Product Updates

We are thrilled to announce that the Prevention Report is now available in Early Access!

Measuring the true impact of "shifting left" has traditionally been a challenge. We designed the Prevention report to give you clear, actionable visibility into the effectiveness of security adoption directly within your development lifecycle.

This new report tracks the vulnerabilities developers proactively remediate at the point of creation in Snyk Code and Secrets—long before those issues ever reach a pull request or production environment. Data is seamlessly captured in the background as your team works across our developer surfaces, including Snyk Studio (MCP), IDE plugins and extensions, and the CLI.

The Prevention report enables you to:

• Measure proactive security: Track the total number of raw fixes and monitor your fix rate over time using our new prevention key performance indicators (KPIs).

• Analyze developer workflows: Break down fixes by surface area to understand exactly where your team prefers to resolve issues (MCP, IDE, or CLI).

• Identify trends and champions: Leverage the Fix-by-Developer leaderboard and detailed vulnerability breakdowns to see which types of vulnerabilities developers squash immediately, and which ones are detected but left unfixed.

• Enrich your Analytics Overview: Enable fix-by-surface KPIs and a new fix trends chart directly within your primary Analytics Overview dashboard for a comprehensive view of your security posture.

You can now directly measure the effectiveness of your IDE or MCP-based security efforts. By tracking vulnerabilities remediated early in the development lifecycle, you gain the data needed to prove the success of your security programs and validate your application security strategy.

To learn more, visit our Snyk User Documentation.

We are pleased to announce the latest stable Snyk CLI release, v1.1305.0.

We are introducing the following key improvements in this version. To learn more about bug fixes and additional enhancements beyond what is highlighted below, please reference the full release notes.

This update includes the following:

• SBOM

  • Introduces the --allow-incomplete-sbom flag for snyk sbom, allowing the SBOM to be generated even when individual projects fail to resolve. Failed projects are surfaced as per-project errors alongside the successful results.

• Container

  • Speed up snyk container monitor by sending dependency requests in parallel, configurable via the SNYK_REQUEST_CONCURRENCY environment variable.

• MCP

  • Adds an experimental breakability evaluation tool to the Snyk MCP Server.

• Static CLI binaries for Linux

  • Linux ARM64 and AMD64 binaries are now statically linked by default.

• Additional Reliability and Performance Improvements

  • npm package aliases from lockfile now appropriately used in test command.

  • Fixes parsing of Python .whl files when scanning projects with --all-projects.

  • Updates dependencies to fix vulnerabilities

Release notes can be found here.

If you have any questions, feel free to reach out to the Snyk support team. We encourage everyone to upgrade to the latest version to take advantage of these new features and improvements.

Following our previous announcement, snyk_package_health_check is now available in the Full (default) profile for Snyk MCP.

This capability brings Secure at Inception protection to dependency selection in agentic development workflows, enabling AI agents to evaluate open-source packages before they are added to a project using insights from Snyk’s Security Database.

snyk_package_health_check is now generally available and enabled by default for supported ecosystems: npm, PyPI, Maven, NuGet, and Golang.

What’s new

• Now included in the Full (default) profile - snyk_package_health_check is enabled by default for Snyk-supported MCP workflows.

• Package health checks across four dimensions: Security, Maintenance, Community, and Popularity.

• Clear guidance outcomes to help manage agent behavior, including Healthy, Review recommended, Not recommended, and Unknown/insufficient data.

Why this matters

• Available by default - snyk_package_health_check is now included in the Full profile, so customers get dependency health checks in MCP workflows without additional setup.

• Ready for production use - With this move to the Full profile, customers can confidently integrate Secure at Inception into their standard development workflows.

If you have any questions, please reach out to the Snyk Support team. To learn more about snyk_package_health_check, visit the Snyk documentation.

Snyk API & Web MCP Server brings even more security to your IDE

You can use the Snyk API & Web MCP server to bring Snyk security capabilities directly into your AI-native development environment. By using the Model Context Protocol (MCP), you can use natural language to onboard targets, configure DAST authentication, scan targets, and triage vulnerabilities without leaving your IDE.

Security workflows often require manual effort and constant context switching. We built the Snyk API & Web MCP server to eliminate this friction. Previously, setting up and onboarding new targets required significant manual work. This integration simplifies these processes and removes the need for security plumbing between tools.

This release benefits Appsec and Dev Teams using MCP-enabled tools like Claude Desktop, Cursor, or Windsurf.

• From UI-heavy to chat-native: Instead of navigating menus to set up a scan, you can tell your assistant to automatically onboard and configure a new Snyk API & Web target

• Automated authentication: Use AI to help generate and implement the authentication scripts required for deep web scans.

Learn more about these capabilities in the Snyk API & Web MCP Server documentation.

Starting February 25, 2026, we are introducing snyk_package_health_check for Snyk Studio. This update brings Secure at inception protection to dependency selection in agentic development workflows, ensuring that AI coding assistants evaluate open-source packages before they enter your project.

As AI coding assistants increasingly select and install dependencies autonomously, security must move earlier in the workflow. This feature enables AI agents to use insights from the Snyk security database to evaluate packages at the moment they are chosen.
This functionality is available in an Experimental profile for several supported ecosystems, including npm, PyPI, Maven, NuGet, and Golang.

New capabilities

• Package health checks across four dimensions: Security, Maintenance, Community, and Popularity.

• Clear guidance outcomes to help manage agent behavior, including Healthy, Review recommended, Not recommended, and Unknown/insufficient data.

• Policy-driven guardrails that allow Organizations to require health checks, pause on risk signals, block unsafe packages, and enforce human approval.

Why this matters

Evaluating package health before installation reduces supply chain risk, which is critical because AI agents can introduce dependencies at scale. Integrating snyk_package_health_check into MCP extends your security policies and governance directly into AI-assisted development.

If you have any questions, please reach out to the Snyk Support team. To learn more about snyk_package_health_check, visit the Snyk documentation.

We have released a new version of our Visual Studio Code IDE plugin. This update addresses minor bug fixes and improvements, including:

• Fix for the automated registration of Snyk’s MCP server when using Snyk’s IDE plugin and Copilot in VSCode

If you have any questions, feel free to reach out to the Snyk support team.

We have released a new CLI hotfix (v1.1301.2) to address a bug when using Snyk with agentic integrations such as Amazon Kiro:

• MCP: Ensure compliance with the model context protocol specification

Release notes can be found here.

If you have any questions, feel free to reach out to the Snyk Support team.

We have released a new CLI hotfix (v1.1301.1) to address bugs and improve the overall user experience:

• Reachability

  • Fixed an issue in test, when using reachability, that caused the fix advice to display incorrectly on certain occasions

  • Resolved a monitor bug with double-dashed arguments when using reachability

• General improvements

  • Improved scanning speed when running test/monitor with reachability

  • Improved SCA scanning through MCP with fewer I/O operations

  • Fixed multiple issues to make Snyk work more smoothly in your code editor

  • Updated dependencies to improve stability and security

Release notes can be found here.

If you have any questions, feel free to reach out to the Snyk Support team.

Following our Early Access launch of Snyk MCP for Agentic Workflows, we are excited to introduce powerful new visibility into how your teams are adopting Snyk in their local and AI-driven development environments.

We are rolling out key new metrics to the Developer IDE and CLI usage report to capture detailed MCP usage. This update will provide deeper insights into developer adoption with three key additions:

• Top-Level MCP Scan Count: A high-level summary of the total number of MCP scans performed by your team.

• Usage Breakdown Chart: A new chart that visualizes the usage split between the Snyk CLI, our various IDE plugins, and Agentic Scans (MCP), helping you clearly see which platforms developers leverage.

• MCP Host Breakdown Chart: To offer more granular insights, a new chart will break down Agentic Scans by the specific host application, such as Windsurf, Cursor, and others.

These new reporting features will allow security teams to demonstrate strong shift-left behavior and identify teams that are successfully adopting Snyk locally as a model for the rest of the organization.

To enable this new level of insight, it is required for users to update to the latest versions of the Snyk CLI (v1.1298.1).

Please reference our documentation for all the details and prerequisites to use the report.