Product Updates

We are thrilled to announce that the Prevention Report is now available in Early Access!

Measuring the true impact of "shifting left" has traditionally been a challenge. We designed the Prevention report to give you clear, actionable visibility into the effectiveness of security adoption directly within your development lifecycle.

This new report tracks the vulnerabilities developers proactively remediate at the point of creation in Snyk Code and Secrets—long before those issues ever reach a pull request or production environment. Data is seamlessly captured in the background as your team works across our developer surfaces, including Snyk Studio (MCP), IDE plugins and extensions, and the CLI.

The Prevention report enables you to:

• Measure proactive security: Track the total number of raw fixes and monitor your fix rate over time using our new prevention key performance indicators (KPIs).

• Analyze developer workflows: Break down fixes by surface area to understand exactly where your team prefers to resolve issues (MCP, IDE, or CLI).

• Identify trends and champions: Leverage the Fix-by-Developer leaderboard and detailed vulnerability breakdowns to see which types of vulnerabilities developers squash immediately, and which ones are detected but left unfixed.

• Enrich your Analytics Overview: Enable fix-by-surface KPIs and a new fix trends chart directly within your primary Analytics Overview dashboard for a comprehensive view of your security posture.

You can now directly measure the effectiveness of your IDE or MCP-based security efforts. By tracking vulnerabilities remediated early in the development lifecycle, you gain the data needed to prove the success of your security programs and validate your application security strategy.

To learn more, visit our Snyk User Documentation.

Introducing Hooks-Based Guardrails

Snyk Studio is evolving our agentic guardrails to enable deeper trust in agent-generated code. We are debuting a new asynchronous, hooks-based approach to replace traditional rules-based guardrails, ensuring that security remains deterministic and efficient without slowing down the developer loop.

As agentic development has matured, initial friction points in rules-based models have become apparent. By transitioning to a hooks-based architecture, Snyk Studio resolves these key challenges with the traditional rules-based approach:

• Determinism: While agents may occasionally ignore traditional rules, hooks are deterministic, ensuring that defined security scans are executed every time.

• Zero Latency: Unlike rules-based models that add visible friction to the developer experience, hooks leverage background scans to provide a low-latency workflow.

• Context Window Efficiency: The rules-based approach injected Snyk scan results into the agent's context window, consuming limited token space. Hooks decouple scan execution and results, keeping the context window focused on coding tasks.

Support for Leading ADEs

We have targeted support for the hook-based approach to cover popular Agentic Development Environments (ADEs) across both Windows and macOS. You can now leverage Snyk Studio guardrails in:

• Claude Code

• Cursor

• Gemini CLI

• Codex CLI (coming soon)

We also support automatic configuration of the /snyk-fix command, /snyk-batch-fix command, MCP server, and secure dependency health check skill for:

• Kiro

• Windsurf

• Copilot CLI

• Copilot VS Code Extension

Scaling for the Enterprise

To simplify adoption, we have released an installation script to automate configuration and deployment. The install script:

• Supports Windows and Mac

• Can be used via MDM to support distribution at scale

• Installs the /snyk-fix command, /snyk-batch-fix command, MCP server, and secure dependency health check skill on: Claude Code, Cursor, Gemini CLI, Codex CLI (coming soon), Kiro, Windsurf, Copilot CLI, and the Copilot VS Code Extension

• Installs hooks on: Claude Code, Cursor, Gemini CLI, Codex CLI (coming soon)

Getting Started

See our revamped documentation to get hooks configured and installed in your favorite ADE.

What’s Next

We will continue to expand support for additional ADEs and are working to integrate Snyk Studio distribution directly with Agent Scan and Agent Guard.

We are pleased to announce Snyk CLI release, v1.1304.2

This release contains fixes and minor improvements. To learn more beyond what is highlighted below, please reference the full release notes.

This update includes the following:

• Fixed vulnerabilities:

  • SNYK-GOLANG-GITHUBCOMAWSAWSSDKGOV2AWSPROTOCOLEVENTSTREAM-16316402

  • SNYK-GOLANG-GITHUBCOMAWSAWSSDKGOV2SERVICES3-16316411

  • CVE-2026-39892

  • CVE-2026-33750

• Snyk Studio: Adding missing tools annotations to MCP server

If you have any questions, feel free to reach out to the Snyk support team. We encourage everyone to upgrade to the latest version to take advantage of these improvements.

Following our previous announcement, snyk_package_health_check is now available in the Full (default) profile for Snyk MCP.

This capability brings Secure at Inception protection to dependency selection in agentic development workflows, enabling AI agents to evaluate open-source packages before they are added to a project using insights from Snyk’s Security Database.

snyk_package_health_check is now generally available and enabled by default for supported ecosystems: npm, PyPI, Maven, NuGet, and Golang.

What’s new

• Now included in the Full (default) profile - snyk_package_health_check is enabled by default for Snyk-supported MCP workflows.

• Package health checks across four dimensions: Security, Maintenance, Community, and Popularity.

• Clear guidance outcomes to help manage agent behavior, including Healthy, Review recommended, Not recommended, and Unknown/insufficient data.

Why this matters

• Available by default - snyk_package_health_check is now included in the Full profile, so customers get dependency health checks in MCP workflows without additional setup.

• Ready for production use - With this move to the Full profile, customers can confidently integrate Secure at Inception into their standard development workflows.

If you have any questions, please reach out to the Snyk Support team. To learn more about snyk_package_health_check, visit the Snyk documentation.

Starting February 25, 2026, we are introducing snyk_package_health_check for Snyk Studio. This update brings Secure at inception protection to dependency selection in agentic development workflows, ensuring that AI coding assistants evaluate open-source packages before they enter your project.

As AI coding assistants increasingly select and install dependencies autonomously, security must move earlier in the workflow. This feature enables AI agents to use insights from the Snyk security database to evaluate packages at the moment they are chosen.
This functionality is available in an Experimental profile for several supported ecosystems, including npm, PyPI, Maven, NuGet, and Golang.

New capabilities

• Package health checks across four dimensions: Security, Maintenance, Community, and Popularity.

• Clear guidance outcomes to help manage agent behavior, including Healthy, Review recommended, Not recommended, and Unknown/insufficient data.

• Policy-driven guardrails that allow Organizations to require health checks, pause on risk signals, block unsafe packages, and enforce human approval.

Why this matters

Evaluating package health before installation reduces supply chain risk, which is critical because AI agents can introduce dependencies at scale. Integrating snyk_package_health_check into MCP extends your security policies and governance directly into AI-assisted development.

If you have any questions, please reach out to the Snyk Support team. To learn more about snyk_package_health_check, visit the Snyk documentation.

We have released a new version of our Visual Studio Code IDE plugin. This update addresses minor bug fixes and improvements, including:

• Fix for the automated registration of Snyk’s MCP server when using Snyk’s IDE plugin and Copilot in VSCode

If you have any questions, feel free to reach out to the Snyk support team.

We have released a new CLI hotfix (v1.1301.2) to address a bug when using Snyk with agentic integrations such as Amazon Kiro:

• MCP: Ensure compliance with the model context protocol specification

Release notes can be found here.

If you have any questions, feel free to reach out to the Snyk Support team.

We have released a new CLI hotfix (v1.1301.1) to address bugs and improve the overall user experience:

• Reachability

  • Fixed an issue in test, when using reachability, that caused the fix advice to display incorrectly on certain occasions

  • Resolved a monitor bug with double-dashed arguments when using reachability

• General improvements

  • Improved scanning speed when running test/monitor with reachability

  • Improved SCA scanning through MCP with fewer I/O operations

  • Fixed multiple issues to make Snyk work more smoothly in your code editor

  • Updated dependencies to improve stability and security

Release notes can be found here.

If you have any questions, feel free to reach out to the Snyk Support team.

We are pleased to announce the latest stable Snyk CLI release, v1.1301.0.

We are introducing the following key improvements in this version. To learn more about bug fixes and additional enhancements beyond what is highlighted below, please reference the full release notes.

This update includes the following:

• Snyk Container: Container scanning now supports both Ubuntu Chisel images and zstd-compressed layers, as well as usr/lib JAR files via the `--include-system-jars` parameter.

• Snyk Open Source: Initial support for Maven 4 is available for Open Source's test, monitor and SBOM commands.

• Snyk Open Source: Reachability for Snyk CLI and CI/CD integrations is now available in Early Access for all Snyk Open Source customers.

• Snyk SBOM: A new experimental flag, `--include-provenance`, for Maven projects that includes verification checksums in SBOMs.

• Snyk Studio: Snyk Studio now supports writing scan output into a file, and Service Account support.

• Stability, security, and performance: This release also includes numerous bug fixes and enhancements to improve the overall stability, security, and performance of the CLI.

Release notes can be found here.

If you have any questions, feel free to reach out to the Snyk support team.

We encourage everyone to upgrade to the latest version to take advantage of these new features and improvements.