Snyk Broker** * The Snyk Broker section has been divided into [Universal Broker](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/snyk-broker/universal-broker) and [Classic Broker](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/snyk-broker/classic-broker) documentation and the [main page](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/snyk-broker/snyk-broker) has been updated. * The Classic Broker installation instructions now include the command to set the `BROKER_SERVER_URL` for [Docker](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/install-and-configure-broker-using-docker) and the `brokerServerUrl` for [Helm](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/install-and-configure-broker-using-helm). -#### **Snyk API** +**Snyk API** * The [V1 API overview](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/v1-api) and [reference](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/reference) are now on the user docs site only. Additional details from Apiary have been added to the V1 reference on the user docs site. The API reference has been removed from the V1 API Apiary site. * A section has been added for [pages that explain how to use specific APIs in depth](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/using-specific-snyk-apis). -#### **Snyk CLI, CI/CD, IDE** +**Snyk CLI, CI/CD, IDE** * [Advanced use of Snyk Container CLI](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/scan-and-maintain-projects-using-the-cli/snyk-cli-for-snyk-container/advanced-use-of-snyk-container-cli) now includes support for scanning Kaniko image archives. * The [support policy for the CI/CD plugins](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/snyk-ci-cd-integrations#support-policy) was updated to align with the CLI support policy. * The Net new issues feature was added to the IDE documentation for [Eclipse](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/dintegrations/snyk-ide-plugins-and-extensions/eclipse-plugin/use-the-snyk-plugin-to-secure-your-eclipse-projects#net-new-issues-versus-all-issues), [JetBrains](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/snyk-ide-plugins-and-extensions/jetbrains-plugin/run-an-analysis-with-the-jetbrains-plugin#net-new-issues-versus-all-issues), [Visual Studio](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/snyk-ide-plugins-and-extensions/visual-studio-extension/view-analysis-results-from-visual-studio-extension#net-new-issues-versus-all-issues), and [Visual Studio Code](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/snyk-ide-plugins-and-extensions/visual-studio-code-extension/view-analysis-results-from-visual-studio-code-extension#net-new-issues-versus-all-issues), and [troubleshooting information](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/snyk-ide-plugins-and-extensions/troubleshooting-ides/net-new-issues-delta-scan-troubleshooting) was added. -#### **Snyk Code** +**Snyk Code** * The Generated Pull Requests report is now available in Early Access. This report provides an overview of how Fix, Backlog, and Upgrade PRs are used and highlights the efficiency of PR merges. * [The Pull Request Experience](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/prevent/pull-request-checks/pull-request-experience) now supports GitLab and Azure Repos SCM integrations, with a few [limitations](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/prevent/pull-request-checks/pull-request-experience#inline-comments). * New Snyk Code filters and columns were added to [Snyk Reports](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/prevent/analytics/reports-tab/issue-columns-dictionary#issue-characteristics) and [Snowflake Data Share](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/prevent/analytics/reports-tab/reporting-and-bi-integrations-snowflake-data-share/data-share-data-dictionary): File Path, Code Region, and Asset Finding ID. * Snyk Code now supports [Rust](supported-languages/supported-languages-list/rust.md) and [Groovy](supported-languages/supported-languages-list/groovy.md) available in Early Access and accessible from Snyk Preview. -#### Snyk Essentials +**Snyk Essentials** * A new feature is now available in Snyk Essentials, introducing a new type of [asset tag](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/prevent/policies/assets-policies#asset-tagging) known as GitHub custom properties. * [Asset tags](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/manage-assets/assets-inventory-components#tags) have been redefined and are now clearly separated into system tags and user-defined tags. -#### **Snyk Integrations** +**Snyk Integrations** * The [GitHub Server App](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/scm-integrations/organization-level-integrations/github-server-app) has moved into General Availability. * The [Jira integration documentation](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/jira-and-slack-integrations/jira-integration#prerequisites-for-jira-integration-with-snyk) has been updated to state that Snyk supports version 5 to version 9. -#### **Other updates** +**Other updates** * The PCI-DSS v4.0.1 report is now available in Early Access. This report leverages Snyk scan results to assess, prove, and improve readiness for PCI-DSS AppSec compliance regarding SCA and SAST vulnerabilities. * The [Repositories Tested in CI/CD report](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/prevent/analytics/reports-tab/prevention-reports#repositories-tested-in-ci-cd-report) is available in Early Access. This report tracks Snyk CI/CD testing to prevent vulnerable production deployments. * [Severity levels](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/fix/prioritize-issues-for-fixing/severity-levels#why-are-there-multiple-cvss-scores-for-the-same-vulnerability) now provide more details about the CVSS v4.0. -### February 2025 +#### February 2025 -#### Snyk Essentials +**Snyk Essentials** * The Integrations UI at the Group level has been enhanced to improve readability and actionability and provide inline instructions and inline profile helpers. * Group-level [Integrations documentation](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/integrate-with-snyk#integrations-syncing-time) has been updated with new, more accurate sync times. * The [asset filter](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/prevent/policies/assets-policies/create-policies) documentation has been consolidated into one section, and it now links to all relevant areas, such as Inventory and Asset Policy filters. -#### Other updates +**Other updates** * A new [Automated Provisioning guide](implementation-and-setup/enterprise-setup/auto-provisioning-guide.md) has been created for **Pilot** and **Enterprise** **users**, detailing the steps of the auto-provisioning process for new and existing user accounts. * [Snyk Code PR Checks](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/prevent/pull-request-checks/configure-pull-request-checks#configure-for-code-analysis-click-to-expand) are in General Availability. @@ -464,13 +464,13 @@ Information has been added about Snyk support for the Model Context Protocol (MC December - January 2024 Documentation updates -### December 2024 and January 2025 +#### December 2024 and January 2025 -#### **Snyk Container** +**Snyk Container** * Page "Integrate with Docker Desktop Extension" has been updated to include an end-of-support notice. Effective June 20, 2025, the integration with Docker Desktop will no longer receive updates or technical support. -#### **Snyk CLI and IDEs** +**Snyk CLI and IDEs** * [Eclipse IDE](https://app.gitbook.com/o/-m4tdxg8qotlggznlpfr/s/ieejsxqqu36y0vmfv8zf/integrations/snyk-ide-plugins-and-extensions/eclipse-plugin/) major update * [Visual Studio IDE](https://app.gitbook.com/o/-m4tdxg8qotlggznlpfr/s/ieejsxqqu36y0vmfv8zf/integrations/snyk-ide-plugins-and-extensions/visual-studio-extension/) major update @@ -478,20 +478,18 @@ Information has been added about Snyk support for the Model Context Protocol (MC * [Snyk images EOL policy updated](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/developer-tools/snyk-ci-cd-integrations/snyk-images-and-eol-image-policy) * [`snyk container test`](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/commands/container-test) and [`snyk container monitor`](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/commands/container-monitor) option `--exclude-node-modules` added -#### **Other updates** +**Other updates** * [Snyk Admin](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/snyk-platform-administration/snyk-admin) pages have been updated to reflect the addition of [Tenants](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/snyk-hierarchy/tenant) in the Snyk hierarchy, including a new infographic to illustrate the Tenant position in the [hierarchy](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/snyk-hierarchy/groups-and-organizations#the-snyk-hierarchy). -### November 2024 +#### November 2024 -#### **Snyk Essentials** - -#### **Snyk Container** +**Snyk Container** * The list of [operating system distributions supported by Snyk Container](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-container/how-snyk-container-works/operating-system-distributions-supported-by-snyk-container) has been updated to include Ubuntu 24.10 - Oracular Oriole and Ubuntu 24.04 - Noble Numbat 04. * [How Snyk Container works](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-container/how-snyk-container-works) has been updated with details on the logic Snyk applies when providing public base image recommendations. -#### **Other updates** +**Other updates** * The Pull Request Checks section has been updated to include the new [Pull Request Experience](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/prevent/pull-request-checks/pull-request-experience) for PR Checks. * The [Supported languages](supported-languages/supported-languages-package-managers-and-frameworks.md) page has been reorganized to provide detailed information about language availability for each Snyk product. Additionally, it provides a list of package managers, frameworks, and features for each supported language. @@ -500,13 +498,13 @@ Information has been added about Snyk support for the Model Context Protocol (MC * The [Developer IDE and CLI usage report](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/prevent/analytics/reports-tab/prevention-reports#developer-ide-and-cli-usage-report) has been enhanced with additional functionalities: **Developer email address** and **PDF export**. * The [Vulnerabilities Detail report](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/prevent/analytics/reports-tab/remediation-reports#vulnerabilities-detail-report) has been enhanced with additional functionalities, such as **Target indication** and **Column picker**. -### October 2024 +#### October 2024 -#### **Snyk API** +**Snyk API** * [Asset inventory components](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/manage-assets/assets-inventory-components#clusters) has been updated to include details on clusters. -#### **Snyk CLI and IDEs** +**Snyk CLI and IDEs** * The [CLI authentication page](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/authenticate-to-use-the-cli) has been updated for the OAuth 2.0 protocol. * The page [Debugging the Snyk CLI](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/debugging-the-snyk-cli) has been added. @@ -514,75 +512,73 @@ Information has been added about Snyk support for the Model Context Protocol (MC * IDE Eclipse[ plugin](https://app.gitbook.com/o/-m4tdxg8qotlggznlpfr/s/ieejsxqqu36y0vmfv8zf/integrations/snyk-ide-plugins-and-extensions/eclipse-plugin/) and [JetBrains plugin](https://app.gitbook.com/o/-m4tdxg8qotlggznlpfr/s/ieejsxqqu36y0vmfv8zf/integrations/snyk-ide-plugins-and-extensions/jetbrains-plugin/) documentation pages have been updated. * [Authentication information](https://app.gitbook.com/o/-m4tdxg8qotlggznlpfr/s/ieejsxqqu36y0vmfv8zf/integrations/snyk-ide-plugins-and-extensions/) has been updated for all IDEs. -#### **Snyk Integrations** +**Snyk Integrations** * [Snowflake Data Share](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/prevent/analytics/reports-tab/reporting-and-bi-integrations-snowflake-data-share) is now in [GA](getting-started/snyk-release-process.md). * [Snyk SCM integrations](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/scm-integrations/organization-level-integrations) has been updated with additional notices relating to repository retrieval and permission or scope modifications after initial configuration. * GitHub Cloud App has been added to feature support notices for Fix, Backlog, and Upgrade PRs. * Snyk SCM integrations has been updated to include a table detailing the [permissions and scopes](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/scm-integrations/user-permissions-and-access-scopes#github-cloud-app-permission-requirements) required for the GitHub Cloud App. -#### **Other updates** +**Other updates** * [Getting started](getting-started/README.md) has been updated to centralize content related to everything you need to know before using Snyk. * Scanning methods have been added for the [Dart and Flutter](supported-languages/supported-languages-list/dart-and-flutter.md) languages. -### September 2024 +#### September 2024 -#### Snyk API +**Snyk API** * A prerequisites section has been added to the Group level of [GitHub integration](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/scm-integrations/organization-level-integrations/github-enterprise#prerequisites), and more details about the [Pull personal repositories](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/scm-integrations/group-level-integrations/github-for-snyk-essentials) option have been added to the same documentation page. * The [Set up Insights](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/fix/prioritize-issues-for-fixing/set-up-insights) section was updated to emphasize the risk factors availability for each integration option. * The Snyk Runtime Sensor has been updated to reflect the importance of adopting it to achieve the most effective integration and to access its continuously expanded set of features. -#### Snyk Broker +**Snyk Broker** The Universal Broker feature is now available in Early Access. The Universal Broker separates deployment and container concerns from connection concerns. It allows for a smaller or a single deployment to support numerous connections of varied types. -#### Snyk CLI +**Snyk CLI** * The [CLI commands and options summary](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/cli-commands-and-options-summary) was updated. * [Authentication](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/authenticate-to-use-the-cli) has been updated. * Configuration has been updated: Environment variables for Snyk CLI, [`snyk config`](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/commands/config) help, [`snyk config environment`](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/commands/config-environment) help. -#### Snyk Integrations +**Snyk Integrations** The Snowflake Data Share section has been updated to include a [Data Share Dictionary](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/prevent/analytics/reports-tab/reporting-and-bi-integrations-snowflake-data-share/data-share-data-dictionary), designed to help you navigate and build your dataset. -#### Other updates +**Other updates** * The updated [Regional hosting and data residency](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/ELvljsaLKPkSpffOkmsQ/regional-hosting-and-data-residency) page was published. * [Glossary](getting-started/glossary.md) terms were updated for SCA, SAST, DAST, and IAST as well as Software Composition Analysis. * [Early Access](getting-started/snyk-release-process.md#early-access) release status notices were updated. -### August 2024 +#### August 2024 -#### Snyk API +**Snyk API** * Links in the API reference docs have been updated. * The [API endpoints index and notes](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/api-endpoints-index-and-tips) have been updated. -#### Snyk Essentials - -#### Snyk CLI +**Snyk CLI** * [`snyk auth`](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/commands/auth) command help updated to reflect OAuth default. * [CLI authentication](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/authenticate-to-use-the-cli) instructions updated for OAuth default and improved flow. * [`snyk config environment`](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/commands/config-environment) command help has been added. * CLI [support for pnpm added](supported-languages/supported-languages-list/javascript/#support-for-pnpm). -#### Snyk IDE +**Snyk IDE** * [CLI authentication](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/authenticate-to-use-the-cli) instructions updated for IDE. * IDE authentication instructions updated: [Eclipse](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/snyk-ide-plugins-and-extensions/eclipse-plugin/authentication-for-the-eclipse-plugin), [Jetbrains](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/snyk-ide-plugins-and-extensions/jetbrains-plugin/authentication-for-the-jetbrains-plugins), [VS extension](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/snyk-ide-plugins-and-extensions/visual-studio-extension/authentication-for-visual-studio-extension), [VS Code extension](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/snyk-ide-plugins-and-extensions/visual-studio-code-extension/authentication-for-visual-studio-code-extension) -#### **Snyk Integrations** +**Snyk Integrations** * Git repository cloning has been renamed [Workspaces for SCM integrations](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/scm-integrations/workspaces) to better reflect its functionality. Additional detail on [enablement](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/scm-integrations/workspaces#manage-workspaces) has been added. * The [relationship](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/scm-integrations/organization-level-integrations/github-cloud-app#how-to-set-up-the-github-cloud-app) between GitHub organizations and Snyk Organizations when integrating with the GitHub Cloud App has been clarified. -### July 2024 +#### July 2024 -#### **Snyk API** +**Snyk API** * The API documentation now provides the API Reference and explanatory documentation in the [API section](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/snyk-api). * The [API End of Life (EOL) process and migration guides](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/api-end-of-life-eol-process-and-migration-guides) are now published and updated to support the process, which began in July. @@ -594,7 +590,7 @@ The Snowflake Data Share section has been updated to include a [Data Share Dicti * [OpsLevel](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/scm-integrations/application-context-for-scm-integrations#opslevel) * [Datadog Service Catalog](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/scm-integrations/application-context-for-scm-integrations#datadog-service-catalog) -#### Snyk Integrations +**Snyk Integrations** * A comparison of the GitHub and GitHub Enterprise integrations functions now resides on the [SCM, IDE, and CI/CD integrations](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/scm-integrations#github-vs-github-enterprise) page. * Steps for [migrating from the GitHub integration to the GitHub Enterprise integration](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/developer-tools/scm-integrations/organization-level-integrations/github#migrate-to-the-github-enterprise-integration) now reside on the GitHub integration page. @@ -604,7 +600,7 @@ The Snowflake Data Share section has been updated to include a [Data Share Dicti * [User permissions and access scope requirements](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/scm-integrations/user-permissions-and-access-scopes) for each SCM integration * Instructions on how to generate [integrated SCM tokens for Snyk Broker](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/scm-integrations/scm-integrations-and-snyk-broker#integrated-scm-tokens-for-classic-broker) -#### **Other updates** +**Other updates** * **Snyk Reports:** The [issue column dictionary](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/prevent/analytics/reports-tab/issue-columns-dictionary#issue-vulnerability-details) includes new filters and columns for Jira (JIRA ISSUES LIST, LATEST JIRA ISSUE) and EPSS (EPSS SCORE, EPSS PERCENTILE). This allows you to manage your work with Jira and to include EPSS in your prioritization steps. * **Snyk Security:** Snyk has improved the prioritization workflow and risk assessment by adopting [CVSS V4.0](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/fix/prioritize-issues-for-fixing/severity-levels#severity-levels-and-cvss) as the default evaluation for new vulnerabilities. diff --git a/scan-fix-and-prevent/SUMMARY.md b/scan-fix-and-prevent/SUMMARY.md index a18299e1c194..6dfe9ee27f41 100644 --- a/scan-fix-and-prevent/SUMMARY.md +++ b/scan-fix-and-prevent/SUMMARY.md @@ -46,9 +46,6 @@ * [Snyk Vulnerability Database](scan-with-snyk/snyk-open-source/manage-vulnerabilities/snyk-vulnerability-database.md) * [Differences in Open Source vulnerability counts across environments](scan-with-snyk/snyk-open-source/manage-vulnerabilities/differences-in-open-source-vulnerability-counts-across-environments.md) * [Troubleshoot fixing vulnerabilities with Snyk Open Source](scan-with-snyk/snyk-open-source/manage-vulnerabilities/troubleshoot-fixing-vulnerabilities-with-snyk-open-source.md) - * [Snyk for Bazel](scan-with-snyk/snyk-open-source/snyk-for-bazel/README.md) - * [Dep Graph API](scan-with-snyk/snyk-open-source/snyk-for-bazel/dep-graph-api.md) - * [Example of Snyk for Bazel](scan-with-snyk/snyk-open-source/snyk-for-bazel/example-of-snyk-for-bazel.md) * [Snyk Code](scan-with-snyk/snyk-code/README.md) * [Snyk Code Local Engine](scan-with-snyk/snyk-code/snyk-code-local-engine.md) * [Configure Snyk Code](scan-with-snyk/snyk-code/configure-snyk-code.md) diff --git a/scan-fix-and-prevent/scan-with-snyk/snyk-open-source/snyk-for-bazel/README.md b/scan-fix-and-prevent/scan-with-snyk/snyk-open-source/snyk-for-bazel/README.md deleted file mode 100644 index 7c9aac0c2dc9..000000000000 --- a/scan-fix-and-prevent/scan-with-snyk/snyk-open-source/snyk-for-bazel/README.md +++ /dev/null @@ -1,22 +0,0 @@ -# Snyk for Bazel - -{% hint style="info" %} -**Feature availability**\ -Snyk for Bazel provides support for using the [Bazel build and test tool](https://docs.bazel.build/versions/master/bazel-overview.html) with Snyk Open Source. The instructions in this documentation apply to Bazel v 7 only. -{% endhint %} - -## Applicability - -Snyk for Bazel is supported only for Snyk Open Source. - -Snyk supports testing Projects that have their dependencies managed by Bazel. The recommended approach is to test and monitor using the [Dep Graph API](dep-graph-api.md). While you can use Bazel for many languages including C++, the Dep Graph endpoints do not support C++. - -## Bazel compared to package managers - -Bazel does not have dependency manifest files or lock files that package managers such as npm have. Instead, build configuration is managed in [BUILD](https://docs.bazel.build/versions/master/build-ref.html#BUILD_files) files, using [Starlark](https://docs.bazel.build/versions/master/skylark/language.html), a domain-specific language based on Python3. - -You must often manually specify all dependencies (package name, location, and version), including transitive dependencies, which can then be fetched by Bazel during builds. - -Bazel has limited native integration with package registries such as npmjs.org or Maven Central. Some Bazel rules can be added to help with installing dependencies from external registries, for example, [from Maven](https://docs.bazel.build/versions/master/external.html#maven-artifacts-and-repositories). - -Because Bazel dependencies are specified as code in BUILD files using Starlark, Snyk cannot easily discover the dependencies from a Project. For detailed informaiton about testing and monitoring Bazel Projects using Snyk, see the [Dep Graph API](dep-graph-api.md) and [Example of Snyk for Bazel](example-of-snyk-for-bazel.md) pages. diff --git a/scan-fix-and-prevent/scan-with-snyk/snyk-open-source/snyk-for-bazel/dep-graph-api.md b/scan-fix-and-prevent/scan-with-snyk/snyk-open-source/snyk-for-bazel/dep-graph-api.md deleted file mode 100644 index 1f9bd9f89c51..000000000000 --- a/scan-fix-and-prevent/scan-with-snyk/snyk-open-source/snyk-for-bazel/dep-graph-api.md +++ /dev/null @@ -1,190 +0,0 @@ -# Dep Graph API - -{% hint style="info" %} -**Feature availability**\ -The Snyk API is available only with Enterprise plans. For more information, see [plans and pricing](https://snyk.io/plans/). -{% endhint %} - -The Dep Graph API requires additional permissions. [Contact Snyk Support](https://support.snyk.io) to request access. - -To test and monitor dependencies managed by [Bazel](./), it is recommended that you use the Snyk Dep Graph API endpoints [Test Dep Graph](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/reference/test-v1#test-dep-graph) and [Monitor Dep Graph](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/reference/monitor-v1). The monitor capability allows customers to submit a tree for Snyk to monitor for vulnerabilities. While you can use Bazel for many languages including C++, the Dep Graph endpoints do not support C++. - -Follow these basic steps: - -1. For each type of dependency, for example, Maven, Cocoapods, create a [Dep Graph JSON object](https://github.com/snyk/dep-graph) listing all the dependency packages and versions. See [Example of Snyk for Bazel](example-of-snyk-for-bazel.md). -2. As part of a Bazel test rule, send the Dep Graph JSON object as a POST request to the endpoint [Test Dep Graph](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/reference/test-v1#test-dep-graph), along with your [auth token](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/authentication-for-api). An example curl request follows: - - ``` - curl -X POST 'https://api.snyk.io/v1/test/dep-graph' \ - -H 'Authorization: token {{your token}}' \ - -H 'Content-Type: application/json; charset=utf-8' \ - -d @dep-graph.json - ``` -3. Check the API response for pass/fail status and any resulting vulnerabilities. - -## How the Test Dep Graph API works - -The Test Dep Graph API takes a generic dependency graph and returns a report containing any relevant vulnerabilities for those dependencies. - -The supported package managers and repository ecosystems are listed in the [Test Dep Graph](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/reference/test-v1#test-dep-graph) and [Monitor Dep Graph](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/reference/monitor-v1) documentation. - -Any of your Bazel dependencies that are available in the supported ecosystems can be tested using the Snyk API. - -## Snyk Dep Graph JSON syntax - -The Test Dep Graph API takes a [Snyk Dep Graph](https://github.com/snyk/dep-graph) JSON object describing the root application and the graph of direct and transitive dependencies. - -The [schema](https://github.com/snyk/dep-graph#depgraphdata) for this format is as follows: - -{% code overflow="wrap" fullWidth="false" %} -```java -export interface DepGraphData { - schemaVersion: string; - pkgManager: { - name: string; - version?: string; - repositories?: Array<{ - alias: string; - }>; - }; - pkgs: Array<{ - id: string; - info: { - name: string; - version?: string; - }; - }>; - graph: { - rootNodeId: string; - nodes: Array<{ - nodeId: string; - pkgId: string; - info?: { - versionProvenance?: { - type: string; - location: string; - property?: { - name: string; - }; - }, - labels?: { - [key: string]: string | undefined; - }; - }; - deps: Array<{ - nodeId: string; - }>; - }>; - }; -} -``` -{% endcode %} - -Further notes on specific components in the Dep Graph object follow: - -* `schemaVersion` - the version of the Dep Graph schema. Set this to `1.2.0`. -* `pkgManager.name` - can be one of `deb`, `gomodules`, `gradle`, `maven`, `npm`, `nuget`, `paket`, `pip`, `rpm`, `rubygems`, or `cocoapods`. -* `pkgs` - an array of objects containing `id`, `name`and`version` of all packages in the Dep Graph. Note that the `id` must be in the form `name@version`. List each of your dependencies in this array, including an item representing the Project itself. -* `graph.nodes` - an array of objects describing the relationships between entries in `pkgs`. This is typically the Project node with all other packages defined as a flat array of direct dependencies in `deps.` -* `graph.rootNodeId` - specifies the `id` of the entry in `graph.nodes` to use as the root node of the graph. Set this to the `nodeId` of the Project node. - -## Snyk Dep Graph Test API response - -The Test Dep Graph API returns a JSON object describing any issues (vulnerabilities and licenses) found in the Dep Graph dependencies. - -An example response with a single vulnerability follows: - -{% code overflow="wrap" %} -```java -{ - "ok": false, - "packageManager": "maven", - "issuesData": { - "SNYK-JAVA-CHQOSLOGBACK-30208": { - "CVSSv3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "alternativeIds": [], - "creationTime": "2017-03-19T14:58:38Z", - "credit": [ - "Unknown" - ], - "cvssScore": 9.8, - "description": "## Overview\n[ch.qos.logback:logback-core](https://mvnrepository.com/artifact/ch.qos.logback/logback-core) is a logback-core module.\n\nAffected versions of this package are vulnerable to Arbitrary Code Execution. A configuration can be ...", - "disclosureTime": "2017-03-13T06:59:00Z", - "exploit": "Not Defined", - "fixedIn": [ - "1.1.11" - ], - "functions": [], - "id": "SNYK-JAVA-CHQOSLOGBACK-30208", - "identifiers": { - "CVE": [ - "CVE-2017-5929" - ], - "CWE": [ - "CWE-502" - ] - }, - "language": "java", - "mavenModuleName": { - "artifactId": "logback-core", - "groupId": "ch.qos.logback" - }, - "modificationTime": "2020-06-12T14:36:56.271247Z", - "moduleName": "ch.qos.logback:logback-core", - "packageManager": "maven", - "packageName": "ch.qos.logback:logback-core", - "patches": [], - "proprietary": false, - "publicationTime": "2017-03-21T15:30:44Z", - "references": [ - { - "title": "GitHub Commit #1", - "url": "https://github.com/qos-ch/logback/commit/f46044b805bca91efe5fd6afe52257cd02f775f8" - }, - { - "title": "GitHub Commit #2", - "url": "https://github.com/qos-ch/logback/commit/979b042cb1f0b4c1e5869ccc8912e68c39f769f9" - }, - { - "title": "Logback News", - "url": "https://logback.qos.ch/news.html" - }, - { - "title": "NVD", - "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5929" - }, - { - "title": "NVD", - "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5929/" - } - ], - "semver": { - "vulnerable": [ - "[, 1.1.11)" - ] - }, - "severity": "high", - "title": "Arbitrary Code Execution" - } - }, - "issues": [ - { - "pkgName": "ch.qos.logback:logback-core", - "pkgVersion": "1.0.13", - "issueId": "SNYK-JAVA-CHQOSLOGBACK-30208", - "fixInfo": {} - } - ], - "org": { - "id": "3e5fe3fe-9181-4f0f-a231-39764485e73f", - "name": "stephen.elson-xnf" - } -} -``` -{% endcode %} - -Further notes on specific components in the response object follow: - -* `ok` - Boolean value summarizing whether Snyk found any vulnerabilities in the supplied dependencies. You can use this for a quick pass or fail test. -* `issuesData` - a hash of each unique vulnerability found. Each vulnerability contains many useful properties, such as `title`, `description`, `identifiers`, `publicationTime`, `severity`, and so on. -* `issues` - a simple array of mappings from vulnerabilities in `issuesData` to package. As a vulnerability may be relevant to multiple packages, this mapping is used to keep the response length as short as possible. diff --git a/scan-fix-and-prevent/scan-with-snyk/snyk-open-source/snyk-for-bazel/example-of-snyk-for-bazel.md b/scan-fix-and-prevent/scan-with-snyk/snyk-open-source/snyk-for-bazel/example-of-snyk-for-bazel.md deleted file mode 100644 index c701b5dc96dd..000000000000 --- a/scan-fix-and-prevent/scan-with-snyk/snyk-open-source/snyk-for-bazel/example-of-snyk-for-bazel.md +++ /dev/null @@ -1,65 +0,0 @@ -# Example of Snyk for Bazel - -{% hint style="info" %} -See [Manually creating a Dep Graph from Bazel Java project](https://github.com/snyk/bazel-simple-app) for a full example of a Bazel Java project and the corresponding Snyk Dep Graph object. -{% endhint %} - -For a simple Bazel Project with a single dependency on a Maven package, you may specify the dependency like this: - -``` -maven_jar( - name = "logback-core", - artifact = "ch.qos.logback:logback-core:1.0.13", - sha1 = "dc6e6ce937347bd4d990fc89f4ceb469db53e45e", -) -``` - -From this, you could construct the following Dep Graph JSON object: - -``` -{ - "depGraph": { - "schemaVersion": "1.2.0", - "pkgManager": { - "name": "maven" - }, - "pkgs": [ - { - "id": "app@1.0.0", - "info": { - "name": "app", - "version": "1.0.0" - } - }, - { - "id": "ch.qos.logback:logback-core@1.0.13", - "info": { - "name": "ch.qos.logback:logback-core", - "version": "1.0.13" - } - } - ], - "graph": { - "rootNodeId": "root-node", - "nodes": [ - { - "nodeId": "root-node", - "pkgId": "app@1.0.0", - "deps": [ - { - "nodeId": "ch.qos.logback:logback-core@1.0.13" - } - ] - }, - { - "nodeId": "ch.qos.logback:logback-core@1.0.13", - "pkgId": "ch.qos.logback:logback-core@1.0.13", - "deps": [] - } - ] - } - } -} -``` - -This particular package (`ch.qos.logback:logback-core@1.0.13`) contains a vulnerability described in detail in the resulting JSON response object. From c8edc70cdcde7ed44f53ca3cc64b9073b80dbc4d Mon Sep 17 00:00:00 2001 From: mikeromard Date: Thu, 21 May 2026 13:27:45 -0300 Subject: [PATCH 24/29] Reproduced Commit ba8796f --- .../enable-automatic-fix-prs.md | 57 ++++++++----------- 1 file changed, 23 insertions(+), 34 deletions(-) diff --git a/scan-fix-and-prevent/scan-with-snyk/pull-requests/snyk-pull-or-merge-requests/enable-automatic-fix-prs.md b/scan-fix-and-prevent/scan-with-snyk/pull-requests/snyk-pull-or-merge-requests/enable-automatic-fix-prs.md index 41d550df9ab2..7bb2105671fb 100644 --- a/scan-fix-and-prevent/scan-with-snyk/pull-requests/snyk-pull-or-merge-requests/enable-automatic-fix-prs.md +++ b/scan-fix-and-prevent/scan-with-snyk/pull-requests/snyk-pull-or-merge-requests/enable-automatic-fix-prs.md @@ -5,25 +5,21 @@ The automatic Fix PRs feature is supported for the following SCM integrations: GitHub, GitHub Enterprise, GitHub Cloud App, Bitbucket Server, Bitbucket Cloud, Bitbucket Connect, GitLab, and Azure Repos. -The automatic Fix PR settings may vary depending on the integration. +The automatic Fix PR settings can vary depending on the integration. {% endhint %} The following rules are applied to the creation of automatic PRs for vulnerabilities: -* Pull requests are created based on the **Test & Automated Pull Request Frequency** notification setting. -* If you select **Retest now** for the Project, a scan runs manually. The 24-hour window is marked as having had the scan run. and no automatic PR is created until the next automated scan runs. +* Pull requests are created based on the **Test & Automated Pull Request Frequency** setting, which you can configure from the Project details page, by navigating to **Settings**. +* If you click **Retest now** for a Project, a manual scan runs. The 24-hour window is marked as having had the scan run, and no automatic PR is created until the next automated scan. * One pull request is created per Project. * A new vulnerability is a vulnerability in the current recurring scan that was not present in the previous scan of the same Project. * If either the vulnerability is new and has a fix available or the fix is new and is not ignored, a Fix PR can be created. -* Fixing a vulnerability by upgrading a package may sometimes introduce a new vulnerability. Snyk will only automatically create such a pull request if the fixed vulnerabilities are a higher severity than any new ones introduced. +* Fixing a vulnerability by upgrading a package may sometimes introduce a new vulnerability. Snyk will only automatically create a pull request if the fixed vulnerabilities are of a higher severity than any new ones introduced. For known vulnerabilities, visit [Configure Automatic Backlog PRs.](enable-automatic-backlog-prs-for-previously-known-vulnerabilities.md) -
Test & Automated Pull Request Frequency setting

Test & Automated Pull Request Frequency setting

- -To determine when your last 24-hour window began, check the Project issue card for **Snapshot taken by recurring test** and check your email for **\[snyk] Vulnerability alert** for specific scan results: - -
Snapshot taken by recurring test 16 hours ago

Snapshot taken by recurring test 16 hours ago

+To determine when your last 24-hour window began, check the Project issue card for **Snapshot taken by recurring test**, and check your email for **\[snyk] Vulnerability alert** for specific scan results. Pull requests for new vulnerabilities are enabled by default for new integrations. @@ -31,51 +27,44 @@ Visit the [Git repository SCM integrations](https://app.gitbook.com/o/-M4tdxG8qo ## Enable or disable pull requests for an integration -Follow these steps to enable pull requests at the global integration level: +Follow these steps to enable pull requests at the global integration level in an Organization: -1. Navigate to **Settings** > **Integrations**. +1. From the Project details page, navigate to the **Settings** tab > **Integrations**. 2. Select an SCM integration, for example, GitHub. -3. Enable **New vulnerabilities** and click **Save.** - -**Apply changes to all overridden Projects** will update all of the individual Project settings for **Automatic fix PRs**. If a Project previously had its own settings for automatic fix pull requests, clicking the button will override the Project setting with the global setting. +3. In the **Automatic Fix PRs** section, enable **New vulnerabilities**. +4. Click **Save**. -

Configure Automatic Fix PRs

+Applying changes to all overridden Projects updates all individual Project settings for Automatic fix PRs. Clicking the button overrides individual Project settings with the global setting, even if a Project previously had its own configuration for automatic fix pull requests. -If you select **Fix all vulnerabilities for the same dependency in a single PR**, this will add any PR opened to address an issue with any potential PR for upgrades which also fix the same issue. So, fixing an instance of the vulnerability may imply that other vulnerabilities will also be fixed implicitly. +If you check **Fix all vulnerabilities for the same dependency in a single PR**, this adds any PR opened to address an issue with any potential PR for upgrades which also fix the same issue. Fixing an instance of the vulnerability often fixes other vulnerabilities as well. ## Set creation thresholds for score and severity -For every new actionable vulnerability found on each recurring test, Snyk raises a Fix PR. This may not be ideal depending on the velocity you are looking for in your organization, so setting up specific criteria to match your needs can be achieved through setting thresholds. +For every new actionable vulnerability found on each recurring test, Snyk raises a Fix PR. This may not be ideal depending on the velocity you are looking for in your Organization, so setting up specific criteria to match your needs can be achieved by setting thresholds. -To decide which automatic Fix PRs are visible to you, you can set a custom threshold for **Score** or **Severity.** You will have either Risk or Priority Score available in the dropdown depending on which is configured for your Organization. +To decide which automatic Fix PRs are visible to you, you can set a custom threshold for **Score** or **Severity**. Depending on your Organization's configuration, the dropdown contains either the **Risk Score** or the **Priority Score**. ### Score threshold -

Fix PR threshold by score

- -Snyk will create Fix PRs only above the threshold you set in the **Score** field. The score type you use will display as the option for the dropdown. This threshold ranges from 0-1000. +Snyk creates Fix PRs only above the threshold you set in the **Score** field. The selected score appears in the dropdown. This threshold ranges from 0 to 1,000. The set defaults for score are as follows: -* Organizations created before December 5, 2024 have a default score of 0. -* Organizations created after December 5, 2024 have a default score of 700. -* After June 5, 2025, all Organizations will have a default score of 700 unless you have configured a score in the setting. +* Organizations created before December 5, 2024, have a default score of 0. +* Organizations created after December 5, 2024, have a default score of 700. +* After June 5, 2025, all Organizations have a default score of 700 unless you have configured a score in the settings. ### Severity threshold -

Fix PR Threshold by Severity

- -Snyk will create Fix PRs for the severity levels selected, for example, Critical and High. +Snyk creates Fix PRs for the severity levels selected, for example, **Critical** and **High**. ## Enable or disable pull requests for a single Project -Enabling or disabling at a Project level will override the pull request setting for this single Project, so it will not inherit from the global integration setting. +Enabling or disabling at the Project level overrides the pull request setting for this single Project, so it will not inherit from the global integration setting. -1. Under **Projects,** select a Project and select **Settings**. +1. From the Project details page, navigate to the **Settings** tab. 2. Select an SCM integration, for example, GitHub. 3. In the **Automatic fix pull requests** section: - * Select **Customize for only this project** - * Enable **New vulnerabilities** - * Select **Save changes** - -
Automatic Fix pull requests settings at the project level

Automatic Fix pull requests settings at the project level

+ * Select **Customize for only this project**. + * Enable **New vulnerabilities**. + * Select **Save changes**. From d0fc83b0a2a02d8114ec922845af33165e53bae2 Mon Sep 17 00:00:00 2001 From: mikeromard Date: Thu, 21 May 2026 14:43:03 -0300 Subject: [PATCH 25/29] Reproduced Commit ca5cfdd --- developer-tools/SUMMARY.md | 2 +- .../google-security-command-center.md | 41 ++--- .../deployment-recommendations.md | 22 +-- discover-snyk/getting-started/glossary.md | 38 ++-- .../assign-a-lesson-in-snyk-learn.md | 19 +- .../getting-started/snyk-release-process.md | 10 +- .../define-policies.md | 6 +- .../connect-your-development-tools.md | 10 +- .../team-implementation-guide/README.md | 12 +- .../phase-6-triages-ignores-and-fixes.md | 14 +- discover-snyk/snyk-learn/snyk-assist.md | 2 +- .../snyk-learn-reports/assignment-reports.md | 10 +- .../organization-reports.md | 8 +- .../snyk-learn-reports/program-reporting.md | 6 +- .../technical-specifications-and-guidance.md | 10 +- discover-snyk/whats-new.md | 162 +++++++++--------- 16 files changed, 177 insertions(+), 195 deletions(-) diff --git a/developer-tools/SUMMARY.md b/developer-tools/SUMMARY.md index ec979eb1e42e..d75761237b82 100644 --- a/developer-tools/SUMMARY.md +++ b/developer-tools/SUMMARY.md @@ -165,7 +165,7 @@ * [Jira integration](integrations/jira-and-slack-integrations/jira-integration.md) * [Slack app](integrations/jira-and-slack-integrations/slack-app.md) * [Slack integration](integrations/jira-and-slack-integrations/slack-integration.md) -* [Event Forwarding](integrations/event-forwarding/README.md) +* [Event forwarding](integrations/event-forwarding/README.md) * [Amazon EventBridge](integrations/event-forwarding/amazon-eventbridge.md) * [AWS CloudTrail Lake](integrations/event-forwarding/aws-cloudtrail-lake.md) * [AWS Security Hub](integrations/event-forwarding/aws-security-hub.md) diff --git a/developer-tools/integrations/event-forwarding/google-security-command-center.md b/developer-tools/integrations/event-forwarding/google-security-command-center.md index 8d5f9bcd7d50..eb7d678e3fb7 100644 --- a/developer-tools/integrations/event-forwarding/google-security-command-center.md +++ b/developer-tools/integrations/event-forwarding/google-security-command-center.md @@ -21,13 +21,13 @@ Service Accounts are not available at the Organization level in Google Cloud IAM ## Prerequisites -* **Snyk:** A Snyk user account with [permissions](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/snyk-platform-administration/user-roles/user-role-management) to edit and view Group integrations -* **Google** **Cloud:** A Google Cloud organization with Security Command Center enabled. See the Google Cloud [Activate Security Command Center](https://cloud.google.com/security-command-center/docs/activate-scc-for-an-organization) page for more details on how to enable it. -* **Google SCC API**: You must [enable the SCC API](https://console.cloud.google.com/apis/library) in the same Project as the Service Account +* A Snyk user account with [permissions](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/snyk-platform-administration/user-roles/user-role-management) to edit and view Group integrations +* A Google Cloud organization with Security Command Center enabled. See the Google Cloud [Activate Security Command Center](https://cloud.google.com/security-command-center/docs/activate-scc-for-an-organization) page for more details on how to enable it. +* You must [enable the SCC API](https://console.cloud.google.com/apis/library) in the same Project as the Service Account -## Create the Finding Source using the Google Cloud SCC Console& +## Create the findings source using the Google Cloud SCC console -* In the SCC console, navigate to **Marketplace** and search for **Snyk**. Alternatively, navigate directly to the [Snyk for SCC marketplace listing](https://console.cloud.google.com/marketplace/product/snyk-marketplace/snyk-google-scc). +* In the SCC console, navigate to **Marketplace** and search for Snyk. Alternatively, navigate directly to the [Snyk for SCC marketplace listing](https://console.cloud.google.com/marketplace/product/snyk-marketplace/snyk-google-scc). * Click **SIGN UP WITH PARTNER** to install the Snyk for SCC integration. During this process, you will create a **Findings Source** for Snyk and a **Service Account** with [Security Center Findings Editor](https://cloud.google.com/security-command-center/docs/access-control-org#securitycenter.findingsEditor) permissions. {% hint style="warning" %} @@ -42,27 +42,28 @@ The setup process will grant the Snyk Service Account the `Security Center Findi {% endhint %} * Navigate to Google Cloud IAM and locate the **Service Accoun**t you created in the previous step, then [create a service account key](https://cloud.google.com/iam/docs/keys-create-delete#creating) in JSON format. -* Make a note of the **Source ID** (Findings Source name) and the **Service Account Ke**y, as you will need to provide them to the Snyk Web UI. +* Make a note of the **Source ID** (Findings Source name) and the **Service Account Key**, as you will need to provide them to the Snyk Web UI. You can then set up the integration in Snyk using the Snyk Web UI. ## Set up the integration using the Snyk Web UI -### **Required parameters** +### Required parameters -* **Source ID** (Finding Source Name) - Identifies the name of the organization source. The Google organization ID is parsed automatically from this field. -* **JSON Service Account Key File** - Authenticates with Google Cloud. +* **Source ID** (Finding Source Name): Identifies the name of the organization source. The Google organization ID is parsed automatically from this field. +* **JSON Service Account Key File**: Authenticates with Google Cloud. -### **Integration setup** +### Integration setup -* In the Snyk Web UI, at the Group level, navigate to Integrations > Add integration. -* Select the Issue Forwarding tag and search for Google SCC. -* Click the Add button. -* Add the Profile name for this integration. -* Add the Org ID for the Google Cloud project that holds the Kubernetes cluster. -* Add the JSON Service Account Key File. -* Add the Source ID (Findings Source Name). -* Click the Done button. -* When the connection is established, the Google SCC integration status changes to Connected. +1. In the Snyk web UI, navigate to your Group **Integrations** and click **+Add integration**. +2. Select the **Issue Forwarding** tag and add Google SCC. +3. Enter the following information: -

Google SCC - Setup screen

+ * Profile name for the integration + * The **Org ID** for the for the Google Cloud project that holds the Kubernetes cluster + * The JSON Service Account Key File + * The **Source ID** (Findings Source Name) + +4. Click **Done**. + +When the connection is established, the Google SCC integration status changes to **Connected**. \ No newline at end of file diff --git a/developer-tools/scm-integrations/deployment-recommendations.md b/developer-tools/scm-integrations/deployment-recommendations.md index f78899e1b7e8..31d155932d12 100644 --- a/developer-tools/scm-integrations/deployment-recommendations.md +++ b/developer-tools/scm-integrations/deployment-recommendations.md @@ -15,17 +15,13 @@ To ensure a smooth rollout of Snyk across your organization, Snyk provides a sug ## Stage 1: Set up your Organization and Group-level SCM integrations -Snyk has Organization-level SCM integrations available, including GitHub, GitHub Enterprise, Bitbucket Cloud, and more. +Snyk has Organization-level SCM integrations available, including GitHub, GitHub Enterprise, Bitbucket Cloud, and more. For details, visit [Set up a Snyk integration](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/L7HyJj9FsK1W4pNt8Gzl/getting-started-guides/getting-started#set-up-a-snyk-integration). -For details, see [Set up a Snyk integration](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/L7HyJj9FsK1W4pNt8Gzl/getting-started-guides/getting-started#set-up-a-snyk-integration). - -Snyk has Group-level SCM integrations available for Snyk Essentials, including GitHub, GitLab, Azure DevOps, and Bitbucket. - -See [Group level SCM integrations](group-level-integrations/) for details. +Snyk has Group-level SCM integrations available for Snyk Essentials, including GitHub, GitLab, Azure DevOps, and Bitbucket. For details, visit [Group level SCM integrations](group-level-integrations/). ### SCM permissions on repositories -Operations triggered using the Snyk UI, such as opening a Fix PR or retesting a Project, are performed for the acting user. Thus to perform these operations, you must connect your own SCM user or service account. This gives Snyk the required permissions for the repositories where you want to perform these operations. +Operations triggered using the Snyk UI, such as opening a Fix PR or retesting a Project, are performed for the acting user. Thus to perform these operations, you must connect your own SCM user or service account. This grants Snyk the required permissions to perform these operations on the repositories you want to use. For details on these permissions, see [User permissions and access scope requirements](user-permissions-and-access-scopes.md) for your chosen SCM integration. @@ -43,7 +39,7 @@ Navigate to the **Projects** page in the Snyk UI, select **Add projects**, selec * Snyk starts scanning the selected repos for dependency files (for example, package.json) in the entire directory tree and imports these files as Projects. * Snyk evaluates root folders and any custom file locations defined. If no manifest or configuration files are found, Snyk alerts you that no files can be imported. -* Snyk detects the manifest files (Projects), tests them, then displays the results.\ +* Snyk detects the manifest files (Projects), tests them, and then displays the results.\ Imported Projects appear underneath the repository name.\ After a Project is imported, it is continuously checked for vulnerabilities. @@ -57,13 +53,13 @@ For details, see [Import a Project](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLp ### PR test settings and workflows -By default, Snyk scans every pull request submitted on your monitored repositories and displays the results and recommendations grouped together in a single security check and a single license check. +By default, Snyk scans every pull request submitted to your monitored repositories and displays the results and recommendations in a single security check and a single license check. ### Status details Click the **Details** link to display the status of the Snyk check. The status options are: -* **Success**: no issues were identified and all checks passed +* **Success**: no issues were identified, and all checks passed * **Processing**: this status is displayed until the Snyk test is completed * **Failure**: identified issues that must be fixed for the check to pass * **Error**: indicates that one of the following issues may have occurred: @@ -95,9 +91,9 @@ When you first roll out your SCM integration, Snyk recommends that you start wit After you have embedded Snyk into your software development life cycle (SDLC), and have built good developer awareness, you can start to apply stricter policies to improve your overall security posture, for example: -* Low priority Projects: you can fail the PR only for new high-severity issues that are fixable. -* Medium priority Projects: fail the PR only for high-severity issues. -* High priority Projects (PCI/GDPR compliance): fail the PR for any issue. +* Low-priority Projects: you can fail the PR only for new high-severity issues that are fixable. +* Medium-priority Projects: fail the PR only for high-severity issues. +* High-priority Projects (PCI/GDPR compliance): fail the PR for any issue. {% hint style="info" %} To align vulnerability severity with your internal policy, use security policies to change the severity of issues and attach them to relevant Project attributes. See [Security policies](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/prevent/policies/security-policies) for more details. diff --git a/discover-snyk/getting-started/glossary.md b/discover-snyk/getting-started/glossary.md index cc939d6238d5..21ddd7573d22 100644 --- a/discover-snyk/getting-started/glossary.md +++ b/discover-snyk/getting-started/glossary.md @@ -24,11 +24,11 @@ The process of measuring an AI system’s performance, quality, and safety again ### Agentic -The ability of an AI system to plan, reason, and act independently toward a goal without explicit human instruction. Following multiple instructions, it can determine next steps by itself, without direction. +The ability of an AI system to plan, reason, and act independently toward a goal without explicit human instruction. Following multiple instructions, it can determine the next steps by itself, without direction. ### AI observability -The ability to monitor and trace the internal behavior, performance, and decision-making processes of AI systems in real time. It’s critical for traceability especially in the context of complex, distributed, or agentic systems. +The ability to monitor and trace the internal behavior, performance, and decision-making processes of AI systems in real time. It’s critical for traceability, especially in the context of complex, distributed, or agentic systems. ### AI orchestration @@ -154,7 +154,7 @@ Dynamic Application Security Testing. A security analysis technique that tests a ### Directive -A directive is a rule (also known as a command, instruction, and more) which guides an AI agent to produce code in the specified method. Snyk offers code examples for different directive types to implement in your organisation and potentially distribute company wide if you operate in an enterprise model. This is used in context with Snyk Studio. To learn more, visit [Directives](../../integrations/snyk-studio-agentic-integrations/directives.md). +A directive is a rule (also known as a command, instruction, and more) that guides an AI agent to produce code in the specified method. Snyk offers code examples for different directive types to implement in your organization and potentially distribute company-wide if you operate in an enterprise model. This is used in context with Snyk Studio. To learn more, visit [Directives](../../integrations/snyk-studio-agentic-integrations/directives.md). ### Dependency @@ -169,15 +169,15 @@ Also known as Dependency path. A hierarchical graph showing the dependencies of ### Development context -Information and requirements surrounding the development of applications within an organization, such as ownership, development tools, environments, teams, workflows, and processes. +Application development information and requirements in an Organization include ownership, development tools, environments, teams, workflows, and processes. ### DevOps -A set of cultural philosophies, practices, and tools that combines software development and IT operations to shorten the systems development lifecycle. +A set of cultural philosophies, practices, and tools that combine software development and IT operations to shorten the systems development lifecycle. ### DevSecOps -The integration of security into emerging agile IT and DevOps development as seamlessly and as transparently as possible. +Integrate security seamlessly and transparently into emerging agile IT and DevOps development. ### Docker @@ -227,7 +227,7 @@ In Snyk, a Group is the top-level entity used to manage multiple Organizations, ### Guardrail directive -A Guardrail directive is a type of [Directive](glossary.md#directive) that is automatically injected into AI agent interactions to govern AI agent behaviour. For more information, visit [Guardrail directives](../../integrations/snyk-studio-agentic-integrations/directives.md#guardrail-directives). +A Guardrail directive is a type of [Directive](glossary.md#directive) that is automatically injected into AI agent interactions to govern AI agent behavior. For more information, visit [Guardrail directives](../../integrations/snyk-studio-agentic-integrations/directives.md#guardrail-directives). ## H @@ -271,7 +271,7 @@ A license problem, vulnerability, or misconfiguration identified and listed by S ### Issue (Snyk **Essentials**) -An issue is a security problem identified by a Snyk security product when testing an asset, that AppSec teams need to remediate. +An issue is a security problem identified by a Snyk security product when testing an asset that AppSec teams need to remediate. ### Issues prioritization (Snyk **Essentials**) @@ -279,7 +279,7 @@ Provides a centralized view of all the issues identified by Snyk with additional ### Issue context (Snyk **Essentials**) -Information surrounding a particular security issue that serves as objective risk factors such as issue severity level, availability of a fix, exploit maturity. +Information surrounding a particular security issue that serves as objective risk factors, such as issue severity level, availability of a fix, and exploit maturity. ## K @@ -327,7 +327,7 @@ Natural Language Processing.The technology that enables computers to understand, ### NPX -`npx` (Node Package Execute) is a command-line tool bundled with `npm` that allows you to run `Node.js` packages wihout requiring install. +`npx` (Node Package Execute) is a command-line tool bundled with `npm` that allows you to run `Node.js` packages without requiring installation. ## O @@ -371,7 +371,7 @@ A Personal Access Token (PAT) is a unique string used as an alternative to a pas ### Pinnable -A fix type. Define and "pin" a specific version of an indirect dependency, to avoid a direct dependency pulling in a vulnerable version. +A fix type. Define and "pin" a specific version of an indirect dependency to avoid a direct dependency pulling in a vulnerable version. ### Policy @@ -379,11 +379,11 @@ See [license policy](glossary.md#license-policy), [security policy](glossary.md# ### **Policy (Snyk Essentials)** -A way to automate actions in certain conditions, like classifying and tagging assets with business context. You can also use a policy to configure actions like sending a message or setting the coverage gap control using a Policy builder UI. +A way to automate actions in certain conditions, like classifying and tagging assets with business context. You can also use a policy to configure actions, such as sending a message or setting the coverage gap control, using a Policy builder UI. ### PR -Pull Request. Allows a user to exchange changes made to source code and collaborate with others on the same branch. +Pull Request. Allows a user to exchange changes made to the source code and collaborate with others on the same branch. ### PR Checks @@ -421,7 +421,7 @@ A storage area that contains all elements necessary for the distribution of an a ### Repository assets (Snyk **Essentials**) -A repository asset is created by discovering the repositories directly in the SCM, when such integration is configured. Alternatively, a repository asset can be created by scanning a repository, (by Snyk or third-party tools) as long as the scanned code is identified with a specific repository. +A repository asset is created by discovering the repositories directly in the SCM when such integration is configured. Alternatively, a repository asset can be created by scanning a repository (by Snyk or third-party tools) as long as the scanned code is identified with a specific repository. ### Resource @@ -487,11 +487,11 @@ A severity level is applied to a vulnerability or a license issue, to indicate t ### Skill (Snyk Studio) -Skills are packaged instructions (containing specialised procedures and knowledge) loaded on demand to guide agent actions. They can be triggered by [Hooks](glossary.md#hook-snyk-studio). +Skills are packaged instructions (containing specialized procedures and knowledge) loaded on demand to guide agent actions. They can be triggered by [Hooks](glossary.md#hook-snyk-studio). ### Snapshot -An individual report within the test history of a Project. Includes a tree of dependencies and a list of vulnerabilities that was accurate at the time the test was conducted. +An individual report within the test history of a Project. Includes a tree of dependencies and a list of vulnerabilities that were accurate at the time the test was conducted. ### `.snyk` policy @@ -539,7 +539,7 @@ An interactive education platform that provides developers with bite-sized lesso ### Snyk MCP Server -A MCP server that enables easy integration with coding assistants, providing security context to AI agents. This runs locally using the Snyk CLI. For more information, visit [Agentic security with Snyk Studio](../../integrations/snyk-studio-agentic-integrations/). +An MCP server that enables easy integration with coding assistants, providing security context to AI agents. This runs locally using the Snyk CLI. For more information, visit [Agentic security with Snyk Studio](../../integrations/snyk-studio-agentic-integrations/). ### Snyk Open Source @@ -580,7 +580,7 @@ An authentication method that allows users to access multiple, independent softw ### Static Code Analysis -A technique for examining source code to identify issues related to code quality, structure, or performance, such as determining code reachability or spotting potential inefficiencies. While this technique may touch on security concerns, its primary focus is often broader, covering various aspects of code health. In contrast, Static Application Security Testing ([SAST](glossary.md#sast)) specifically targets the identification of security vulnerabilities within the code, such as coding flaws that could lead to security risks. +A technique for examining source code to identify issues related to code quality, structure, or performance, such as determining code reachability or spotting potential inefficiencies. While this technique may address security concerns, its primary focus is often broader, covering various aspects of code health. In contrast, Static Application Security Testing ([SAST](glossary.md#sast)) specifically targets the identification of security vulnerabilities within the code, such as coding flaws that could lead to security risks. ## T @@ -590,7 +590,7 @@ Representation of an external resource Snyk has scanned. All [Snyk Projects](glo ### **Tags (Snyk Essentials)** -A way to categorize assets. Helps you recognize or handle assets differently according to mutual properties. Assets can be filtered by their tags in the inventory or when creating policy rules. A tag can be automatically assigned to an asset, or the asset can be tagged by a policy you created. GitHub and GitLab topics are treated as asset tags and you can use them for creating policies. +A way to categorize assets. Helps you recognize or handle assets differently according to mutual properties. Assets can be filtered by their tags in the inventory or when creating policy rules. A tag can be automatically assigned to an asset, or the asset can be tagged by a policy you created. GitHub and GitLab topics are treated as asset tags, and you can use them for creating policies. ### Tenant diff --git a/discover-snyk/getting-started/pilot-guide/during-the-pilot/assign-a-lesson-in-snyk-learn.md b/discover-snyk/getting-started/pilot-guide/during-the-pilot/assign-a-lesson-in-snyk-learn.md index 6668e25871ad..f83a21b5eb2f 100644 --- a/discover-snyk/getting-started/pilot-guide/during-the-pilot/assign-a-lesson-in-snyk-learn.md +++ b/discover-snyk/getting-started/pilot-guide/during-the-pilot/assign-a-lesson-in-snyk-learn.md @@ -6,26 +6,15 @@ The Snyk platform includes access to Snyk Learn, the Snyk security education pla Throughout the platform, such as in the IDE extensions, PR checks, and Web UI, Snyk links out to relevant lessons in Snyk Learn that help the developer fix that vulnerability. These lessons can also be accessed directly at [learn.snyk.io](http://learn.snyk.io). -Start by navigating to [Snyk Learn](http://learn.snyk.io) and browsing the set of available lessons: +Start by navigating to [Snyk Learn](http://learn.snyk.io) and browsing the set of available lessons. -
+You can then filter by category to see lessons related to your programming language or topic of interest. -You can then filter by category to see lessons related to your programming language or topic of interest: - -![](https://lh7-rt.googleusercontent.com/docsz/AD_4nXcZBdQszSiTumha1gYczgqqKJuPcgx1PWsvfGYl7LZNSzWc2fUX9r0eEhUMTUpAGTbE_zSY_1U3kcLZE44sh7qfeBIKUHYh18CoJJwCZNKkxVOWZVg1RKg0YHR_VqS8_n97IvwHrw?key=i_CNrr-DvB8PGUAzq09BT3pc) - -Choose a lesson that interests you and complete it. You will see progress of the lesson on the right of the page and confirmation after the lesson has been completed.\ - - -
+Choose a lesson that interests you and complete it. You will see progress of the lesson on the right of the page and confirmation after the lesson has been completed. Next, review all of your completed and in-progress lessons by clicking on “Learning progress”. -
- -Admins in Snyk can also review progress for the entire Organization by accessing the Reports: - -![](https://lh7-rt.googleusercontent.com/docsz/AD_4nXdAeUEIKHvZi8Zm51zUiT4Pd7dA9gbjzf6jIyORzQxuf0CL5Zfgr7eYhw8PTUIiroMY2pmiUspC4suJUWkYTJKPyiMUdkKL-Ne4Sls_tLyAn3c7lvVHKwRUjEwtW3bWudjGOTxMGw?key=i_CNrr-DvB8PGUAzq09BT3pc) +Admins in Snyk can also review progress for the entire Organization by accessing the Reports. See the [Snyk Learn reports](../../../snyk-learn/snyk-learn-reports/) page for more details. diff --git a/discover-snyk/getting-started/snyk-release-process.md b/discover-snyk/getting-started/snyk-release-process.md index 4236da490577..1dc2c29f9b61 100644 --- a/discover-snyk/getting-started/snyk-release-process.md +++ b/discover-snyk/getting-started/snyk-release-process.md @@ -8,11 +8,11 @@ Not all features follow all these stages, and timelines for each feature vary. Snyk features are provided to users in the following release stages. -
StageDescriptionAvailable toAccessDocs
AlphaInternal release onlySnyk internal users, potentially some design partnersControlledNo documentation provided
Closed BetaThe first customer-facing rollout of a featureA preselected group of usersInvitation onlyProvided but not public
Early AccessFeature is tested and ready for use, but not available by default. See Early Access featuresAll users on an opt-in basis. This may include some additional purchase costsOpt-in: on request through Snyk account team, or using Snyk PreviewPublic documentation
General AvailabilityFeature is fully enabledAll users, subject to standard feature availabilityAvailable by defaultPublic documentation
+
StageDescriptionAvailable toAccessDocs
AlphaInternal release onlySnyk internal users, potentially some design partnersControlledNo documentation provided
Closed BetaThe first customer-facing rollout of a featureA preselected group of usersInvitation onlyProvided but not public
Early AccessFeature is tested and ready for use, but not available by default. See Early Access featuresAll users on an opt-in basis. This may include some additional purchase costsOpt-in: on request through Snyk account team, or using Snyk PreviewPublic documentation
General AvailabilityFeature is fully enabledAll users, subject to standard feature availabilityAvailable by defaultPublic documentation
## Feature lifecycle stages -
StageDescriptionAvailable toAccessDocs
DeprecatedThe feature is available, but use is discouraged. See Deprecated featuresActive users onlyAvailable by defaultPublic documentation, with the Release status at the top of the page
End of supportNo new support tickets will be answered. See End of support featuresActive users onlyAvailable by defaultPublic documentation, with the Release status at the top of the page
End of LifeThe feature is no longer availableNo usersNot availableNo documentation available
+
StageDescriptionAvailable toAccessDocs
DeprecatedThe feature is available, but use is discouraged. See Deprecated featuresActive users onlyAvailable by defaultPublic documentation, with the Release status at the top of the page
End of supportNo new support tickets will be answered. See End of support featuresActive users onlyAvailable by defaultPublic documentation, with the Release status at the top of the page
End of LifeThe feature is no longer availableNo usersNot availableNo documentation available
## Brownouts @@ -38,8 +38,6 @@ Brownouts occur when Snyk temporarily suspends an API endpoint or a feature, mak * [Repositories tested in CI/CD report](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/prevent/analytics/reports-tab/prevention-reports#repositories-tested-in-ci-cd-report) * [Snyk 2.0 platform improvements](snyk-2.0-platform-improvements.md) - - ### Deprecated features Deprecated features are outdated and will be removed in the future. The documentation page will announce the transition of a feature to Deprecated six months before its start date. @@ -75,7 +73,7 @@ Deprecated features are outdated and will be removed in the future. The document ### End of support features -When a feature transitions to an end-of-support stage, both development and support work are terminated. +When a feature transitions to end-of-support, both development and support work are terminated. The documentation page will announce the transition of a feature to End of Support six months before its start date. @@ -83,4 +81,4 @@ The documentation page will announce the transition of a feature to End of Suppo A feature can also be the subject of an end-of-life event, meaning that the feature or capability impacted by this process ceases to exist and is removed from the product and public documentation. -API endpoints have a dedicated section for the end of life process and also provide details about the migration steps. Navigate to the [API End of Life process and migration guides](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/api-end-of-life-eol-process-and-migration-guides) for more details. +API endpoints have a dedicated section for the end-of-life process and also provide details about the migration steps. Navigate to the [API End of Life process and migration guides](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/api-end-of-life-eol-process-and-migration-guides) for more details. diff --git a/discover-snyk/implementation-and-setup/enterprise-implementation-guide/configure-group-settings-and-policies/define-policies.md b/discover-snyk/implementation-and-setup/enterprise-implementation-guide/configure-group-settings-and-policies/define-policies.md index 4b9901ee362d..0bfd5e4a5ec4 100644 --- a/discover-snyk/implementation-and-setup/enterprise-implementation-guide/configure-group-settings-and-policies/define-policies.md +++ b/discover-snyk/implementation-and-setup/enterprise-implementation-guide/configure-group-settings-and-policies/define-policies.md @@ -34,16 +34,16 @@ Configure policies to match your requirements. **Key decision:** Decide how to automate the governance, tracking, and remediation workflows for your assets to ensure continuous security visibility and compliance {% endhint %} -Asset policies in Snyk Essentials automate business context and notification workflows. Use policies to identify coverage gaps and manage assets at scale. +Asset policies in Snyk Essentials automate business context and notification workflows. Use policies to identify coverage gaps and manage assets at scale. -## About Policies +## About policies ### Policy components A policy consists of the following elements: * Filters: Define criteria (for example tags or asset names) to group specific assets. -* Actions: Define what happens to filtered assets, for example, assigning a classification or sending a Slack notification. +* Actions: Define what happens to filtered assets, for example, assigning a classification or sending a Slack notification. ### Key filter types diff --git a/discover-snyk/implementation-and-setup/enterprise-implementation-guide/create-a-template-organization/connect-your-development-tools.md b/discover-snyk/implementation-and-setup/enterprise-implementation-guide/create-a-template-organization/connect-your-development-tools.md index 0502bc77db64..9f76ee15e69d 100644 --- a/discover-snyk/implementation-and-setup/enterprise-implementation-guide/create-a-template-organization/connect-your-development-tools.md +++ b/discover-snyk/implementation-and-setup/enterprise-implementation-guide/create-a-template-organization/connect-your-development-tools.md @@ -84,12 +84,12 @@ Your integration approach should match the structure you selected during the pla Configure SCM integrations at the Organization level to establish granular connections for specific teams, products, or business units. While Group-level integrations provide a global baseline, Organization-level settings allow for isolated credentials and team-specific automation. {% hint style="info" %} -If you are using multiple SCMs, Snyk recommends using separate Organizations for separate SCM integrations. +If you are using multiple SCMs, Snyk recommends using separate Organizations for each SCM integration. {% endhint %} {% stepper %} {% step %} -**Establish granular authentication** +#### Establish granular authentication {% hint style="success" %} **Key decision:** Determine if this specific Organization requires a unique access token or a different service account than the one used at the Group level. @@ -100,11 +100,11 @@ Unlike Group-level setup, Organization-level integrations allow you to: * **Isolate access:** Use a unique Personal Access Token (PAT) or OAuth connection that only has access to a specific team's repositories. * **Override Group defaults:** If a specific business unit uses a different SCM instance (for example, a separate GitHub Org or GitLab Group), you can configure it here without affecting the rest of the company. -Set up your Org-level integrations by navigating in your Organization to the **Integrations** page and selecting the relevant SCM tile. +Set up your Org-level integrations by navigating to your Organization **Integrations** page and selecting the relevant SCM tile. {% endstep %} {% step %} -**Consider specific Snyk Broker tokens** +#### Consider specific Snyk Broker tokens {% hint style="success" %} **Key decision:** Identify if this Organization requires a dedicated Snyk Broker token to segment network traffic or satisfy distinct security requirements. @@ -121,7 +121,7 @@ If you are using Azure Repos, Snyk recommends using Universal Broker to avoid Az {% endstep %} {% step %} -**Define team-specific automation** +#### Define team-specific automation {% hint style="success" %} **Key decision:** Decide which PR check behaviors and fix strategies apply to this team’s specific development workflow. diff --git a/discover-snyk/implementation-and-setup/team-implementation-guide/README.md b/discover-snyk/implementation-and-setup/team-implementation-guide/README.md index 5c7ae941fdbb..b7eea6f097b0 100644 --- a/discover-snyk/implementation-and-setup/team-implementation-guide/README.md +++ b/discover-snyk/implementation-and-setup/team-implementation-guide/README.md @@ -1,11 +1,11 @@ # Team implementation guide -Accelerate your team performance by using Snyk. This guide aims to help you implement Snyk for your team. The team plan applies to teams of up to 10 members. +Accelerate your team performance by using Snyk. This guide aims to help you implement Snyk for your team. The team plan applies to teams of up to 10 members. We start with the awareness that most businesses: * Have a backlog of issues in their existing software -* Are continuously creating new software and need to secure new code. +* Are continuously creating new software and need to secure new code. ## **Typical timelines** @@ -29,13 +29,13 @@ If you focus on visibility first, you can get a clear sense of the security issu This does not stop you from fixing issues using Snyk. You can start fixing issues early, but the emphasis is to avoid blocking development early on, build trust, and slowly introduce gating in later phases, usually the prevention phase. This is true of the smallest or largest teams - communication is key. {% endhint %} -Visibility achieves a broad view of security across your application portfolio, avoids Snyk scans being seen as a blocker, and minimizes impact on development processes. +Visibility achieves a broad view of security across your application portfolio, avoids Snyk scans being seen as a blocker, and minimizes impact on development processes. This visibility helps build trust while rolling out Snyk. With the Team plan, this equates to onboarding your projects through Git repository and disabling PR Checks/Auto PRs in the integration settings. Choose an important project and enable PR checks after communicating with the relevant team members. This guide details this later on. ### Achieve prevention and drive developer adoption -Next is the prevention stage. You should stop new security issues from being added to your applications. During this stage, you can put controls in place to allow developers to see issues in their pipelines using Pull Request (PR)/Merge Request (MR) checks, and checks in the pipeline that may block. +Next is the prevention stage. You should stop new security issues from being added to your applications. During this stage, you can put controls in place to allow developers to see issues in their pipelines using Pull Request (PR)/Merge Request (MR) checks, and checks in the pipeline that may block. As part of this, developers may use IDE plugins and other tools like [Snyk Advisor](https://snyk.io/advisor) to select secure packages and [Snyk Learn](https://learn.snyk.io/) to educate on secure coding, security, and the product. It's quite common to see developers download and use IDE plugins. Provide guides indicating the settings they should use and guidelines on what they should fix to start often Criticals and Highs, where fixes are available. @@ -44,7 +44,7 @@ As part of this, developers may use IDE plugins and other tools like [Snyk Advis Finally, you can focus on fixing your backlog of security issues. This can take several forms: * As part of the initial rollout, security or initial stakeholder may triage the initial results for the existing portfolio, create tickets for priority items to investigate or address, or have the teams do that for their applications as part of the weekly triage process. -* After getting visibility and achieving prevention, you can look at your backlog of issues. For example, a weekly triage process with the key stakeholders can guide the teams on what to address. +* After gaining visibility and achieving prevention, you can review your backlog of issues. For example, a weekly triage process with the key stakeholders can guide the teams on what to address. ## Use enhanced resources with Snyk @@ -52,4 +52,4 @@ Snyk was built with developers in mind, providing: * Tools to create secure applications using integrations for IDE, Git, and CI/CD. * [Snyk Advisor](https://snyk.io/advisor) and other tools to make decisions. -* [Snyk Learn](https://learn.snyk.io) training materials on products, securing code, and best practices. +* [Snyk Learn](https://learn.snyk.io) training materials on products, securing code, and best practices. diff --git a/discover-snyk/implementation-and-setup/team-implementation-guide/phase-6-triages-ignores-and-fixes.md b/discover-snyk/implementation-and-setup/team-implementation-guide/phase-6-triages-ignores-and-fixes.md index d16da03d77e5..e7837c456854 100644 --- a/discover-snyk/implementation-and-setup/team-implementation-guide/phase-6-triages-ignores-and-fixes.md +++ b/discover-snyk/implementation-and-setup/team-implementation-guide/phase-6-triages-ignores-and-fixes.md @@ -4,7 +4,7 @@ After you implement a strategy to prevent new issues from entering your repositories, whether blocking builds or running in a non-blocking/advisory mode, the next step is to prioritize and start fixing issues in your backlog. -* In [Phase 4: Create a Fix strategy](phase-4-create-a-fix-strategy.md), you created a plan for prioritizing your Projects and issues. To implement this, you can schedule regular meetings with development team leads, to assist them with this process. +* In [Phase 4: Create a Fix strategy](phase-4-create-a-fix-strategy.md), you created a plan for prioritizing your Projects and issues. To implement this, you can schedule regular meetings with development team leads, to assist them with this process. * If you use Jira Cloud, you can download and install the [Snyk Security in Jira Cloud](https://marketplace.atlassian.com/apps/1230482/snyk-security-in-jira-cloud) plugin from the Atlassian marketplace. This allows you to view information on your Snyk Vulnerabilities directly in Jira, and use Jira Automation to create new tickets when new vulnerabilities are identified. ## When should you ignore an issue? @@ -16,23 +16,21 @@ When deciding your priority for fixing issues, you may see specific packages or ## Use the ignore feature -In each case, you can use the "ignore" feature to stop these from appearing each time you run a test. +In each case, you can use the "ignore" feature to stop these from appearing each time you run a test. {% hint style="info" %} -Confirm ignore with an Organization Admin (they may need to complete this step themselves). +Confirm ignore with an Organization Admin (they may need to complete this step themselves). {% endhint %} When adding the ignore: * Ensure you add a detailed reason, so the ignore reason is clear to others who see this issue. -* Set an expiration date for the ignore rather than having a permanent ignore. This is essential, as whilst the issue may not be fixable/relevant today, it should be reviewed regularly (monthly or quarterly) to see if it is possible to implement a fix. +* Set an expiration date for the ignored rather than having a permanent ignore. This is essential, as whilst the issue may not be fixable/relevant today, it should be reviewed regularly (monthly or quarterly) to see if it is possible to implement a fix. {% hint style="info" %} In **Settings-General** it's common to limit access to who can ignore an issue and require a reason. {% endhint %} -By default, the **Organization Collaborator** role has permission to ignore issues, but this can be controlled per Organization in the **Settings** page (that is, restricted to **Organization admins** only). +By default, the **Organization Collaborator** role has permission to ignore issues, but this can be controlled per Organization in the **Settings** page (that is, restricted to **Organization admins** only). -See [Ignore issues](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/fix/prioritize-issues-for-fixing/ignore-issues) for more details. - -## +See [Ignore issues](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/fix/prioritize-issues-for-fixing/ignore-issues) for more details. \ No newline at end of file diff --git a/discover-snyk/snyk-learn/snyk-assist.md b/discover-snyk/snyk-learn/snyk-assist.md index 1c5234f13349..4e74b915d408 100644 --- a/discover-snyk/snyk-learn/snyk-assist.md +++ b/discover-snyk/snyk-learn/snyk-assist.md @@ -14,7 +14,7 @@ Snyk Assist enhances your learning experience within the Snyk Learn platform by:

Snyk Assist on Snyk Learn

-## How Snyk Assist Works +## How Snyk Assist works Snyk Assist utilizes Generative AI to respond to questions based on information retrieved from trusted Snyk sources: diff --git a/discover-snyk/snyk-learn/snyk-learn-reports/assignment-reports.md b/discover-snyk/snyk-learn/snyk-learn-reports/assignment-reports.md index bea82a7c1013..8dc43a01f640 100644 --- a/discover-snyk/snyk-learn/snyk-learn-reports/assignment-reports.md +++ b/discover-snyk/snyk-learn/snyk-learn-reports/assignment-reports.md @@ -4,11 +4,11 @@ Snyk Learn assignment reporting is available only in the Learning Management add-on offering. For more information, contact your Snyk account team. {% endhint %} -After you have created your first [Assignments](../snyk-learn-assignments.md) with Snyk Learn, you can use the Assignment reporting to track progress at an organization level. This is useful for team managers, security champions, AppSec engineers and compliance team members to follow up on detailed progress, and to extract reports for compliance usage. +After you have created your first [Assignments](../snyk-learn-assignments.md) with Snyk Learn, you can use the Assignment reporting to track progress at an organization level. This is useful for team managers, security champions, AppSec engineers, and compliance team members to follow up on detailed progress and to extract reports for compliance usage. -## Assignment Report +## Assignment report -By navigating to your [assignment](https://learn.snyk.io/admin/assignments/) dashboard, you can find reports showing your organizational progress against assignments. +By navigating to your [assignment](https://learn.snyk.io/admin/assignments/) dashboard, you can find reports showing your organizational progress against assignments. You can also use the filter to drill down further, and the buttons below the filter allow you to change the due date, delete assignments, and also trigger email reminders for your users. @@ -16,11 +16,11 @@ You can also use the filter to drill down further, and the buttons below the fil ### Changing the due date -First select the assignments you would like to change the due date for, and then press the icon highlighted in the image below. You will then be asked to pick a new date. This updates the due date, and also updates the users Learning Progress dashboard. +First, select the assignments you would like to change the due date for, and then press the icon highlighted in the image below. You will then be asked to pick a new date. This updates the due date, and also updates the user's Learning Progress dashboard.
-### Sending a reminder email +### Sending a reminder email By selecting an assignment and then pressing the button highlighted you can trigger a reminder email to be sent. You will be offered the chance to add a custom message before the reminder is sent. diff --git a/discover-snyk/snyk-learn/snyk-learn-reports/organization-reports.md b/discover-snyk/snyk-learn/snyk-learn-reports/organization-reports.md index 56fc04620262..44ad0c7094b3 100644 --- a/discover-snyk/snyk-learn/snyk-learn-reports/organization-reports.md +++ b/discover-snyk/snyk-learn/snyk-learn-reports/organization-reports.md @@ -6,7 +6,7 @@ Snyk Learn organization reports are available only with Enterprise plans. For more information, see [plans and pricing](https://snyk.io/plans/). {% endhint %} -By default, only Snyk Org or Group admins can view and export reports. Group admins can create custom roles by using the standard Snyk workflow. Learn more about the access controls for reports at [Snyk Learn Access Controls](../snyk-learn-access-controls.md). +By default, only Snyk Org or Group admins can view and export reports. Group admins can create custom roles by using the standard Snyk workflow. Learn more about the access controls for reports at [Snyk Learn Access Controls](../snyk-learn-access-controls.md). {% hint style="info" %} Snyk Learn organization reports support Organizations with up to 5000 members. @@ -24,11 +24,11 @@ The Detailed report provides individual user-level progress tracking within your * completion status * when the lesson or learning path was completed -* when the lesson was previously completed, if lesson progress was reset after the user completed it +* when the lesson was previously completed, if lesson progress was reset after the user completed it

Snyk Learn Detailed report

-### Exporting Organization reports +### Exporting Organization reports All reports are available as interactive table views and downloadable CSV reports. @@ -39,4 +39,4 @@ The report CSV contains the historical completions and current progress. The lea Progress reporting is also available through the Snyk Learn API (beta), offering two endpoints: * [Org catalog progress](https://apidocs.snyk.io/?version=2024-10-15#get-/orgs/-org_id-/learn/progress/catalog): progress mapped to the Snyk Learn catalog -* [Org user progress](https://apidocs.snyk.io/?version=2024-10-15#get-/orgs/-org_id-/learn/progress/users): progress mapped to the Snyk user +* [Org user progress](https://apidocs.snyk.io/?version=2024-10-15#get-/orgs/-org_id-/learn/progress/users): progress mapped to the Snyk user diff --git a/discover-snyk/snyk-learn/snyk-learn-reports/program-reporting.md b/discover-snyk/snyk-learn/snyk-learn-reports/program-reporting.md index 096d4444e146..0db03681c3bb 100644 --- a/discover-snyk/snyk-learn/snyk-learn-reports/program-reporting.md +++ b/discover-snyk/snyk-learn/snyk-learn-reports/program-reporting.md @@ -6,9 +6,9 @@ Snyk Learn program reporting is available only in the Learning Management add-on Snyk Learn provides a Snyk in-app reporting powered report to give you insights into your security training and education program. -## Learn Engagement report +## Learn engagement report -The goal of the engagement report is to provide insights into the overall progress of your security education and training programs, and give you insights into which parts of your Organization are engaging with Snyk Learn content. You can use the data and insights to better optimise your program, find security champions, generate reports for compliance, and show progress to your executive sponsors. This report is available at the Group level. +The goal of the engagement report is to provide insights into the overall progress of your security education and training programs, and give you insights into which parts of your Organization are engaging with Snyk Learn content. You can use the data and insights to better optimize your program, find security champions, generate reports for compliance, and show progress to your executive sponsors. This report is available at the Group level. Read more about this report [here](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/prevent/analytics/reports-tab/education-reports#learn-engagement). @@ -24,7 +24,7 @@ Read more about this report [here](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpF The Learning Impact & Opportunities report is available in Early Access. {% endhint %} -The goal of the impact and opportunities report is to provide insights into the impact your security education and training programs are having on code issue remediation and code issue prevention. In addition, the report gives recommendations for future training based on your code issue backlog, and issues that were introduced during the selected time period of the report. This report is available at the Group level. +The goal of the Impact and Opportunities report is to provide insights into the impact your security education and training programs have on code issue remediation and prevention. In addition, the report gives recommendations for future training based on your code issue backlog and issues that were introduced during the selected time period of the report. This report is available at the Group level. Read more about this report [here](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/prevent/analytics/reports-tab/education-reports#learning-impact-and-opportunities). diff --git a/discover-snyk/supported-languages/technical-specifications-and-guidance.md b/discover-snyk/supported-languages/technical-specifications-and-guidance.md index 197d96752ee7..fd0f796c194b 100644 --- a/discover-snyk/supported-languages/technical-specifications-and-guidance.md +++ b/discover-snyk/supported-languages/technical-specifications-and-guidance.md @@ -6,7 +6,7 @@ Both Snyk Code and Snyk Open Source accept source code files in UTF-8 encoding. ## Snyk Open Source -Snyk analyzes and builds the dependencies tree depending on the language and package manager for the Project, as well as the location of the Project. +Snyk analyzes and builds the dependency tree depending on the language and package manager for the Project, as well as the location of the Project. ### How Snyk for Open Source and licensing works @@ -14,7 +14,7 @@ Snyk analyzes and builds the dependencies tree depending on the language and pac Before testing your Open Source Project for vulnerabilities, with limited exceptions, you must build your Project. For details, see [Open Source Projects that must be built before testing with the Snyk CLI](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/scan-and-maintain-projects-using-the-cli/snyk-cli-for-open-source/open-source-projects-that-must-be-built-before-testing-with-the-snyk-cli). {% endhint %} -Snyk builds a dependency graph and (dependencies tree) and then uses the [vulnerability database](https://snyk.io/vuln) to find vulnerabilities in any of the packages anywhere in that tree. +Snyk builds a dependency graph and (dependency tree) and then uses the [vulnerability database](https://snyk.io/vuln) to find vulnerabilities in any of the packages anywhere in that tree. ### Snyk policies in Open Source @@ -41,7 +41,7 @@ Snyk Code automatically excludes the following files from analysis: The analysis is available only for files with names shorter than or equal to 255 characters. If the filename exceeds this limit, you receive an error. To ensure that all files are being analyzed, Snyk recommends shortening long filenames. -### Framework support +### Framework support To support a specific framework, Snyk Code must both support the relevant language and be trained on Projects using the framework. The found patterns are then annotated by the security team and extended by curated content. @@ -71,7 +71,7 @@ Snyk continuously expands its framework coverage and improves analysis accuracy. Snyk scans your codebase following this sequence: -1. The source code is analyzed, generating an event graph. The event graph is similar to a code map that helps Snyk understand how different parts of the code are related. There are two node types, each node in the graph representing something that happens in the code. Some represent parts of the code, and others represent how the code is used. +1. The source code is analyzed to generate an event graph. The event graph is similar to a code map, helping Snyk understand how different parts of the code are related. There are two node types, each node in the graph representing something that happens in the code. Some represent parts of the code, and others represent how the code is used. 2. Rules are run against the event graph to find matches. The rules act as a checklist of known vulnerabilities that Snyk looks for in the event graph. 3. If a match is found, Snyk looks for a vulnerability in the event graph, identifying where problems might be hiding in the code. @@ -79,7 +79,7 @@ For more information, see [Snyk Code AI Engine](https://app.gitbook.com/o/-M4tdx ## Language support and CLI, CI/CD, and SCM integrations -Snyk supports a variety of programming languages, enabling seamless integration into your development workflow through CLI commands, CI/CD pipelines, and SCM integrations. +Snyk supports a variety of programming languages, enabling seamless integration into your development workflow through CLI commands, CI/CD pipelines, and SCM integrations. You can use these tools to automatically check your code for security issues as you develop your software. This ensures that strong security practices are part of your development process. diff --git a/discover-snyk/whats-new.md b/discover-snyk/whats-new.md index 27cf1b9ebfba..15dc39dac61a 100644 --- a/discover-snyk/whats-new.md +++ b/discover-snyk/whats-new.md @@ -119,8 +119,8 @@ The most recent updates include significant changes to the user docs, such as fe * [JavaScript](supported-languages/supported-languages-list/javascript/) was updated with support for Yarn 4. * [Ruby](supported-languages/supported-languages-list/ruby.md) was updated with support for Ruby 4. * [Python](supported-languages/supported-languages-list/python/) has been updated to remove the limitation note for Projects with downloaded dependencies. -* [Go](supported-languages/supported-languages-list/go.md) has been updated to include support for Go standard library, for Go with Open Source. -* Several supported language pages and their rules have been updated with Code analysis support in Early Access: [Rust](supported-languages/supported-languages-list/rust.md), [Swift and Objective-C](supported-languages/supported-languages-list/swift-and-objective-c.md), [Dart and Flutter](supported-languages/supported-languages-list/dart-and-flutter.md), [Groovy](supported-languages/supported-languages-list/groovy.md), [Rust rules](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-code/snyk-code-security-rules/rust-rules), [Objective-C rules](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-code/snyk-code-security-rules/objective-c-rules), [Dart and Flutter rules](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-code/snyk-code-security-rules/dart-and-flutter-rules), [Groovy rules](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-code/snyk-code-security-rules/groovy-rules). +* [Go](supported-languages/supported-languages-list/go.md) has been updated to include support for the Go standard library, for Go with Open Source. +* Several supported language pages and their rules have been updated with Code analysis support in Early Access: [Rust](supported-languages/supported-languages-list/rust.md), [Swift and Objective-C](supported-languages/supported-languages-list/swift-and-objective-c.md), [Dart and Flutter](supported-languages/supported-languages-list/dart-and-flutter.md), [Groovy](supported-languages/supported-languages-list/groovy.md), [Rust rules](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-code/snyk-code-security-rules/rust-rules), [Objective-C rules](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-code/snyk-code-security-rules/objective-c-rules), [Dart and Flutter rules](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-code/snyk-code-security-rules/dart-and-flutter-rules), and [Groovy rules](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-code/snyk-code-security-rules/groovy-rules). ### Other updates @@ -134,23 +134,23 @@ The most recent updates include significant changes to the user docs, such as fe December - January 2025 Documentation updates -#### December 2025 +### December 2025 -**Snyk API** +#### *Snyk API * The API docs navigation was enhanced with additional package-related reference pages (including `ContainerRegistryImagePolicy`). -**Snyk Integrations** +#### Snyk Integrations * The [Partner integrations](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/partner-integrations) page has been updated, including additional coverage for Coding Assistants and how they can use Snyk Studio (MCP) in agentic workflows. * [JavaScript](supported-languages/supported-languages-list/javascript/) navigation has been enhanced with better redirect and routing features. -**Snyk Studio** +#### Snyk Studio * The [Snyk Studio - Agentic integrations](integrations/snyk-studio-agentic-integrations/) documentation has been updated to provide a clearer explanation of MCP usage and the available Snyk Studio tools. * The [Quickstart guides for Snyk Studio](integrations/snyk-studio-agentic-integrations/quickstart-guides-for-snyk-studio/) were updated with new and refreshed setup guidance, including [Cursor](integrations/snyk-studio-agentic-integrations/quickstart-guides-for-snyk-studio/cursor-guide.md) and [Windsurf](integrations/snyk-studio-agentic-integrations/quickstart-guides-for-snyk-studio/windsurf-guide.md). -**Other updates** +#### Other updates * GitHub Cloud App and GitHub Server App have been added to the list of [supported SCMs for Dockerfile analysis](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-container/scan-your-dockerfile#supported-scms-for-dockerfile-analysis). * The `snyk-scm-contributors-count` docs were updated with prerequisites and setup notes. See [snyk-scm-contributors-count](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/scan-and-maintain-projects-using-the-cli/cli-tools/snyk-scm-contributors-count). @@ -158,119 +158,119 @@ The most recent updates include significant changes to the user docs, such as fe * The IaC issue-reporting walkthrough from the 'Getting started with Snyk IaC' page was updated to remove outdated screenshots and copy. * PR template variables were updated on the [Variables list and description](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/fix/snyk-pull-or-merge-requests/customize-pr-templates/variables-list-and-description) page with a new container base image `short name` values for cleaner PR titles and messages. -#### November 2025 +### November 2025 -**Snyk Container** +#### Snyk Container * The list of [operated distribution systems supported by Snyk Container](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-container/how-snyk-container-works/operating-system-distributions-supported-by-snyk-container) has been updated with support for Chisel. -**Snyk CLI** +#### Snyk CLI * The latest [Snyk CLI version](https://app.gitbook.com/o/-m4tdxg8qotlggznlpfr/s/ieejsxqqu36y0vmfv8zf/snyk-cli/snyk-cli/install-the-snyk-cli) available is v1.1301.0. * The [CLI help](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/fix/prioritize-issues-for-fixing/reachability-analysis#using-reachability-analysis-with-snyk-cli) has been updated with commands for reachability analysis. -Snyk IDE +#### Snyk IDE * The Automated Org Selection feature uses repository context to choose an Organization. Manual configuration overrides this automated selection. If the selection fails, Snyk defaults to your preferred Organization setting. The feature is available for the [Eclipse plugin](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/developer-tools/snyk-ide-plugins-and-extensions/eclipse-plugin/configuration-of-the-eclipse-plugin), the [JetBrains plugin](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/snyk-ide-plugins-and-extensions/jetbrains-plugin/configuration-for-the-snyk-jetbrains-plugin-and-ide-proxy), the [Visual Studio extension](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/developer-tools/snyk-ide-plugins-and-extensions/visual-studio-extension/visual-studio-extension-configuration-environment-variables-and-proxy), and the [Visual Studio Code extension](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/snyk-ide-plugins-and-extensions/visual-studio-code-extension/visual-studio-code-extension-configuration-environment-variables-and-proxy). -**Snyk integrations** +#### Snyk integrations * The Amazon Q guide for Snyk Studio now includes [updated instructions](integrations/snyk-studio-agentic-integrations/quickstart-guides-for-snyk-studio/amazon-q-guide.md#install-the-snyk-mcp-server-in-the-amazon-q-ide-extension) for configuring the Snyk MCP Server in VS Code and JetBrains. -**Other updates** +#### Other updates * [Reachabilty analysis](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/fix/prioritize-issues-for-fixing/reachability-analysis) has been updated with instructions on how it works and how to use it in both the Snyk Web UI and the Snyk CLI and clear support for specific languages and package managers. * The [Pre-defined roles](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/snyk-platform-administration/user-roles/pre-defined-roles#role-types) documentation has been updated to communicate that the Organization Admin role and associated permissions supersede any Group Member role restrictions. * The [severity condition](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/prevent/policies/security-policies/security-policies-conditions) is now available in Group-level policies. Use this feature to create more granular policies for Snyk Code and Snyk Open Source findings, for example, ignoring a finding or changing its severity. -#### October 2025 +### October 2025 -**Snyk API** +#### Snyk API * A new [API migration guide](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/api-end-of-life-eol-process-and-migration-guides/guides-to-migration/v1-reporting-apis-to-export-api-migration-guide) is available to help you migrate from the v1 Reporting API to the REST Exporting API. * The Export API has been improved with the option to [limit the link expiration](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/using-specific-snyk-apis/export-api-specifications-columns-and-filters#data-retention). -**Snyk Broker** +#### Snyk Broker * The [Universal Broker](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/reference/universal-broker) release status has transitioned to Generally Available. * The page [Upgrade an Organization from Classic Broker to Universal Broker](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/snyk-broker/universal-broker/upgrade-an-organization-integration-from-classic-broker-to-universal-broker#migrating-multiple-organizations) has been updated with steps to migrate multiple Organizations at a time. -**Snyk CLI** +#### Snyk CLI * Snyk CLI now supports uploading files and folders for Snyk Code scanning. The command [`code-test`](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/commands/code-test) has been updated with options reflecting these capabilities. * The latest [Snyk CLI version](https://app.gitbook.com/o/-m4tdxg8qotlggznlpfr/s/ieejsxqqu36y0vmfv8zf/snyk-cli/snyk-cli/install-the-snyk-cli) available is v1.1300.2. -**Snyk integrations** +#### Snyk integrations * The list of Snyk MCP quick guides now includes [Devin guide](integrations/snyk-studio-agentic-integrations/quickstart-guides-for-snyk-studio/devin-guide.md), [Factory guide](integrations/snyk-studio-agentic-integrations/quickstart-guides-for-snyk-studio/factory-guide.md), [Factory terminal guide](integrations/snyk-studio-agentic-integrations/quickstart-guides-for-snyk-studio/factory-terminal-ide-guide.md). * The Snyk MCP Server has been rebranded as [Snyk Studio](integrations/snyk-studio-agentic-integrations/). * [SCM integration support for Python](supported-languages/supported-languages-list/python/scm-integrations-and-python.md) has been updated with support for Python 3.14. -**Other updates** +#### Other updates -* The [Operating system distributions supported by Snyk Container](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-container/how-snyk-container-works/operating-system-distributions-supported-by-snyk-container#minimus) has been updated to include include support for Minimus, Ubuntu 25.10 - Questing Quokka, and Ubuntu 25.04 - Plucky Puffin. +* The [Operating system distributions supported by Snyk Container](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-container/how-snyk-container-works/operating-system-distributions-supported-by-snyk-container#minimus) have been updated to include include support for Minimus, Ubuntu 25.10 - Questing Quokka, and Ubuntu 25.04 - Plucky Puffin. * For [Ruby](supported-languages/supported-languages-list/ruby.md), versions 2.3.X are no longer supported. The Ruby-specific versions have been updated to include more version patches. * PR Check report was added as Early Access to the available reports to identify Snyk PR check locations, increase adoption, and pinpoint common failure impacts on developer workflows. * You can now label your assets with metadata on repository assets and build artifacts, helping tag, manage security, and group items by features. An asset label differs from an asset tag, which enables key-value tags for structured metadata, allowing for granular filtering, policy creation, and improved system alignment. * [JavaScript for open source](supported-languages/supported-languages-list/javascript/#javascript-for-snyk-open-source) has been updated to include full support for pnpm Projects. -#### September 2025 +### September 2025 -**Snyk Container** +#### Snyk Container * The instructions for [installing the Snyk Controller on Amazon Elastic Kubernetes Service (Amazon AKS)](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-container/kubernetes-integration/install-the-snyk-controller/install-the-snyk-controller-on-amazon-elastic-kubernetes-service-amazon-eks#create-an-eks-node-role-for-your-node-group-and-add-the-trust-relationship-for-the-iam-role) have been updated with details for configuring trust relationships for the IAM role. * The list of [operating system distributions supported by Snyk Container](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-container/how-snyk-container-works/operating-system-distributions-supported-by-snyk-container) has been updated to include SUSE Linux Enterprise Server 15.7 and Rocky Linux 10. -**Snyk integrations** +#### Snyk integrations * The SCM integration for Bitbucket Data Center/Server now supports the Required Builds feature for granular control over pull requests. To learn more, visit [Required Builds](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/scm-integrations/organization-level-integrations/bitbucket-data-center-server#required-builds). * [GitLab](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/prevent/pull-request-checks/analyze-pr-checks-results#gitlab) is supported for PR check results. This feature blocks merge requests with security issues when the "Pipelines must succeed" setting is enabled. -* The Snyk MCP quick guides list has been enriched with the following guides: [Claude Code](integrations/snyk-studio-agentic-integrations/quickstart-guides-for-snyk-studio/claude-code-guide.md), [Continue](integrations/snyk-studio-agentic-integrations/quickstart-guides-for-snyk-studio/continue-guide.md), [JetBrains AI Assistant](integrations/snyk-studio-agentic-integrations/quickstart-guides-for-snyk-studio/jetbrains-ai-assistant.md), [JetBrains Junie](integrations/snyk-studio-agentic-integrations/quickstart-guides-for-snyk-studio/jetbrains-junie.md) +* The Snyk MCP quick guides list has been enriched with the following guides: [Claude Code](integrations/snyk-studio-agentic-integrations/quickstart-guides-for-snyk-studio/claude-code-guide.md), [Continue](integrations/snyk-studio-agentic-integrations/quickstart-guides-for-snyk-studio/continue-guide.md), [JetBrains AI Assistant](integrations/snyk-studio-agentic-integrations/quickstart-guides-for-snyk-studio/jetbrains-ai-assistant.md), and [JetBrains Junie](integrations/snyk-studio-agentic-integrations/quickstart-guides-for-snyk-studio/jetbrains-junie.md) -**Other updates** +#### Other updates * For Java and Kotlin, the list of [supported Gradle versions](supported-languages-package-managers-and-frameworks/java-and-kotlin/#supported-package-managers-and-package-registries) now includes Gradle 9. * For [Ruby](supported-languages/supported-languages-list/ruby.md), an end-of-support notice has been added to say that starting Oct 1, 2025, Fix PRs are no longer supported for Projects using Ruby versions 3.1.x and lower. The table of supported Ruby versions has also been updated. -* For Javascript, [support for pnpm Projects](supported-languages/supported-languages-list/javascript/#support-for-pnpm) has been added. -* `Raise Support Community Cases` and `View Support Community Cases` Tenant level permissions have been added. To learn more about which Tenant roles these permissions apply to, visit Pre-defined roles, [Tenant-level permissions](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/snyk-platform-administration/user-roles/pre-defined-roles#tenant-level-permissions). +* For JavaScript, [support for pnpm Projects](supported-languages/supported-languages-list/javascript/#support-for-pnpm) has been added. +* `Raise Support Community Cases` and `View Support Community Cases` Tenant-level permissions have been added. To learn more about which Tenant roles these permissions apply to, visit Pre-defined roles, [Tenant-level permissions](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/snyk-platform-administration/user-roles/pre-defined-roles#tenant-level-permissions). * The [Analytics](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/prevent/analytics) menu now updates its data daily instead of hourly. * Learn how to resolve duplicated and unenriched assets discovered outside Group and Organization-level SCM integrations. * You can now [exclude specific values](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/prevent/analytics/reports-tab#exclude-filters) when you filter your reports. -#### August 2025 +### August 2025 -**Snyk API** +#### Snyk API * The [Export API](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/reference/export) has been enhanced with the project\_target\_file field. * A new dataset for usage events has been added to the [Export API.](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/reference/export) -**Snyk CLI** +#### Snyk CLI * [Experimental builds](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/releases-and-channels-for-the-snyk-cli#experimental-builds) information is now available for the CLI releases and channels. * The [AI-BOM](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/commands/aibom) Snyk CLI command is now available with any stable CLI release. * A new Snyk CLI analytics page is now available, providing information about [Essential Operational Analytics](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/snyk-cli-analytics#essential-operational-analytics) and [Optional Usage Analytics](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/snyk-cli-analytics#optional-usage-analytics). -**Snyk integrations** +#### Snyk integrations * You can now add the Snyk MCP server to [Goose CLI](integrations/snyk-studio-agentic-integrations/quickstart-guides-for-snyk-studio/gemini-cli-guide-1.md) to secure code generated with agentic workflows through an LLM. -* You can now integrate Akamai with the Snyk API & Web to discover and scan your API. See the [API Security](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/partner-integrations#api-security) section under Partner integrations page for more details. +* You can now integrate Akamai with the Snyk API & Web to discover and scan your API. See the [API Security](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/partner-integrations#api-security) section under the Partner integrations page for more details. * The [Jira Cloud documentation](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/jira-and-slack-integrations/snyk-security-in-jira-cloud-integration) has been updated for parity with the current version. -**Other updates** +#### Other updates * A new [Risk exposure report](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/prevent/analytics/reports-tab/exposure-and-coverage-reports#risk-exposure-report) has been released, providing you with a single, consolidated view of your security risks. * The rollout to General Availability has started for the [Pull Request Experience](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/prevent/pull-request-checks/pull-request-experience). -* The [Operating system distributions supported by Snyk Container](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-container/how-snyk-container-works/operating-system-distributions-supported-by-snyk-container) now includes Debian 14 - Forky. -* Snyk now supports [Ruby versions](supported-languages/supported-languages-list/ruby.md#technical-specifications) 3.3 \[3.3.9] and 3.4 \[3.4.5]. If the Ruby version is not specified in the gemfile, it will default to version 3.1. +* The [Operating system distributions supported by Snyk Container](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-container/how-snyk-container-works/operating-system-distributions-supported-by-snyk-container) now include Debian 14 - Forky. +* Snyk now supports [Ruby versions](supported-languages/supported-languages-list/ruby.md#technical-specifications) 3.3 \[3.3.9] and 3.4 \[3.4.5]. If the Ruby version is not specified in the Gemfile, it defaults to version 3.1. -#### July 2025 +### July 2025 -**Snyk API** +#### Snyk API * The [Export API](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/reference/export) is now available as GA. * The Assets API is now available as Early Access. -**Snyk CLI** +#### Snyk CLI * MCP updates: * [Updated the list of supported Snyk security tools into an AI system](integrations/snyk-studio-agentic-integrations/#snyk-studio-tools). @@ -280,29 +280,29 @@ Snyk IDE * Added PAT support for [Snyk CLI](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/authenticate-to-use-the-cli). * Added PAT support for Snyk CI/CD integrations ([CircleCI](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/snyk-ci-cd-integrations/circleci-integration-using-a-snyk-orb), [Jenkins](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/snyk-ci-cd-integrations/jenkins-plugin-integration-with-snyk), [Maven](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/snyk-ci-cd-integrations/maven-plugin-integration-with-snyk)). -**Snyk Code** +#### Snyk Code -* Support for Python, JavaScript and Typescript now includes more frameworks. +* Support for Python, JavaScript, and Typescript now includes more frameworks. -**Snyk Container** +#### Snyk Container -[Operating system distributions supported by Snyk Container](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-container/how-snyk-container-works/operating-system-distributions-supported-by-snyk-container) has been updated to include: SUSE Linux Enterprise (SLE) 15.3+, Red Hat Enterprise Linux 10, and Oracle Linux 10. +[Operating system distributions supported by Snyk Container](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-container/how-snyk-container-works/operating-system-distributions-supported-by-snyk-container) have been updated to include: SUSE Linux Enterprise (SLE) 15.3+, Red Hat Enterprise Linux 10, and Oracle Linux 10. -**Snyk IDE** +#### Snyk IDE * Added PAT support for all [Snyk IDE](https://app.gitbook.com/o/-m4tdxg8qotlggznlpfr/s/ieejsxqqu36y0vmfv8zf/integrations/snyk-ide-plugins-and-extensions/) plugins and extensions. * Added an [IDE Plugin Compatibility Matrix](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/developer-tools/snyk-ide-plugins-and-extensions/compatibility-matrix) for all supported versions. -**Snyk integrations** +#### Snyk integrations * [Snyk Agent Fix in the PR](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/prevent/pull-request-checks/pull-request-experience#snyk-agent-fix-in-the-pr) has added support for Bitbucket integrations, still in Early Access. * The [minimum version](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/prevent/pull-request-checks/configure-pull-request-checks) of Bitbucket Server and Bitbucket Data Center required to use the integrations with PR checks has been updated to 7.4 and 8 respectively. -**Snyk Open Source** +#### Snyk Open Source [Scan open-source libraries and licenses](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-open-source/scan-open-source-libraries-and-licenses/), [Snyk License Compliance Management](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-open-source/scan-open-source-libraries-and-licenses/snyk-license-compliance-management), and [Fix your vulnerabilities](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-open-source/manage-vulnerabilities/fix-your-vulnerabilities) have been updated with the new **Issues** tab layout. -**Other updates** +#### Other updates * A new architecture for user documentation on developer tools is now available. This update groups the main developer tools into a single section and distinctly separates them from the integrations documentation. * [Analytics](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/prevent/analytics/overview-tab) has a fresh new look. @@ -310,148 +310,148 @@ Snyk IDE * The [Developer IDE and CLI usage report](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/prevent/analytics/reports-tab/prevention-reports#developer-ide-and-cli-usage-report) has been improved with MCP-related data to provide better visibility into MCP usage. * [Okta custom mapping documentation](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/implementation-and-setup/enterprise-setup/single-sign-on-sso-for-authentication-to-snyk/custom-mapping/examples-setting-up-custom-mapping-for-idps/example-setting-up-custom-mapping-for-okta#construct-a-value-expression-that-creates-a-roles-array-to-be-sent-to-snyk) has been updated to clarify handling of the `Arrays.flatten(appuser.snyk_orgs)` value during setup. -#### June 2025 +### June 2025 -**Snyk Broker** +#### Snyk Broker * Updated the Snyk Broker documentation to include distinct steps for setting up the [Container Registry Agent with Docker](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/snyk-broker/snyk-broker-container-registry-agent#configuring-and-running-the-container-registry-agent), whether using the Classic or Universal Broker. * Updated the [Using the API to set up Universal Broker](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/snyk-broker/universal-broker/using-the-api-to-set-up-universal-broker/README.md) documentation with a Prerequisites section and clarified that the Snyk Broker App ID differs for each [region](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/ELvljsaLKPkSpffOkmsQ/regional-hosting-and-data-residency#broker-client-urls). * Snyk Learn courses have been integrated into the [Universal Broker](ehttps://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/snyk-broker/universal-broker/) pages. -**Other updates** +#### Other updates -* [Usage settings](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/snyk-hierarchy/usage-settings) has been updated with the new **Billing and Usage** dashboard, available with the new Snyk Platform Access plan. -* [Snyk Platform Access credits](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/ELvljsaLKPkSpffOkmsQ/snyk-platform-access-credits) has been added with brief information on the new Snyk Platform Access plan. -* The troubleshooting sections for all [Snyk IDE plugins](https://app.gitbook.com/o/-m4tdxg8qotlggznlpfr/s/ieejsxqqu36y0vmfv8zf/integrations/snyk-ide-plugins-and-extensions/), have been updated to include clear steps for working with the Logs details, which are available across all plugins. +* [Usage settings](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/snyk-hierarchy/usage-settings) have been updated with the new **Billing and Usage** dashboard, available with the new Snyk Platform Access plan. +* [Snyk Platform Access credits](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/ELvljsaLKPkSpffOkmsQ/snyk-platform-access-credits) have been added with brief information on the new Snyk Platform Access plan. +* The troubleshooting sections for all [Snyk IDE plugins](https://app.gitbook.com/o/-m4tdxg8qotlggznlpfr/s/ieejsxqqu36y0vmfv8zf/integrations/snyk-ide-plugins-and-extensions/) have been updated to include clear steps for working with the Logs details, which are available across all plugins. * A new feature, the [Snyk Agent Fix in the PR](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/prevent/pull-request-checks/pull-request-experience#snyk-agent-fix-in-the-pr), has been released, enabling the user to interact with inline comments by requesting an initial fix or a different suggestion, or by applying a specific fix by using the `@snyk /apply #` command. * [Consistent Ignores](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/fix/prioritize-issues-for-fixing/ignore-issues/consistent-ignores-for-snyk-code/) for Snyk Code now fully supports CLI Upload. -* The page on Docker Desktop Extension integration has been removed, due to the end of support. +* The page on Docker Desktop Extension integration has been removed due to the end of support. -#### May 2025 +### May 2025 -**Snyk CLI** +#### Snyk CLI * The `--platform` option was added to the [`container sbom`](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/commands/container-sbom) command. * The MCP information was expanded to [Developer guardrails for agentic workflows](integrations/snyk-studio-agentic-integrations/). -**IDE plugins and extensions** +#### IDE plugins and extensions * Information was added to the [JetBrains plugin troubleshooting](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/snyk-ide-plugins-and-extensions/jetbrains-plugin/troubleshooting-for-the-jetbrains-plugin). * Region information was updated on all [IDE pages](https://app.gitbook.com/o/-m4tdxg8qotlggznlpfr/s/ieejsxqqu36y0vmfv8zf/integrations/snyk-ide-plugins-and-extensions/). -**Snyk Code** +#### Snyk Code * Legacy ignores can be converted using [bulk ignore conversion](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/fix/prioritize-issues-for-fixing/ignore-issues/consistent-ignores-for-snyk-code/convert-project-scoped-ignores-to-asset-scoped-ignores#bulk-ignore-conversion). * DeepCode AI Fix has a new name: [Snyk Agent Fix](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-code/manage-code-vulnerabilities/fix-code-vulnerabilities-automatically). -**Snyk Container** +#### Snyk Container [Configure the integration with Docker Hub](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-container/container-registry-integrations/integrate-with-docker-hub/configure-the-integration-with-docker-hub) has been updated to state that Snyk does not support Organization Access Tokens (OAT). -**Snyk Integrations** +#### Snyk Integrations The [Bitbucket Cloud App](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/scm-integrations/organization-level-integrations/bitbucket-cloud-app) and [Jira App](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/jira-and-slack-integrations/snyk-security-in-jira-cloud-integration) integrations are now available in the `SNYK-US-02` environment. -**Other updates** +#### Other updates * For [SCM integrations with Python](supported-languages/supported-languages-list/python/scm-integrations-and-python.md), the list of dependencies that are not supported has been updated to include `pip` for Python 2.7 and 3.7. * [Python dependency filtering results](supported-languages/supported-languages-list/python/scm-integrations-and-python.md) have been updated to clarify the conditions in which certain packages and configurations are skipped by SCM scans. * The list of supported package managers has been updated to include `conan`. See [C/C++](supported-languages/supported-languages-list/c-c++.md), [SBOM test](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/commands/sbom-test), [Test an SBOM document for vulnerabilities](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/using-specific-snyk-apis/sbom-apis/rest-api-endpoint-test-an-sbom-document-for-vulnerabilities). * [Instructions for upgrading an Organization integration from Classic Broker to Universal Broker](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/snyk-broker/universal-broker/upgrade-an-organization-integration-from-classic-broker-to-universal-broker) were clarified. -#### April 2025 +### April 2025 -**Snyk API** +#### Snyk API * Several APIs have been updated; see the [Changelog](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/changelog). * The navigation in the API section now reflects the use of Authentication and the Changelog for both the V1 and REST APIs. * The [Authentication for API](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/authentication-for-api) page has been updated with region information and clarity on using the bearer token. * The [API endpoints index and tips](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/api-endpoints-index-and-tips) page now has a note about how to find your `org_id`. -**Snyk Essentials** +#### Snyk Essentials * [The Inventory Overview tab](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/manage-assets/assets-inventory-layouts) is now available to provide insights and prescriptive guidance to improve your application security. * [The Visibility column](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/manage-assets/assets-inventory-components#visibility) has been added to show the visibility status of your repositories. -**Snyk Broker** +#### Snyk Broker Additional updates have been made to the [Universal Broker](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/reference/universal-broker) documentation to clarify the instructions and add details about the use of the APIs. -**Snyk CLI** +#### Snyk CLI Information has been added about Snyk support for the Model Context Protocol (MCP) through the [`snyk mcp` experimental CLI command](integrations/snyk-studio-agentic-integrations/usage-analytics.md). -**Snyk Code** +#### Snyk Code * [Consistent Ignores ](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/fix/prioritize-issues-for-fixing/ignore-issues/consistent-ignores-for-snyk-code)is now available in Early Access. Your development teams can create ignores that are consistently respected regardless of how and where the test is run and what branch is being tested. * Snyk Code supports gRPC libraries. -**Snyk Container** +#### Snyk Container * [Using Custom Base Image Recommendation](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-container/use-snyk-container/use-custom-base-image-recommendations) has been updated with clarifications on how Snyk recommends images. * The list of [Operating system distributions supported by Snyk Container](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/snyk-container/how-snyk-container-works/operating-system-distributions-supported-by-snyk-container) has been updated to include Alpine Linux 3.21, Ubuntu 25.04 - Plucky Puffin, and Ubuntu 24.10 - Oracular Oriole. * The section describing the automated integration process for Amazon Elastic Container Registry (ECR) has been removed, as Snyk no longer supports this method. -**Snyk Integrations** +#### Snyk Integrations * For the [Jira integration](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/jira-and-slack-integrations/jira-integration#prerequisites-for-jira-integration-with-snyk), Snyk now supports Jira versions 5 to 10. * For [SCM integrations with Gradle](supported-languages-package-managers-and-frameworks/java-and-kotlin/git-repositories-with-maven-and-gradle.md), Snyk now supports `allprojects` and `subprojects` blocks, as well as Spring Boot plugins BOMs. -**Other updates** +#### Other updates * DAST scanning is now available with [Snyk API & Web](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/scan-with-snyk/overview#select-scanning-methods), enabling users to discover and test the security of their APIs and web apps, including AI-generated ones. * PR Checks is now available with a General Availability release status. -#### March 2025 +### March 2025 -**Snyk Broker** +#### Snyk Broker * The Snyk Broker section has been divided into [Universal Broker](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/snyk-broker/universal-broker) and [Classic Broker](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/snyk-broker/classic-broker) documentation and the [main page](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/snyk-broker/snyk-broker) has been updated. * The Classic Broker installation instructions now include the command to set the `BROKER_SERVER_URL` for [Docker](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/install-and-configure-broker-using-docker) and the `brokerServerUrl` for [Helm](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IgtgtomLQ2TUgSKOMSAm/enterprise-setup/snyk-broker/classic-broker/install-and-configure-snyk-broker/install-and-configure-broker-using-helm). -**Snyk API** +#### Snyk API * The [V1 API overview](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/v1-api) and [reference](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/reference) are now on the user docs site only. Additional details from Apiary have been added to the V1 reference on the user docs site. The API reference has been removed from the V1 API Apiary site. * A section has been added for [pages that explain how to use specific APIs in depth](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-api/using-specific-snyk-apis). -**Snyk CLI, CI/CD, IDE** +#### Snyk CLI, CI/CD, IDE * [Advanced use of Snyk Container CLI](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/snyk-cli/snyk-cli/scan-and-maintain-projects-using-the-cli/snyk-cli-for-snyk-container/advanced-use-of-snyk-container-cli) now includes support for scanning Kaniko image archives. * The [support policy for the CI/CD plugins](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/snyk-ci-cd-integrations#support-policy) was updated to align with the CLI support policy. * The Net new issues feature was added to the IDE documentation for [Eclipse](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/dintegrations/snyk-ide-plugins-and-extensions/eclipse-plugin/use-the-snyk-plugin-to-secure-your-eclipse-projects#net-new-issues-versus-all-issues), [JetBrains](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/snyk-ide-plugins-and-extensions/jetbrains-plugin/run-an-analysis-with-the-jetbrains-plugin#net-new-issues-versus-all-issues), [Visual Studio](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/snyk-ide-plugins-and-extensions/visual-studio-extension/view-analysis-results-from-visual-studio-extension#net-new-issues-versus-all-issues), and [Visual Studio Code](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/snyk-ide-plugins-and-extensions/visual-studio-code-extension/view-analysis-results-from-visual-studio-code-extension#net-new-issues-versus-all-issues), and [troubleshooting information](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/snyk-ide-plugins-and-extensions/troubleshooting-ides/net-new-issues-delta-scan-troubleshooting) was added. -**Snyk Code** +#### Snyk Code * The Generated Pull Requests report is now available in Early Access. This report provides an overview of how Fix, Backlog, and Upgrade PRs are used and highlights the efficiency of PR merges. * [The Pull Request Experience](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/prevent/pull-request-checks/pull-request-experience) now supports GitLab and Azure Repos SCM integrations, with a few [limitations](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/prevent/pull-request-checks/pull-request-experience#inline-comments). * New Snyk Code filters and columns were added to [Snyk Reports](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/prevent/analytics/reports-tab/issue-columns-dictionary#issue-characteristics) and [Snowflake Data Share](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/prevent/analytics/reports-tab/reporting-and-bi-integrations-snowflake-data-share/data-share-data-dictionary): File Path, Code Region, and Asset Finding ID. * Snyk Code now supports [Rust](supported-languages/supported-languages-list/rust.md) and [Groovy](supported-languages/supported-languages-list/groovy.md) available in Early Access and accessible from Snyk Preview. -**Snyk Essentials** +#### Snyk Essentials * A new feature is now available in Snyk Essentials, introducing a new type of [asset tag](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/prevent/policies/assets-policies#asset-tagging) known as GitHub custom properties. * [Asset tags](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/manage-assets/assets-inventory-components#tags) have been redefined and are now clearly separated into system tags and user-defined tags. -**Snyk Integrations** +#### Snyk Integrations * The [GitHub Server App](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/scm-integrations/organization-level-integrations/github-server-app) has moved into General Availability. -* The [Jira integration documentation](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/jira-and-slack-integrations/jira-integration#prerequisites-for-jira-integration-with-snyk) has been updated to state that Snyk supports version 5 to version 9. +* The Jira integration documentation has been updated to state that Snyk supports version 5 to version 9. -**Other updates** +#### Other updates * The PCI-DSS v4.0.1 report is now available in Early Access. This report leverages Snyk scan results to assess, prove, and improve readiness for PCI-DSS AppSec compliance regarding SCA and SAST vulnerabilities. * The [Repositories Tested in CI/CD report](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/prevent/analytics/reports-tab/prevention-reports#repositories-tested-in-ci-cd-report) is available in Early Access. This report tracks Snyk CI/CD testing to prevent vulnerable production deployments. * [Severity levels](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/fix/prioritize-issues-for-fixing/severity-levels#why-are-there-multiple-cvss-scores-for-the-same-vulnerability) now provide more details about the CVSS v4.0. -#### February 2025 +### February 2025 -**Snyk Essentials** +#### Snyk Essentials * The Integrations UI at the Group level has been enhanced to improve readability and actionability and provide inline instructions and inline profile helpers. * Group-level [Integrations documentation](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/IEEjSXQQu36y0vmFV8zf/integrations/integrate-with-snyk#integrations-syncing-time) has been updated with new, more accurate sync times. * The [asset filter](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/prevent/policies/assets-policies/create-policies) documentation has been consolidated into one section, and it now links to all relevant areas, such as Inventory and Asset Policy filters. -**Other updates** +#### Other updates * A new [Automated Provisioning guide](implementation-and-setup/enterprise-setup/auto-provisioning-guide.md) has been created for **Pilot** and **Enterprise** **users**, detailing the steps of the auto-provisioning process for new and existing user accounts. * [Snyk Code PR Checks](https://app.gitbook.com/o/-M4tdxG8qotLgGZnLpFR/s/BJO0IZx7zB6bOkotxQP2/prevent/pull-request-checks/configure-pull-request-checks#configure-for-code-analysis-click-to-expand) are in General Availability. From b25a2c2791f950dd73000fba7a56246e00d816be Mon Sep 17 00:00:00 2001 From: mikeromard Date: Thu, 21 May 2026 14:44:29 -0300 Subject: [PATCH 26/29] Reproduced Commit 84ab82e --- developer-tools/integrations/partner-integrations.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/developer-tools/integrations/partner-integrations.md b/developer-tools/integrations/partner-integrations.md index 8ac4ac6423ff..ac53ecfa17b4 100644 --- a/developer-tools/integrations/partner-integrations.md +++ b/developer-tools/integrations/partner-integrations.md @@ -175,8 +175,7 @@ To see the documentation for each integration, click on the integration name in | [CodeNotary](https://www.youtube.com/watch?v=N2AWLEKQXqs) | Protect your software project with automatic component discovery, including dependency tracking, SBOM generation, and sharing, as well as Snyk vulnerability scan integration. | | [Cortex](https://docs.cortex.io/) | Cortex is the internal developer portal that cuts noise for developers with paved paths to production. Catalog, score, and drive action to improve software. | | [Mindflow](https://mindflow.io/integrations/snyk) | Mindflow is a no-code, AI-driven enterprise orchestration and automation platform for Security, IT, and Cloud teams. | -| [Panther](https://panther.com/integrations/snyk) | Panther is a SIEM platform that brings together your Snyk findings with the rest of your security data to provide greater insights, reporting, and alerting in one place. | -| [Phylum](https://docs.phylum.io/integrations/snyk) | The Phylum App for Snyk augments Snyk SCA to alert users to zero-day vulnerabilities and software supply chain attacks, like malware, typosquats and dependency confusion. | +| [Panther](https://panther.com/integrations/snyk) | Panther is a SIEM platform that brings together your Snyk findings with the rest of your security data to provide greater insights, reporting, and alerting in one place. | | | [Slack](https://snyk.io/partners/slack/) | Snyk surfaces vulnerabilities found across your software projects and presents actionable notifications within relevant Slack channels, including recommended fixes and alternative mitigation advice where necessary. | ## Reporting and Analytics From 13d79a408726583212ed9089fdde15c2da7cb1ba Mon Sep 17 00:00:00 2001 From: mikeromard Date: Thu, 21 May 2026 14:48:27 -0300 Subject: [PATCH 27/29] Reproduced Commit eb720ac --- ...rporates-generative-ai-into-the-platform.md | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/snyk-data-and-governance/how-snyk-incorporates-generative-ai-into-the-platform.md b/snyk-data-and-governance/how-snyk-incorporates-generative-ai-into-the-platform.md index 3a54fe5f13b6..3bdd1d713679 100644 --- a/snyk-data-and-governance/how-snyk-incorporates-generative-ai-into-the-platform.md +++ b/snyk-data-and-governance/how-snyk-incorporates-generative-ai-into-the-platform.md @@ -1,6 +1,6 @@ # How Snyk incorporates generative AI into the platform -Snyk’s AI Security Platform uses generative AI to enhance automation, efficiency, and innovation for developers and security teams. Snyk uses a mix of solutions, including proprietary, self-hosted models and third-party large language models (LLMs). +Snyk’s AI Security Platform uses generative AI to enhance automation, efficiency, and innovation for developers and security teams. Snyk’s generative AI features are powered by third-party large language models (LLMs) from established AI providers. This document explains what generative AI technologies Snyk uses and how data flows through our systems. It also describes the measures we take to protect your data. The field of AI is changing quickly. As a result, the AI technologies we use may change when we introduce new features or update existing ones. @@ -8,26 +8,22 @@ This document explains what generative AI technologies Snyk uses and how data fl Snyk places the utmost importance on data security and integrity. -* **No training on customer code**: Snyk does not use customer proprietary software code to train, optimize, fine tune or improve any of its AI models, and does not use or incorporate any third-party AI models into the platform unless they make the same commitments. +* **No training on customer code**: Snyk does not use customer proprietary software code to train, optimize, fine-tune, or improve any AI models, and does not use or incorporate any third-party AI models into the platform unless they make the same commitments. * **Contractual protection**: All of the AI functionality described in this document forms part of Snyk’s services. Your use of this functionality is governed by your existing agreements with Snyk and benefits from the same contractual protections. No separate in-service terms, addenda, or amendments to your existing agreements with Snyk are required. ## AI models -Snyk uses multiple AI deployment strategies to balance performance, security, and data protection: - -* **Proprietary / self-hosted models**: Snyk’s core generative AI model is proprietary and maintained entirely within our controlled environment. This model runs on dedicated infrastructure and powers our fundamental product functionality of identifying issues and proposing fixes to those issues. -* **Hybrid models**: For certain products or features, Snyk uses both its proprietary self-hosted model and open-source model/s. In this case, these open-source models are hosted and maintained entirely within our controlled environment. -* **Third-party LLMs**: For certain products or features, Snyk uses LLMs from established AI providers, including OpenAI and Anthropic, through secure API connections and cloud services like AWS Bedrock and GCP Vertex. +Snyk uses LLMs from established AI providers, including OpenAI and Anthropic, through API connections and cloud services like AWS Bedrock and GCP Vertex. ## Product-specific AI implementations ### Agent Fix & Explain -
AttributeDetails
Purpose

Designed to help developers:

  • Fix their code faster by suggesting fixes to vulnerabilities identified by Snyk Code; and
  • Better understand findings and suggestions returned by Snyk by providing detailed explanations on demand.
AI models / deploymentA combination of Snyk’s proprietary DeepCode AI engine and other open-source models that may be fine-tuned on Snyk’s existing datasets (which do not include any customer proprietary software code) and which are maintained and hosted entirely within our controlled environment.
Data processedCode snippets containing only the relevant scope of the vulnerability.
Data retentionBecause these models are entirely Snyk hosted, no customer proprietary software code is retained by them.
Additional informationMore information about Agent Fix is available here.
+
AttributeDetails
Purpose

Designed to help developers:

  • Fix their code faster by suggesting fixes to vulnerabilities identified by Snyk Code; and
  • Better understand findings and suggestions returned by Snyk by providing detailed explanations on demand.
AI models / deploymentAnthropic’s Claude models through AWS Bedrock or GCP Vertex.
Data processedCode snippets containing only the relevant scope of the vulnerability.
Data retentionCustomer proprietary software code is not retained by the provider of these AI models.
Additional informationMore information about Agent Fix is available here.
### Snyk Assist for Snyk Learn -
AttributeDetails
Purpose

AI powered chat assistant designed to help developers and Snyk users:

  • Obtain contextually relevant assistance when navigating the information and resources available within Snyk Learn; and
  • Get immediate customized answers to specific application security, secure coding and Snyk product usage questions.
AI models / deploymentAnthropic's Claude models through GCP Vertex.
Data ProcessedUser input, in the form of chat-based questions submitted by developers and Snyk users.
Safeguards

Snyk has implemented:

  • Technical safeguards designed to check for code in user input; if found, code is not sent to the AI model or stored by Snyk; and
  • Measures designed to handle inappropriate user input, for your safety and that of Snyk.
Data retentionAnonymized user inputs are retained by Snyk for a reasonable period for monitoring and managing service performance, after which they are permanently deleted.
Additional informationMore information about Snyk Assist for Learn is available here.
+
AttributeDetails
Purpose

AI powered chat assistant designed to help developers and Snyk users:

  • Obtain contextually relevant assistance when navigating the information and resources available within Snyk Learn; and
  • Get immediate customized answers to specific application security, secure coding and Snyk product usage questions.
AI models / deploymentAnthropic's Claude models through GCP Vertex.
Data ProcessedUser input, in the form of chat-based questions submitted by developers and Snyk users.
Safeguards

Snyk has implemented:

  • Technical safeguards designed to check for code in user input — if found, code is not sent to the AI model or stored by Snyk.
  • Measures designed to handle inappropriate user input, for your safety and that of Snyk.
Data retentionAnonymized user inputs are retained by Snyk for a reasonable period for monitoring and managing service performance, after which they are permanently deleted.
Additional informationMore information about Snyk Assist for Learn is available here.
### Snyk Assist for Support @@ -57,9 +53,9 @@ Snyk uses multiple AI deployment strategies to balance performance, security, an ## Additional AI safeguards and controls -Snyk has taken a proactive approach to AI governance by implementing robust policies, procedures and technical controls to encompass AI-specific considerations. In addition to Snyk's internal policies and controls, we maintain an overarching AI Governance Program managed by our cross-functional AI Advisory Board. +Snyk has taken a proactive approach to AI governance by implementing robust policies, procedures, and technical controls to encompass AI-specific considerations. In addition to Snyk's internal policies and controls, we maintain an overarching AI Governance Program managed by our cross-functional AI Advisory Board. -Snyk does not develop general-purpose AI models. Our proprietary AI is purpose-built to support the same functionality as our underlying platform: identifying vulnerabilities in code, proposing fixes to those vulnerabilities, and promoting security within the software development lifecycle. Additionally, our AI governance incorporates key principles of emerging AI regulations. This includes validating our training datasets for quality and copyright compliance, and ongoing testing of output quality. Snyk's AI capabilities are designed to enable our customers' to assess AI-related risks and vulnerabilities, including governance mechanisms, transparency measures, and security controls. +Snyk’s AI capabilities are specifically designed to support the same functionality as our underlying platform: identifying vulnerabilities in code, proposing fixes to those vulnerabilities, and promoting security within the software development lifecycle. Our AI governance incorporates key principles of emerging AI regulations. This includes validating our deterministic training datasets for quality and copyright compliance, and ongoing testing of output quality. Snyk's AI capabilities are designed to enable our customers to assess AI-related risks and vulnerabilities, including governance mechanisms, transparency measures, and security controls. ## How Snyk handles data generally From 956fcaa11e4734bfd9cd0315745bfdcad09f84b9 Mon Sep 17 00:00:00 2001 From: mikeromard Date: Thu, 21 May 2026 14:59:37 -0300 Subject: [PATCH 28/29] Reproduced Commit e603a81 --- developer-tools/.gitbook/assets/rest-spec.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/developer-tools/.gitbook/assets/rest-spec.json b/developer-tools/.gitbook/assets/rest-spec.json index c57417d9ef87..1af98a6e233b 100644 --- a/developer-tools/.gitbook/assets/rest-spec.json +++ b/developer-tools/.gitbook/assets/rest-spec.json @@ -16396,7 +16396,7 @@ "type": "string" }, "description": { - "description": "A markdown-formatted optional description of this remedy. Links are not permitted.", + "description": "A markdown-formatted optional description of this remedy.", "maxLength": 20480, "minLength": 1, "type": "string" From e80586db89df52d9070d5900310d46b409d3d311 Mon Sep 17 00:00:00 2001 From: mikeromard Date: Thu, 21 May 2026 15:00:49 -0300 Subject: [PATCH 29/29] Reproduced Commit f4deefc --- .../compatibility-matrix.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/developer-tools/snyk-ide-plugins-and-extensions/compatibility-matrix.md b/developer-tools/snyk-ide-plugins-and-extensions/compatibility-matrix.md index d88843c623fb..0e2a431464ce 100644 --- a/developer-tools/snyk-ide-plugins-and-extensions/compatibility-matrix.md +++ b/developer-tools/snyk-ide-plugins-and-extensions/compatibility-matrix.md @@ -4,15 +4,15 @@ This matrix shows the compatible CLI version range for each IDE plugin version r | Release Date | IDE Plugin | Compatible CLIs | | ------------ | --------------------------------- | --------------------- | -| 2026-04-13 | JetBrains 2.21.0 | v1.1304.0 - v1.1304.3 | -| 2026-04-13 | Visual Studio 2.9.0 | v1.1304.0 - v1.1304.3 | -| 2026-04-13 | VSCode v2.31.0 | v1.1304.0 - v1.1304.3 | -| 2026-04-13 | Eclipse v3.9.0 (v20260413.115019) | v1.1304.0 - v1.1304.3 | +| 2026-04-13 | JetBrains 2.21.0 | v1.1304.0 - v1.1305.0 | +| 2026-04-13 | Visual Studio 2.9.0 | v1.1304.0 - v1.1305.0 | +| 2026-04-13 | VSCode v2.31.0 | v1.1304.0 - v1.1305.0 | +| 2026-04-13 | Eclipse v3.9.0 (v20260413.115019) | v1.1304.0 - v1.1305.0 | | 2026-03-09 | VSCode v2.30.0 | v1.1303.0 - v1.1303.2 | | 2026-03-02 | Visual Studio 2.8.0 | v1.1303.0 - v1.1303.2 | | 2026-03-02 | VSCode v2.29.0 | v1.1303.0 - v1.1303.2 | | 2026-03-02 | Eclipse v3.8.0 (v20260302.094734) | v1.1303.0 - v1.1303.2 | -| 2026-03-02 | JetBrains 2.20.0 | v1.1304.0 - v1.1304.3 | +| 2026-03-02 | JetBrains 2.20.0 | v1.1304.0 - v1.1305.0 | | 2026-02-05 | VSCode v2.28.1 | v1.1302.0 - v1.1302.1 | | 2026-01-19 | JetBrains 2.19.0 | v1.1302.0 - v1.1302.1 | | 2026-01-19 | Visual Studio 2.7.0 | v1.1302.0 - v1.1302.1 |