Secure Your AI Workflows: New Governance & Visibility Features from Snyk

As AI transforms software development, AppSec teams face new complexities. For instance, the lack of visibility into where AI is being used and the reality that AI-generated code is often highly vulnerable make it nearly impossible to prioritize remediation and effectively scale security programs. To succeed, AppSec teams have to evolve from task managers to strategic governance enforcers.

To help AppSec teams meet these challenges head-on, we are introducing several new features to the Snyk AI Trust Platform. These capabilities are designed to empower you with strategic points of security enforcement and greater visibility, helping you scale your program through governance and drive secure business growth in the age of AI. 

New features to drive governance and prevention

Ignore Approval Workflow

Developers need to move fast, and a security ticket that blocks their workflow can be highly disruptive. At the same time, AppSec teams need to maintain oversight without being consumed by chasing developers.

Our new Ignore Approval Workflow provides a frictionless solution.

• Developers can now easily request to ignore a finding directly from their IDE or pull requests, providing context for their decision.

• These requests are managed centrally by the AppSec team, who can then approve or deny them based on accepted risk parameters.

• This feature empowers developers with the freedom to triage results in their everyday tools while ensuring AppSec teams maintain governance and control over risk at scale.

CLI Upload

Shift-left testing is critical, but local CLI scans are often ephemeral, creating a massive visibility gap. To ensure compliance and capture a complete picture of risk, AppSec teams need visibility into the scans developers run locally on their command line.

With CLI Upload, scan results from the CLI can now be persisted in the Snyk platform for reporting and detailed analysis. This improves Snyk Code adoption by ensuring tests conducted via the CLI are reportable and tracked, adding every result to your comprehensive body of security data.

Group by Dependency View

To prioritize effectively, developers and AppSec teams need to understand the full context of a vulnerability.

Group by Dependency View simplifies this by grouping vulnerabilities by dependency, helping your teams understand the full impact of their updates and remediate confidently. Now, your teams can prioritize more prevalent issues or focus on areas where one fix can resolve multiple issues. Strategically, this means you can prioritize a single update that solves multiple vulnerabilities, dramatically improving your team's efficiency. Read more in our recent blog.

Export API

Reporting on the status and success of security programs is a primary responsibility for AppSec leaders and CISOs. The new Export API enables you to integrate Snyk's rich reporting data into your own internal systems. This makes Snyk an indispensable part of your broader business intelligence and data ecosystem, allowing you to measure the health of your AppSec program effectively.

Agent Usage to IDE Report

With the rise of AI coding assistants, understanding where and how these tools are used is a major security challenge. The Agent Usage to IDE Report provides crucial visibility by measuring agentic scans (MCP) and breaking them down by the specific host application, such as Windsurf, Cursor, and others. This gives you clear insights into how Snyk agents are being utilized across different development environments.

New Snyk Learn Reports

A successful AppSec program is built on a foundation of developer security education. To help you measure the effectiveness of these initiatives, we are releasing new reports in Snyk Learn, including a new Engagement Report and an upcoming Impact and Opportunity Report.

• Snyk Learn Engagement Report: Gain a comprehensive overview of the progress of your education program to help drive growth, with useful insights on participation, trending topics, outstanding assignments, and other key areas.

• Snyk Learn Impact and Opportunity Report: Demonstrate the impact of security education on risk management and reduction and gain actionable insights into future education programming.

Interested in leveling up your developer education program with reports and additional features? Speak to your account team about getting started with the Snyk Learning Management add-on today. 

Get started today

These new capabilities deliver on our commitment to helping you drive AppSec governance and measure prevention. By providing comprehensive visibility, risk-based prioritization, and contextual guardrails, Snyk elevates AppSec teams to strategic leaders who can scale secure development in the age of AI.

Learn more about these features by speaking to your Snyk account team or get in touch with us today. The future of AI-generated code is here, and the Snyk AI Trust Platform is ready to ensure your teams are equipped to protect your business. As we continue innovating, be sure to stay in the know with our new release experience.