v1.1303.0

Compare Source

The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see this documentation

Features

• iac: users can now exclude specific files and directories from IaC scans using the --exclude parameter (3acbc6b)
• test, sbom: --json output of snyk test and snyk sbom test should now contain fields which were previously missing (isDisputed, proprietary, severityBasedOn, alternativeIds, mavenModuleName) (9996b27)
• sbom: sbom generated output will contain maven/npm scope information for those organizations with the show-maven-build-scope/show-npm-scope feature flag enabled (89d26f0)
• aibom: users can now pass the --upload and --repo flag to the experimental aibom command to persist their AI BOM into their Snyk organisation (e1fdae7)
• redteam: users can now retrieve red team scan results using snyk redteam --experimental get --id=<scan-id>. The scan command also now shows progress during execution. (fba40cc)
• redteam: users can now return an HTML report via --html or --html-file-output flags (aa76c04)
• mcp: users can now use snyk_package_health to validate package health (2b0edd2)
• mcp: users can now use profiles to select which tools are registered based on their use case, profiles can be configured via CLI flag (--profile=<lite|full|experimental>) or environment variable (SNYK_MCP_PROFILE). (2b0edd2)
• mcp: users will now have their Secure At Inception rules written at the global level. (495a2e0)
• container: snyk container sbom users can now use --username and --password to generate SBOMs for images in private registries (a7015a7)
• container: snyk container sbom users can now use --exclude-node-modules to exclude node_modules directories from the SBOM (a7015a7)
• container: snyk container sbom users can now use --nested-jars-depth to control the depth of nested JAR unpacking (a7015a7)
• container: snyk container sbom users can now pass docker-archive:, oci-archive:, kaniko-archive: prefixed paths or bare .tar file paths as the image argument (a7015a7)
• dependencies: updated minimum go version to v1.25.7 (5927337)

Bug Fixes

• test correctly scan NuGet package names case-insensitively (44bf86b)
• test handle absolute target file paths for poetry (d902590)
• test: improved maven version detection for versions greater than 3.6.3 (87853a8)
• test: fixes an issue where the runAutomationDetails field in sarif output is not unique (07dd36f)
• test: the automationDetails field is now rendered correctly when using the --sarif flag (3191e4d)
• test: improve error reporting when using --all-projects (6e3b5d5)
• ignores: ignores created via the snyk ignore command are now correctly applied if an expiry is set or if using an absolute filepath (a61589c)
• container use correct projectName value in container monitor JSON output (0e8feca)
• container: the --target-reference option is now correctly applied to application scan results in container tests, not just the OS scan results (70db44f)
• container: reverts previously introduced stricter validation that was a breaking change (rejecting true as a valid numeric argument) (70db44f)
• network: fix a possible panic when TLS config is nil (f601681)
• language-server: fixes an issue around API URL construction (35800c1)
• ui: improve the readability of error messages (763ac26)
• ui: some SNYK-CLI-0000 errors are now correctly categorised and displayed (3d02788)
• dependencies: update dependencies to fix SNYK-JS-AXIOS-15252993 (1e80d74)
• dependencies: update dependencies to fix SNYK-GOLANG-GOOPENTELEMETRYIOOTELSDKRESOURCE-15182758 [IAC-3497] (4b3d826)
• dependencies: update dependencies to fix SNYK-JS-TAR-15307072 (fbc5cb4)
• dependencies: update dependencies to fix SNYK-JS-MINIMATCH-15309438 (8e7873f)
• dependencies: update dependencies to fix SNYK-GOLANG-GOLANGORGXCRYPTOSSH-14059803 and SNYK-GOLANG-GITHUBCOMULIKUNITZXZLZMA-12230262 [IAC-3478] (1d2d723)

v1.1302.1

Compare Source

The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see this documentation

Bug Fixes

• code: Resolves FedRAMP URI construction in the IDE (35800c1)
• test: PackageURL validation failed with go.mod replace directive (SNYK-CLI-0000) for snyk test (7eb2978)
• sbom: PackageURL validation failed with go.mod replace directive (SNYK-CLI-0000) for snyk sbom (fda61e0)

v1.1302.0

Compare Source

The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see this documentation

Features

• aibom: Improved Exit Code handling (d8fed82)
• container: Added support for OCI images with manifests missing platform fields (dae56aa)
• container: Added container scan support for cgo and stripped Go binaries (9b2ee6e)
• container: Added pnpm lockfile support (47db111)
• mcp-scan: Added experimental mcp-scan command (54b8376)
• sbom: Improved PackageURLs in SBOM documents for go.mod projects (c145efc)
• sbom test: Added support for deb, apk and rpm (9fd6f84)
• test: Added PackageURL information to go.mod dependency graphs (d90b54e)
• test: Added support for poetry development dependencies (6977004)

Bug Fixes

• container: Resolves false positive vulnerabilities for RHEL 10 container images (d4afe60)
• general: Upgraded multiple dependencies (e185c92)
• general: Fixed Exit Code handling when using incompatible glibc versions (66fbb50)
• general: Improved file filtering support with .gitignore (a16b853)
• mcp: Added rule file to .gitignore if not previously ignored (cc78694)
• test: Improved upload speed when using --reachability (da21315)
• test: Fixed npm v2 dependency resolution when using shadowing aliases (237a4f5)
• test: Fixed --exclude support for pnpm workspaces (293d9b1)
• test: Fixed SARIF output for Gradle projects to include the complete path in artifactLocation (ec1262e)

v1.1301.2

Compare Source

The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see this documentation

Bug Fixes

• mcp: Fix MCP compliance issue (51d3f8d)

v1.1301.1

Compare Source

The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see this documentation

Bug Fixes

• test: Rendering of fix advice for multiple dependency paths when using the reachability flag (eaf50bb)
• monitor: snyk monitor --reachability=true command should now work even if double dashed arguments are provided (e8bdac6)
• test, monitor: Code upload speed will be improved when running snyk test --reachability/snyk monitor --reachability (d0bdba1)
• language-server: Multiple Snyk Language Server related fixes (485ae55)
• dependencies: Upgrade dependencies to address multiple issues. (e185c92)

v1.1301.0

Compare Source

The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see this documentation

Features

• container: The Snyk CLI now supports scanning Ubuntu Chisel images for vulnerabilities (9328757)
• container: The Snyk CLI now supports scanning container images with zstd-compressed layers (5080e42)
• container: Added a new parameter, --include-system-jars, to support scanning of usr/lib JARs (57078b6)
• test(maven): Initial maven 4 support, testing against the most recent release candidate (88cf47e)
• test(maven): A new experimental flag --include-provenance that will produce DepGraphs containing purls with checksum qualifiers for each package. Primarily to be used via --print-graph, not yet used in the main testing flow (5b8fe0a)
• sbom(maven): A new experimental flag --include-provenance that will produce an SBOM with checksum qualifiers in each purl (5b8fe0a)
• language-server: Automatic selection of the organization for IDEs based on workspace folder (EA). (2cc554e)
• language-server: Analytics for configuration and folder trust (2cc554e)
• mcp: Support for writing scan output into a file (2cc554e)
• mcp: Service Account support (2cc554e)

Bug Fixes

• general: Fix incorrect error mapping for varying status codes (5829500)
• general: Some invalid flag combinations are now correctly handled (ca5903b)
• test: The Snyk CLI now correctly handles optional dependencies without separate package entries
  (bfcbda7)
• test: The Snyk CLI now correctly handles aliased packages with nested dependencies (bfcbda7)
• test: The Snyk CLI now correctly handles bundled dependencies with non-hoisted bundle owners (bfcbda7)
• test: Fixes issue where sub packages were getting grouped incorrectly, leading to deps getting marked as missing. (b904e8c)
• test, sbom: Stops misclassifying NX Build project.json as a NuGet project (ff6860f)
• test(npm): Improve npm alias support (cb37da7)
• test(npm): The Snyk CLI now correctly handles npm packages with bundled dependencies (7d93b86)
• test(python): Scanning projects using Python 2.7 will no longer fail with a string formatting error (4effc7f)
• test(python): Fixed JSON parsing error for Python projects with missing packages (4effc7f)
• test(maven): Underlying maven commands adjusted slightly to make aggregate projects that encounter issues when rebuilding more likely to succeed (3b72d86)
• test(dotnet): Fix an issue with NuGet v3 scanner where the netstandard and netcoreapp TargetFrameworks were treated as .netx.x (227b50c)
• test(dotnet): Fix an issue with NuGet v3 scanner where the pinned dependencies were not discovered (0d9b0c4)
• container: Fixed a bug where scanning docker images with very large files would result in the CLI crashing with no message (57078b6)
• container: Fix rare crash when scanning large Docker images (195ed78)
• container: Fix issue where go binaries in Linux images with complex paths were not properly detected as go binaries when scanning on Windows (be8098b)
• code: Add missing explicit error handling (755d01f)
• unmanaged: Ignored vulnerabilities in unmanaged (C/C++) projects are now properly excluded from JSON output when using .snyk policy files. This ensures that snyk-to-html and other tools that consume JSON output will correctly respect vulnerability ignores. (fa808c1)
• dependencies: Fix CVE-2025-58058 and CVE-2025-11065 (d7e87e2)
• dependencies: Upgrade golang to 1.24.10 to fix vulnerabilities (c039f99)
• dependencies: Upgrade to golang 1.24.8 (4dcf97a)
• dependencies: Upgrade xcode to avoid flaky signing (bdcb991)
• dependencies: Fix CVE-2025-47913 (a00b0dc)
• language-server: Various Language Server related fixes (2cc554e)

v1.1300.2

Compare Source

The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see this documentation

Bug Fixes

• security: Upgrades dependencies to address CVE-2025-47913 (d7e87e2)
• general: Improved error messaging (5d16466)

v1.1300.1

Compare Source

The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see this documentation

Features

• mcp: Added support for the MCP server to use IDE extension storage when running in VS Code (7f26dc6)
• redteam: Added a new experimental AI Red Teaming feature, read more: https://docs.snyk.io/developer-tools/snyk-cli/commands/ai-red-teaming (fe37e0f)

Bug Fixes

• test: Fix issue where npm aliases only detected the latest version of a dependency (cb37da7)
• security: Upgrades dependencies to address CVE-2025-58058 and CVE-2025-11065 (d7e87e2)
• general: Improved error messaging (5d16466)
• logging: Remove support for legacy DEBUG environment variable. For the supported debugging options, please check https://docs.snyk.io/developer-tools/snyk-cli/debugging-the-snyk-cli (2087f74)

v1.1300.0

Compare Source

The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see this documentation

Features

• general: Improve SARIF compatibility by adding runAutomationDetails (3e232e5)
• container: Add support scanning system JARs (54e84d8)
• container: Add TargetOS to output of container scan (aa55cd9)
• test: Add support for godot projects (d9fc200)
• test: Add support for maven metaversions (f321ffa)
• language-server: Add CVSSv4 Links in IDE Issue Details
• mcp: Workflow and performance improvements

Bug Fixes

• container: Fixed crashes when scanning docker images with very large files (72cb040)
• test: Re-enable support for python 2.7 (02c7fe3)
• test: Improved error information when using --all-projects (36d14f9)
• test: Fix a bug due to case-sensitive ignores (b432406)
• test: Resolve project assets file path dynamically (75a152e)
• iac: Upgrade iac components to address a vulnerability [IAC-3439] (eaaaf84)
• logging: Fix broken debug logs due to secret redaction by redacting all user input (0cf19a7)
• language-server: Multiple bugfixes

v1.1299.1

Compare Source

The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see this documentation

Bug Fixes

• language-server: Fix titles of Snyk Open Source code actions in IDEs (0add44d)
• code: Include missing uploadResults property in Sarif output (693e548)
• logging: Fix broken debug logs due to incorrect redaction (0cf19a7)

v1.1299.0

Compare Source

The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see this documentation.

Features

• auth: Support for PAT auto region configuration. (ad8e4a7)

Bug Fixes

• code: Fixes code test --report when a project_id environment variable exists. (6168b1d)
• code: Fixes an issue with snyk code test where an empty input parameter would cause inconsistent behavior. (a661235)
• container: Stops spawning commands using a shell. (7ee9e15)
• dependency: Fixes CVE-2025-8959. (5a548fb)
• general: Fixes a bug where formatting of log timestamps could cause a crash in some cases. (92fa8be)
• iac: Fixes wrong status code checks. (77152e5)
• language-server: Fixes a bug related to the analytics environment variables. (6916af8)
• language-server: Correctly populates the environment for Open Source scans when called from the IDE. (945b029)
• language-server: Ensures changed API URLs are respected during authentication. (24ed981)
• language-server: MCP tool updates to support feedback and better tool descriptions. (8f2a8d1)
• test: Fixes a bug where project.assets.json files would not be detected in cases where it's destination path was altered with .NET properties. (75a152e)
• test: Improves error messages when using --all-projects. (960fa8e)

v1.1298.3

Compare Source

The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see this documentation

News

• aibom: This command is now publicly available. Note that the feature is still experimental and subject to breaking changes without notice.

• Effective with release (Snyk CLI 1.1298.0), the minimum required GNU C Library (glibc) versions on Linux will be updated as follows:

  • For Linux x64 environments: glibc version 2.28 or higher
  • For Linux arm64 environments: glibc version 2.31 or higher

• If this affects you, please follow the advice here. Possible issues are errors mentioning GLIBC_2.27 or GLIBC_2.31 not found.

Bug Fixes

• test: Added support for Gradle 9.