1.1303.0 (2026-02-26)
The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see this documentation
Features
- iac: users can now exclude specific files and directories from IaC scans using the
--excludeparameter (3acbc6b) - test, sbom:
--jsonoutput ofsnyk testandsnyk sbom testshould now contain fields which were previously missing (isDisputed,proprietary,severityBasedOn,alternativeIds,mavenModuleName) (9996b27) - sbom: sbom generated output will contain maven/npm scope information for those organizations with the
show-maven-build-scope/show-npm-scopefeature flag enabled (89d26f0) - aibom: users can now pass the
--uploadand--repoflag to the experimental aibom command to persist their AI BOM into their Snyk organisation (e1fdae7) - redteam: users can now retrieve red team scan results using
snyk redteam --experimental get --id=<scan-id>. The scan command also now shows progress during execution. (fba40cc) - redteam: users can now return an HTML report via
--htmlor--html-file-outputflags (aa76c04) - mcp: users can now use
snyk_package_healthto validate package health (2b0edd2) - mcp: users can now use profiles to select which tools are registered based on their use case, profiles can be configured via CLI flag (
--profile=<lite|full|experimental>) or environment variable (SNYK_MCP_PROFILE). (2b0edd2) - mcp: users will now have their Secure At Inception rules written at the global level. (495a2e0)
- container:
snyk container sbomusers can now use--usernameand--passwordto generate SBOMs for images in private registries (a7015a7) - container:
snyk container sbomusers can now use--exclude-node-modulesto exclude node_modules directories from the SBOM (a7015a7) - container:
snyk container sbomusers can now use--nested-jars-depthto control the depth of nested JAR unpacking (a7015a7) - container:
snyk container sbomusers can now passdocker-archive:,oci-archive:,kaniko-archive:prefixed paths or bare.tarfile paths as the image argument (a7015a7) - dependencies: updated minimum go version to v1.25.7 (5927337)
Bug Fixes
- test correctly scan NuGet package names case-insensitively (44bf86b)
- test handle absolute target file paths for poetry (d902590)
- test: improved maven version detection for versions greater than 3.6.3 (87853a8)
- test: fixes an issue where the
runAutomationDetailsfield in sarif output is not unique (07dd36f) - test: the
automationDetailsfield is now rendered correctly when using the--sarifflag (3191e4d) - test: improve error reporting when using
--all-projects(6e3b5d5) - ignores: ignores created via the
snyk ignorecommand are now correctly applied if an expiry is set or if using an absolute filepath (a61589c) - container use correct projectName value in container monitor JSON output (0e8feca)
- container: the
--target-referenceoption is now correctly applied to application scan results in container tests, not just the OS scan results (70db44f) - container: reverts previously introduced stricter validation that was a breaking change (rejecting true as a valid numeric argument) (70db44f)
- network: fix a possible panic when TLS config is nil (f601681)
- language-server: fixes an issue around API URL construction (35800c1)
- ui: improve the readability of error messages (763ac26)
- ui: some
SNYK-CLI-0000errors are now correctly categorised and displayed (3d02788) - dependencies: update dependencies to fix SNYK-JS-AXIOS-15252993 (1e80d74)
- dependencies: update dependencies to fix SNYK-GOLANG-GOOPENTELEMETRYIOOTELSDKRESOURCE-15182758 [IAC-3497] (4b3d826)
- dependencies: update dependencies to fix SNYK-JS-TAR-15307072 (fbc5cb4)
- dependencies: update dependencies to fix SNYK-JS-MINIMATCH-15309438 (8e7873f)
- dependencies: update dependencies to fix SNYK-GOLANG-GOLANGORGXCRYPTOSSH-14059803 and SNYK-GOLANG-GITHUBCOMULIKUNITZXZLZMA-12230262 [IAC-3478] (1d2d723)