Releases: snyk/cli
Release list
v1.1306.0
1.1306.0 (2026-07-09)
The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see this documentation
Features
- doctor: Adds the
snyk doctorcommand to diagnose common CLI problems: generate a diagnostic report for the current system, or analyze debug log output. (ab56a0e) - container: Container scans now detect the Java runtime version across a wider range of JVM base images, and can now find vulnerabilities in .NET application dependencies. (5586aac)
- mcp: The breakability evaluation tool in the Snyk MCP Server is now enabled by default and no longer requires an experimental flag. (56a9196)
- test: Improves dependency detection for Gradle projects. (c819b69)
- redteam: The experimental
snyk redteamcommand has been removed from the CLI, following its deprecation (deprecation date May 31, 2026). (c7d0e3e)
Bug Fixes
- general: Shows a warning when a request is automatically retried due to rate limiting, instead of retrying silently. (f803397)
- general: Skips the reachability upload when no supported files are present, instead of failing. (9ba448c)
- test: Fixes dependency resolution for Swift Package Manager projects that reference packages by registry identity, so they're correctly matched to their GitHub source for vulnerability scanning. (64ac442)
- test: Fixes scanning of sbt projects with custom Scala configurations. (5765a12)
- test: Fixes a bug where scanning Yarn workspaces could report vulnerabilities from a workspace member's dev dependencies as if they were production dependencies, when that member was consumed by a sibling package. (ade08e4)
- deps: Updates dependencies to fix vulnerabilities:
v1.1305.2
v1.1305.1
1.1305.1 (2026-06-02)
Bug Fixes
- general: Improve retry behavior when rate limited by respecting the
X-RateLimit-Resetheader. (2e690df) - deps: Updates dependencies to fix vulnerabilities:
- CVE-2026-39827 (e3816fc)
- CVE-2026-39831 (e3816fc)
- CVE-2026-33186 in IaC extensions (21b268b)
v1.1305.0
1.1305.0 (2026-05-20)
The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see this documentation
Features
- sbom: Introduces the
--allow-incomplete-sbomflag forsnyk sbom, allowing the SBOM to be generated even when individual projects fail to resolve. Failed projects are surfaced as per-project errors alongside the successful results. (29ba128) - container: Speed up
snyk container monitorby sending dependency requests in parallel, configurable via theSNYK_REQUEST_CONCURRENCYenvironment variable. (186c5fb, 6764f65) - general: Linux ARM64 and AMD64 binaries are now statically linked by default. (f02b850)
- mcp: Adds an experimental breakability evaluation tool to the Snyk MCP Server. (69806f5)
Bug Fixes
v1.1304.3
1.1304.3 (2026-05-13)
The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see this documentation
Bug Fixes
- dependencies: Updates dependencies to fix vulnerabilities:
- CVE-2026-45022 (aa226a9)
- CVE-2026-33814 (1691c3b)
- CVE-2026-33811 (1691c3b)
- CVE-2026-39836 (1691c3b)
Known Issues
- container-image: Two vulnerabilities are reported in the
snyk/snykcontainer images via the transitivegithub.com/gomarkdown/markdowndependency (SNYK-GOLANG-GITHUBCOMGOMARKDOWNMARKDOWNHTML-16066911, SNYK-GOLANG-GITHUBCOMGOMARKDOWNMARKDOWNPARSER-8220052). We have assessed these vulnerabilities and confirmed they do not impact CLI users. A fix is scheduled for the stable release on2026-05-20.
v1.1304.2
1.1304.2 (2026-05-06)
The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see this documentation
Bug Fixes
- mcp: Add missing tools annotations (700d640)
- dependencies: Updates dependencies to fix vulnerabilities:
v1.1304.1
1.1304.1 (2026-04-27)
The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see this documentation
Bug Fixes
- general: Improved error handling to prioritize and surface the most relevant error and derive the correct exit code when multiple errors occur during CLI execution. (b505a96)
- deps: Updates dependencies to fix vulnerabilities for CVE-2026-4660 and CVE-2026-39883 (2a95d85)
- agent-scan: Improved CI flexibility with an issues ignore option, and added support for Windows x86 and macOS x86 architectures. (7d72bbf)
v1.1304.0
1.1304.0 (2026-04-09)
The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see this documentation
Features
- aibom: Introduces the
snyk aibom testcommand. (2978044) - test, monitor, sbom: Introduce
--maven-skip-wrapperflag to force the use of a globally installedmvncommand. (0ee90ca, ff31066) - general: Introduce explicit configuration for network retry
max-attempts. (1fbdf38) - container: Add deprecation warnings for
-shaded-jars-depthand non-numeric values for--nested-jars-depth. (321b6f5) - container: Extend support for java runtime binary scanning (b60473a)
- mcp: Improves auto-enable behavior for Snyk Code, promotes package health checks to stable. (5f5898f)
- redteam: Adds a vulnerability summary to scanned output. (52eaf5a)
- redteam: Add
--jsonflag support for list commands,exhaustiveandeagermodes. (e962c4d)
Bug Fixes
- general: Fix printing JSON output on stdout when only
--json-file-outputis specified. (32f65f0) - test: Fixes an issue where no files were uploaded when using
--skip-unresolved. (71ca761) - test: Prevents scan failures when Maven builds succeed with non-fatal errors. (b30db97)
- test: Fixes Go PackageURL generation and import path normalization for projects using
replacedirectives. (7c7a366, ee7d72b) - test: Improves SDK detection when host and SDK versions differ. (96d0817)
- test: Ensures project names are populated when scanning NuGet projects from repository root. (c043553)
- container: Snyk Container scans of tar files on Windows should now report vulnerabilities for Python application package files. (9b86790)
- container: Override packages with inaccurate pom.properties files (b60473a)
- test: Ensure Yarn workspace pacakges matches are actual members defined in the root
package.json. (0dd6581) - test: Fix increased scan times when testing Golang projects. (f2f5ba2)
- code: Snyk Code scans now return clearer error message and exit codes when testing unsupported projects (6f5b4e3)
- test: Fix a bug where aliased packages were being resolved with the target name insted of the alias for yarn projects. (dcbec6f)
- test: Fix a bug where Python packages with
.characters in their name were incorrectly parsed to include-characters. (9a2a36e) - deps: Updates dependencies to fix vulnerabilities:
v1.1303.2
1.1303.2 (2026-03-23)
The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see this documentation
Features
- redteam: Introducing Snyk Agent Red Teaming with attack profiles (fast, security, safety) via the new --profile flag, allowing users to select pre-configured sets of attack goals. (99e2953)
- redteam: New terminology for goals, strategies, and attacks to better describe Agent Red Teaming workflows. (99e2953)
- redteam: Tenant-based authentication using --tenant-id for routing Agent Red Teaming commands. (99e2953)
- redteam: Interactive wizard to guide users through Agent Red Teaming configuration and setup. (99e2953)
- container: Add Go stdlib vulnerability detection to container scans (aacdc53)
Bug Fixes
- test: Fixes a bug where the CLI repeatedly evaluated user privileges (feature flags) when scanning multiple Go projects.(d348cb7)
- test: Fixes a bug where scanning Go projects (with a
replacedirective pointing at a relative path) would fail due to badly formatted PackageURLs.(4c6b663) - container: upgrade minimatch dependency to 3.1.3 (aacdc53)
- dependencies: Fix CVE-2026-33186 (f8a0602)
- dependencies: Fix CVE-2025-69873 (d240fcf)
- container: Fixes an issue where container scans of OCI archive images (including hybrid-format archives produced by Docker Desktop's containerd image store) could silently fail, returning exit code 0 with no vulnerability results. (4ad137f)
v1.1303.1
1.1303.1 (2026-03-04)
The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see this documentation
Bug Fixes
- ui: Fixed an issue where JSON output was incorrectly printed to stdout when only --json-file-output was specified. (d6d465d)
- language-server: Fixed an issue where scans would not trigger when Snyk Code was enabled in IDE settings. (7567881)
- mcp: Fixed an issue where Snyk rules were not written locally. (7567881)