Snyk Blog

Introducing Snyk Preview: Early access to Snyk features

Written by:
Daniel Berman
Daniel Berman
wordpress-sync/blog-banner-snyk-preview-early-access

May 24, 2021

0 mins read

In 2020, over 30 new major features were released across the Snyk platform — in Snyk Open Source, Snyk Container, Snyk Infrastructure as Code, and Snyk Code. While both our development and product teams deserve credit for Snyk’s rapid pace of development, our users also play an important role by continuously providing us with their feedback and insight.

Our ultimate goal is to help development and security teams be successful in mitigating risk. As such, we aspire to provide the best developer-friendly tool that suits their needs. Collaborating with our users is crucial for ensuring that new functionality, once delivered, actually provides value, and that unintended side effects on existing workflows are kept to a minimum.

This is why we’re excited to announce Snyk Preview — a new way for our users to easily get a first taste of upcoming features before they are generally available within the platform!

wordpress-sync/blog-snyk-preview-app

Snyk Preview is available within the Snyk UI at Settings > Snyk Preview, for users with Admin permissions across Snyk plans. It already includes a few upcoming features that you can try out for yourselves. Let’s take a closer look.

Prioritize more effectively with Critical severity

Knowing what vulnerability to fix first is one of the biggest challenges facing organizations today. To help you make that decision, Snyk provides a wealth of information for vulnerabilities, designed to help you understand the risk it poses. This includes Snyk’s Priority Score and advanced security context regarding a vulnerability’s fixability, exploitability, and reachability.

Of course, Snyk also provides the industry’s standard security metadata. Snyk’s CVSS scoring for vulnerabilities is based on CVSS v3, whereas CVSS severity levels are currently based on CVSSv2, but starting on June 28, we will introduce CVSS v3-based severity levels. Meaning, that any security vulnerability identified by Snyk Open Source and Snyk Container with a CVSS score higher than 9.0 will be assigned a critical severity level.

wordpress-sync/blog-snyk-preview-cvssv3
wordpress-sync/blog-snyk-preview-dashboard
wordpress-sync/blog-snyk-preview-security-issues

What does this mean for you as an existing Snyk user?

Well, you may notice a sudden reduction in the number of High severity issues across your projects as some of these issues will now be assigned a critical severity level. More importantly, this change affects automated CLI/API-based pipelines and so you will need to make some changes to adjust your processes.

This is why we wanted to give users, via Snyk preview, the option of hopping on board before the due date arrives. We have put together a detailed migration guide that will help you fully understand the change and how it affects the way you are working in Snyk. Of course, if you have any questions, please feel free to let us know.

Clear your vulnerability backlog faster

Using Snyk Preview, you can test out some improvements made to Backlog PRs, one of the automated pull requests Snyk triggers to help you keep your projects secure.

Just as a reminder, and for context, Snyk currently supports three types of automated pull requests: Upgrade PRs are opened when Snyk identifies that new versions for your dependencies exist. Fix PRs are opened in two cases—when a new, fixable vulnerability is identified or when a new fix becomes available for an existing vulnerability. And last but not least, Backlog PRs are opened for fixable vulnerabilities already in your backlog and in a prioritized fashion, based on Snyk’s Priority Score.

Backlog PRs currently focus on removing a single vulnerability by recommending a version for the relevant dependency. While this ensures you are introducing the smallest possible change to your dependencies (and therefore the lowest breakage probably), it also can result in a series of iterative PRs if a dependency contains multiple vulnerabilities.

The new behavior we are experimenting with takes a more dependency-first approach, triggering a pull request that removes all of the vulnerabilities affecting a single dependency within your project. This helps you clear more vulnerabilities, faster, and also makes the work for the developer simpler as it means returning a dependency to a healthy and secure state with a single PR. It is also a bit riskier since it involves bumping the dependency by a number of versions. 

wordpress-sync/blog-snyk-preview-dependency-bump-1

Does this sound interesting to you? Hop on over to Snyk Preview (in either your Group or Organization settings) and try it out! We want your feedback!

To find out more information about Snyk Preview, check out the online documentation.

Posted in:Application Security
wordpress-sync/blog-banner-snyk-preview-early-access

How to Build a Security Champions Program

Snyk interviewed 20+ security leaders who have successfully and unsuccessfully built security champions programs. Check out this playbook to learn how to run an effective developer-focused security champions program.

See the playbook

Start securing AI-generated code

Create your free Snyk account to start securing AI-generated code in minutes. Or book an expert demo to see how Snyk can fit your developer security use cases.

No credit card required.

Start free with GithubStart free with Google

Or Sign up with

SSOBitbucketAzure ADDocker ID

By logging in or signing up, you agree to abide by our policies, including our Terms of Service and Privacy Policy

Patch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo Segment

Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer’s toolkit.

Start freeBook a live demo

Product

What is Snyk?Snyk Code (SAST)Snyk Open Source (SCA)Snyk ContainerSnyk Infrastructure as CodeSnyk AppRisk (ASPM)Developer Security PlatformApplication securitySoftware supply chain securitySecure AI-generated code DeepCode AIPricingDeployment optionsIntegrationsIDE pluginsGit SecurityCI/CD pipelines securitySnyk CLISnyk LearnSnyk for JavaScript

Resources

DocumentationSnyk API DocsAPI statusDisclosed vulnerabilitiesSupport portal & FAQ’sBlogSecurity fundamentalsResources for security leadersResources for ethical hackersVulnerability DatabaseSnyk OSS AdvisorSnyk Top 10VideosCustomer resources

Company

AboutCustomersCareersEventsSnyk for governmentPress kitSecurity & trustLegal termsPrivacyFor California residents: Do not sell my personal informationWebsite Terms of Use

Connect

Book a live demoContact usSupportReport a new vuln

Security

Application SecurityContainer SecuritySupply Chain SecurityJavaScript SecurityOpen Source SecurityAWS SecuritySecure SDLCSecurity postureSecure codingEthical HackingAI in cybersecurityCode CheckerPythonEnterprise CybersecurityJavaScriptSnyk With GitHubSnyk vs VeracodeSnyk vs Checkmarx

© 2024 Snyk Limited
Registered in England and Wales

logo-devseccon