Product Updates

We are thrilled to announce that the Prevention Report is now available in Early Access!

Measuring the true impact of "shifting left" has traditionally been a challenge. We designed the Prevention report to give you clear, actionable visibility into the effectiveness of security adoption directly within your development lifecycle.

This new report tracks the vulnerabilities developers proactively remediate at the point of creation in Snyk Code and Secrets—long before those issues ever reach a pull request or production environment. Data is seamlessly captured in the background as your team works across our developer surfaces, including Snyk Studio (MCP), IDE plugins and extensions, and the CLI.

The Prevention report enables you to:

• Measure proactive security: Track the total number of raw fixes and monitor your fix rate over time using our new prevention key performance indicators (KPIs).

• Analyze developer workflows: Break down fixes by surface area to understand exactly where your team prefers to resolve issues (MCP, IDE, or CLI).

• Identify trends and champions: Leverage the Fix-by-Developer leaderboard and detailed vulnerability breakdowns to see which types of vulnerabilities developers squash immediately, and which ones are detected but left unfixed.

• Enrich your Analytics Overview: Enable fix-by-surface KPIs and a new fix trends chart directly within your primary Analytics Overview dashboard for a comprehensive view of your security posture.

You can now directly measure the effectiveness of your IDE or MCP-based security efforts. By tracking vulnerabilities remediated early in the development lifecycle, you gain the data needed to prove the success of your security programs and validate your application security strategy.

To learn more, visit our Snyk User Documentation.

We are excited to announce a redesign of the Snyk User Docs site, introducing a new structure built around site sections.

What's changed?

The docs are now reorganized into six clearly defined site sections:

• Discover Snyk: An introduction to the platform, capabilities, and supported languages.

• Platform administration: Settings, user management, Org configuration, and more.

• Scan, fix, and prevent: Snyk core security scanning, fixing and prevention workflows

• Developer tools: CLI, IDE integrations, related tooling, and more

• Agent security: Agentic and AI-powered security features.

• Snyk data and governance: Data handling, compliance, and policies.

In addition, there are dedicated sections for Getting started guides and Implementation guides to support onboarding and deployment workflows.

Why have we made this change?

We know that it can be difficult to quickly understand where you are in the product ecosystem when searching for information, with docs feeling fragmented across products and feature areas. This update aims to align content with your real user workflows, reduce the cognitive load of finding information, and improve the overall experience when navigating the docs.

Snyk API & Web now supports the OWASP Top 10:2025 standard for compliance reporting. Users can generate compliance reports against either OWASP 2025 or OWASP 2021 — both versions remain available.

The OWASP Top 10 is the most widely referenced application security framework globally. It's used by enterprises for compliance programs, audit preparation, security training, and vulnerability prioritization.

The OWASP Top 10:2025 was officially published in November 2025 and is being adopted by enterprises, auditors, and compliance programs now. Organizations need their security tools to support the current standard for audit-ready compliance reports.

Without 2025 support, compliance teams face manual workarounds — exporting findings to spreadsheets and cross-referencing against the new standard — a time-consuming and error-prone process.

What changed in OWASP Top 10 2025:

• Two new categories: A03 (Software Supply Chain Failures) and A10 (Mishandling of Exceptional Conditions)

• Re-ranked categories: Security Misconfiguration moved from #5 to #2; Injection dropped from #3 to #5; Cryptographic Failures dropped from #2 to #4

• SSRF reclassification: Server-Side Request Forgery is now classified under A01 (Broken Access Control) instead of having its own category

You can now generate compliance reports against either OWASP 2025 or OWASP 2021 directly from the Snyk API & Web interface — both versions remain available.

How to use:

1. From the Scan Activity list or from your Scan details, click on the Reports button to expand it

2. Select the OWASP version you need:

   • OWASP Top 10 2025 — for audits, compliance programs, or reporting against the current standard

   • OWASP Top 10 2021 — for historical comparisons or programs that haven't migrated to the 2025 edition yet

3. Generate your report — all findings are automatically mapped to the selected standard

What you'll see:

• Compliance reports are clearly labeled with the selected OWASP version

• Versioned compliance labels throughout the product (target details, scan details, finding details) show which standard a finding is failing to comply with (e.g., OWASP 2025, OWASP 2021)

To learn more, visit Types of scan reports you can generate with Snyk API & Web in our user documentation.

We've improved the recently introduced Download CSV feature to offer greater flexibility when exporting data directly from the Snyk API & Web interface.

We understand that analyzing security data often happens outside of our platform. The original Download CSV functionality was added to save you time and streamline custom reporting and internal data manipulation. This expansion provides even more power and flexibility by allowing you to select from a comprehensive range of fields, ensuring you get exactly the data you need for your external analysis.

This feature is available to all users across all account plans. If you have access to a table, you can download its data.

To learn more, visit How to export table data to CSV in our user documentation.

We've added several new widgets to the analytics overview to provide better visibility into your security program. These updates include key performance indicators (KPIs) from the Snyk Studio and pull request (PR) check reports directly into your main dashboard.

We want the analytics overview to be the central landing page for your most important metrics. As we've introduced new reporting capabilities, the overview page needed to evolve to match. By bringing in data from PR checks and Snyk Studio, we're ensuring you have immediate access to the most accurate and relevant security data without navigating through multiple sub-reports.

You can now track Total PR checks and your PR Check success rate alongside developer activity from Snyk Studio, including Agentic Scans and unique Developers running agentic scans. These widgets allow for more precise tracking of developer adoption and tool effectiveness. To keep your view clean, the new widgets are disabled by default, but you can enable it whenever you need that specific breakdown.

To learn more, visit Analytics Overview tab in our user documentation.

We’re improving the usability of our zero-day reports to help you manage multiple security incidents more effectively. We expanded the filter bar for selected zero-day events to provide better context when you view data from several incidents at once. Additionally, the Accumulative Issues Backlog trend chart now breaks out each selected incident individually, and we added a new filter to the open issues side panel that allows you to toggle between open and resolved issues.

We want to make it easier for you to distinguish between different security events when they happen simultaneously. By providing a granular view of the backlog and more flexible filtering options, we aim to reduce the complexity of tracking remediation progress across various high-priority incidents.

You can now clearly see which incidents correspond to your report data even when multiple events are selected. This update allows you to monitor how many outstanding issues exist for each specific event in the trend chart and quickly verify if issues associated with a selected asset are being remediated or have already been resolved.

To learn more, visit Zero-day report in our user documentation.

We added a new Known Exploited Vulnerabilities (KEV) filter to help you identify risks that the Cybersecurity and Infrastructure Security Agency (CISA) tracks as already exploited in the wild. While we already allow you to filter vulnerabilities and Common Vulnerabilities and Exposures (CVE) by their exploit maturity level, this update specifically targets the CISA KEV catalog. You can find this filter on any page where issue filters are available to help you manage your security backlog.

The CISA KEV catalog is a vital resource for meeting global security standards. For instance, FedRAMP requires strict remediation service-level agreements (SLAs) for any vulnerability listed in this catalog. Furthermore, the European Union Cyber Resilience Act (EU CRA) mandates that organizations actively monitor for vulnerabilities found in the CISA KEV catalog. We’re providing this filter to automate this visibility and help you maintain compliance across different regulatory environments.

You can now isolate vulnerabilities within the CISA KEV catalog with a single click. This helps you prioritize remediation based on documented real-world exploitation rather than just theoretical risk. By using this filter, you ensure your team addresses the specific issues that auditors and regulators prioritize, reducing the manual effort needed to cross-reference your backlog against federal and international mandates.

To learn more, visit Issue vulnerability details in our user documentation.

We are excited to be launching Repo Monitor Configuration, which allows for management of repository coverage and monitoring configurations centrally across your entire Snyk Group from the Group-level Inventory page. This means you can monitor and manage repositories without navigating between individual Snyk Organizations.

Repo Monitor Configuration provides the following capabilities:

• Centralized asset monitoring: view monitoring status for all products, identify health status, and see required actions (such as enabling Snyk Code or resolving SCM integration issues) in one view.

• Bulk import: import repositories directly from the Group Inventory page into specific Snyk Organizations.

• On-demand retesting: trigger a retest for specific repositories directly from Inventory.

• Actionable error resolution: clear guidance ia available when testing fails due to integration issues or entitlements. After the underlying issue is resolved, testing resumes automatically.

We added a new Test configuration option to the Scan dropdown menu and the Target Settings page. This allows you to verify that your target is accessible and correctly configured before starting a full dynamic application security testing (DAST) scan. When you click this button, a side panel opens in your target settings to provide real-time feedback on connectivity, authentication, web application firewall (WAF) interference, schema validity, and any detected extra hosts.

We want to simplify your onboarding experience and prevent failed scans caused by misconfigured settings. By validating your setup upfront, we help you identify and fix issues immediately, reducing the need for troubleshooting or technical support later in the process.

You can now proactively test your target configuration. To use this feature, ensure you have the view_target, change_target_settings, and start_scan permissions.

To learn more, visit How to test target configuration in our user documentation.

Key Capabilities of Unified Navigation

Grouped Navigation for Faster Orientation Snyk's menu is now organized around how security work actually happens. Related items are grouped, so you spend less time hunting through menus and more time in context.

Context-Aware Shortcuts Snyk now recognizes what you are working on. This reduces the steps for common workflows from 8 clicks down to just 2 or 3, allowing you to move at the speed of development.

The Core Problem: Navigational Complexity

Currently, security data is spread across disconnected areas, forcing users to hold a mental map of the product just to find what they need. Finding and understanding a specific security issue requires manual effort and several steps. Users often face:

• Action Overload: An overwhelming volume of results without a clear path to the most important task.

• Context Switching: Constant jumping between code, container, and infrastructure views to see the full picture.

• High "Click Tax": Simple tasks like finding a specific vulnerability can take 8 or more clicks.

The new Snyk Unified Navigation addresses this directly — by consolidating related items, reducing top-level noise, and adapting what's visible to the task at hand. The goal is simple: less time navigating, more time fixing.

The Value to Your Security Program

By unifying the interface, we aim to help organizations achieve three main outcomes:

• Reduce Triage Time: Cut the time spent reviewing alerts through faster navigation.

• Increase Efficiency: Enable developers to find and fix critical issues faster.

• Scale Security Teams: Allow small security teams to manage significantly more projects by removing manual navigation hurdles.

Snyk 2.0 platform improvements