1.1303.1 (2026-03-04)

The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see this documentation

Bug Fixes

• ui: Fixed an issue where JSON output was incorrectly printed to stdout when only --json-file-output was specified. (d6d465d)
• language-server: Fixed an issue where scans would not trigger when Snyk Code was enabled in IDE settings. (7567881)
• mcp: Fixed an issue where Snyk rules were not written locally. (7567881)

1.1303.0 (2026-02-26)

The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see this documentation

Features

• iac: users can now exclude specific files and directories from IaC scans using the --exclude parameter (3acbc6b)
• test, sbom: --json output of snyk test and snyk sbom test should now contain fields which were previously missing (isDisputed, proprietary, severityBasedOn, alternativeIds, mavenModuleName) (9996b27)
• sbom: sbom generated output will contain maven/npm scope information for those organizations with the show-maven-build-scope/show-npm-scope feature flag enabled (89d26f0)
• aibom: users can now pass the --upload and --repo flag to the experimental aibom command to persist their AI BOM into their Snyk organisation (e1fdae7)
• redteam: users can now retrieve red team scan results using snyk redteam --experimental get --id=<scan-id>. The scan command also now shows progress during execution. (fba40cc)
• redteam: users can now return an HTML report via --html or --html-file-output flags (aa76c04)
• mcp: users can now use snyk_package_health to validate package health (2b0edd2)
• mcp: users can now use profiles to select which tools are registered based on their use case, profiles can be configured via CLI flag (--profile=<lite|full|experimental>) or environment variable (SNYK_MCP_PROFILE). (2b0edd2)
• mcp: users will now have their Secure At Inception rules written at the global level. (495a2e0)
• container: snyk container sbom users can now use --username and --password to generate SBOMs for images in private registries (a7015a7)
• container: snyk container sbom users can now use --exclude-node-modules to exclude node_modules directories from the SBOM (a7015a7)
• container: snyk container sbom users can now use --nested-jars-depth to control the depth of nested JAR unpacking (a7015a7)
• container: snyk container sbom users can now pass docker-archive:, oci-archive:, kaniko-archive: prefixed paths or bare .tar file paths as the image argument (a7015a7)
• dependencies: updated minimum go version to v1.25.7 (5927337)

Bug Fixes

• test correctly scan NuGet package names case-insensitively (44bf86b)
• test handle absolute target file paths for poetry (d902590)
• test: improved maven version detection for versions greater than 3.6.3 (87853a8)
• test: fixes an issue where the runAutomationDetails field in sarif output is not unique (07dd36f)
• test: the automationDetails field is now rendered correctly when using the --sarif flag (3191e4d)
• test: improve error reporting when using --all-projects (6e3b5d5)
• ignores: ignores created via the snyk ignore command are now correctly applied if an expiry is set or if using an absolute filepath (a61589c)
• container use correct projectName value in container monitor JSON output (0e8feca)
• container: the --target-reference option is now correctly applied to application scan results in container tests, not just the OS scan results (70db44f)
• container: reverts previously introduced stricter validation that was a breaking change (rejecting true as a valid numeric argument) (70db44f)
• network: fix a possible panic when TLS config is nil (f601681)
• language-server: fixes an issue around API URL construction (35800c1)
• ui: improve the readability of error messages (763ac26)
• ui: some SNYK-CLI-0000 errors are now correctly categorised and displayed (3d02788)
• dependencies: update dependencies to fix SNYK-JS-AXIOS-15252993 (1e80d74)
• dependencies: update dependencies to fix SNYK-GOLANG-GOOPENTELEMETRYIOOTELSDKRESOURCE-15182758 [IAC-3497] (4b3d826)
• dependencies: update dependencies to fix SNYK-JS-TAR-15307072 (fbc5cb4)
• dependencies: update dependencies to fix SNYK-JS-MINIMATCH-15309438 (8e7873f)
• dependencies: update dependencies to fix SNYK-GOLANG-GOLANGORGXCRYPTOSSH-14059803 and SNYK-GOLANG-GITHUBCOMULIKUNITZXZLZMA-12230262 [IAC-3478] (1d2d723)

1.1302.1 (2026-01-21)

The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see this documentation

Bug Fixes

• code: Resolves FedRAMP URI construction in the IDE (35800c1)
• test: PackageURL validation failed with go.mod replace directive (SNYK-CLI-0000) for snyk test (7eb2978)
• sbom: PackageURL validation failed with go.mod replace directive (SNYK-CLI-0000) for snyk sbom (fda61e0)

1.1302.0 (2026-01-14)

The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see this documentation

Features

• aibom: Improved Exit Code handling (d8fed82)
• container: Added support for OCI images with manifests missing platform fields (dae56aa)
• container: Added container scan support for cgo and stripped Go binaries (9b2ee6e)
• container: Added pnpm lockfile support (47db111)
• mcp-scan: Added experimental mcp-scan command (54b8376)
• sbom: Improved PackageURLs in SBOM documents for go.mod projects (c145efc)
• sbom test: Added support for deb, apk and rpm (9fd6f84)
• test: Added PackageURL information to go.mod dependency graphs (d90b54e)
• test: Added support for poetry development dependencies (6977004)

Bug Fixes

• container: Resolves false positive vulnerabilities for RHEL 10 container images (d4afe60)
• general: Upgraded multiple dependencies (e185c92)
• general: Fixed Exit Code handling when using incompatible glibc versions (66fbb50)
• general: Improved file filtering support with .gitignore (a16b853)
• mcp: Added rule file to .gitignore if not previously ignored (cc78694)
• test: Improved upload speed when using --reachability (da21315)
• test: Fixed npm v2 dependency resolution when using shadowing aliases (237a4f5)
• test: Fixed --exclude support for pnpm workspaces (293d9b1)
• test: Fixed SARIF output for Gradle projects to include the complete path in artifactLocation (ec1262e)

1.1301.2 (2025-12-16)

The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see this documentation

Bug Fixes

• mcp: Fix MCP compliance issue (51d3f8d)

1.1301.1 (2025-12-08)

The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see this documentation

Bug Fixes

• test: Rendering of fix advice for multiple dependency paths when using the reachability flag (eaf50bb)
• monitor: snyk monitor --reachability=true command should now work even if double dashed arguments are provided (e8bdac6)
• test, monitor: Code upload speed will be improved when running snyk test --reachability/snyk monitor --reachability (d0bdba1)
• language-server: Multiple Snyk Language Server related fixes (485ae55)
• dependencies: Upgrade dependencies to address multiple issues. (e185c92)

1.1301.0 (2025-11-12)

The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see this documentation

Features

• container: The Snyk CLI now supports scanning Ubuntu Chisel images for vulnerabilities (9328757)
• container: The Snyk CLI now supports scanning container images with zstd-compressed layers (5080e42)
• container: Added a new parameter, --include-system-jars, to support scanning of usr/lib JARs (57078b6)
• test(maven): Initial maven 4 support, testing against the most recent release candidate (88cf47e)
• test(maven): A new experimental flag --include-provenance that will produce DepGraphs containing purls with checksum qualifiers for each package. Primarily to be used via --print-graph, not yet used in the main testing flow (5b8fe0a)
• sbom(maven): A new experimental flag --include-provenance that will produce an SBOM with checksum qualifiers in each purl (5b8fe0a)
• language-server: Automatic selection of the organization for IDEs based on workspace folder (EA). (2cc554e)
• language-server: Analytics for configuration and folder trust (2cc554e)
• mcp: Support for writing scan output into a file (2cc554e)
• mcp: Service Account support (2cc554e)

Bug Fixes

• general: Fix incorrect error mapping for varying status codes (5829500)
• general: Some invalid flag combinations are now correctly handled (ca5903b)
• test: The Snyk CLI now correctly handles optional dependencies without separate package entries
  (bfcbda7)
• test: The Snyk CLI now correctly handles aliased packages with nested dependencies (bfcbda7)
• test: The Snyk CLI now correctly handles bundled dependencies with non-hoisted bundle owners (bfcbda7)
• test: Fixes issue where sub packages were getting grouped incorrectly, leading to deps getting marked as missing. (b904e8c)
• test, sbom: Stops misclassifying NX Build project.json as a NuGet project (ff6860f)
• test(npm): Improve npm alias support (cb37da7)
• test(npm): The Snyk CLI now correctly handles npm packages with bundled dependencies (7d93b86)
• test(python): Scanning projects using Python 2.7 will no longer fail with a string formatting error (4effc7f)
• test(python): Fixed JSON parsing error for Python projects with missing packages (4effc7f)
• test(maven): Underlying maven commands adjusted slightly to make aggregate projects that encounter issues when rebuilding more likely to succeed (3b72d86)
• test(dotnet): Fix an issue with NuGet v3 scanner where the netstandard and netcoreapp TargetFrameworks were treated as .netx.x (227b50c)
• test(dotnet): Fix an issue with NuGet v3 scanner where the pinned dependencies were not discovered (0d9b0c4)
• container: Fixed a bug where scanning docker images with very large files would result in the CLI crashing with no message (57078b6)
• container: Fix rare crash when scanning large Docker images (195ed78)
• container: Fix issue where go binaries in Linux images with complex paths were not properly detected as go binaries when scanning on Windows (be8098b)
• code: Add missing explicit error handling (755d01f)
• unmanaged: Ignored vulnerabilities in unmanaged (C/C++) projects are now properly excluded from JSON output when using .snyk policy files. This ensures that snyk-to-html and other tools that consume JSON output will correctly respect vulnerability ignores. (fa808c1)
• dependencies: Fix CVE-2025-58058 and CVE-2025-11065 (d7e87e2)
• dependencies: Upgrade golang to 1.24.10 to fix vulnerabilities (c039f99)
• dependencies: Upgrade to golang 1.24.8 (4dcf97a)
• dependencies: Upgrade xcode to avoid flaky signing (bdcb991)
• dependencies: Fix CVE-2025-47913 (a00b0dc)
• language-server: Various Language Server related fixes (2cc554e)

1.1300.2 (2025-10-28)

The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see this documentation

Bug Fixes

• security: Upgrades dependencies to address CVE-2025-47913 (d7e87e2)
• general: Improved error messaging (5d16466)

1.1300.1 (2025-10-21)

The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see this documentation

Features

• mcp: Added support for the MCP server to use IDE extension storage when running in VS Code (7f26dc6)
• redteam: Added a new experimental AI Red Teaming feature, read more: https://docs.snyk.io/developer-tools/snyk-cli/commands/ai-red-teaming (fe37e0f)

Bug Fixes

• test: Fix issue where npm aliases only detected the latest version of a dependency (cb37da7)
• security: Upgrades dependencies to address CVE-2025-58058 and CVE-2025-11065 (d7e87e2)
• general: Improved error messaging (5d16466)
• logging: Remove support for legacy DEBUG environment variable. For the supported debugging options, please check https://docs.snyk.io/developer-tools/snyk-cli/debugging-the-snyk-cli (2087f74)

1.1300.0 (2025-10-08)

The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see this documentation

Features

• general: Improve SARIF compatibility by adding runAutomationDetails (3e232e5)
• container: Add support scanning system JARs (54e84d8)
• container: Add TargetOS to output of container scan (aa55cd9)
• test: Add support for godot projects (d9fc200)
• test: Add support for maven metaversions (f321ffa)
• language-server: Add CVSSv4 Links in IDE Issue Details
• mcp: Workflow and performance improvements

Bug Fixes

• container: Fixed crashes when scanning docker images with very large files (72cb040)
• test: Re-enable support for python 2.7 (02c7fe3)
• test: Improved error information when using --all-projects (36d14f9)
• test: Fix a bug due to case-sensitive ignores (b432406)
• test: Resolve project assets file path dynamically (75a152e)
• iac: Upgrade iac components to address a vulnerability [IAC-3439] (eaaaf84)
• logging: Fix broken debug logs due to secret redaction by redacting all user input (0cf19a7)
• language-server: Multiple bugfixes