snyk/cli v1.1304.0

on GitHub

1.1304.0 (2026-04-09)

The Snyk CLI is being deployed to different deployment channels, users can select the stability level according to their needs. For details please see this documentation

Features

• aibom: Introduces the snyk aibom test command. (2978044)
• test, monitor, sbom: Introduce --maven-skip-wrapper flag to force the use of a globally installed mvn command. (0ee90ca, ff31066)
• general: Introduce explicit configuration for network retry max-attempts. (1fbdf38)
• container: Add deprecation warnings for -shaded-jars-depth and non-numeric values for --nested-jars-depth. (321b6f5)
• container: Extend support for java runtime binary scanning (b60473a)
• mcp: Improves auto-enable behavior for Snyk Code, promotes package health checks to stable. (5f5898f)
• redteam: Adds a vulnerability summary to scanned output. (52eaf5a)
• redteam: Add --json flag support for list commands, exhaustive and eager modes. (e962c4d)

Bug Fixes

• general: Fix printing JSON output on stdout when only --json-file-output is specified. (32f65f0)
• test: Fixes an issue where no files were uploaded when using --skip-unresolved. (71ca761)
• test: Prevents scan failures when Maven builds succeed with non-fatal errors. (b30db97)
• test: Fixes Go PackageURL generation and import path normalization for projects using replace directives. (7c7a366, ee7d72b)
• test: Improves SDK detection when host and SDK versions differ. (96d0817)
• test: Ensures project names are populated when scanning NuGet projects from repository root. (c043553)
• container: Snyk Container scans of tar files on Windows should now report vulnerabilities for Python application package files. (9b86790)
• container: Override packages with inaccurate pom.properties files (b60473a)
• test: Ensure Yarn workspace pacakges matches are actual members defined in the root package.json. (0dd6581)
• test: Fix increased scan times when testing Golang projects. (f2f5ba2)
• code: Snyk Code scans now return clearer error message and exit codes when testing unsupported projects (6f5b4e3)
• test: Fix a bug where aliased packages were being resolved with the target name insted of the alias for yarn projects. (dcbec6f)
• test: Fix a bug where Python packages with . characters in their name were incorrectly parsed to include - characters. (9a2a36e)
• deps: Updates dependencies to fix vulnerabilities:
  • CVE-2026-26996 (8e7873f)
  • CVE-2026-29786 (1a08533)
  • CVE-2026-31802 (1321575)
  • CVE-2025-69873 (8ff6aad)
  • CVE-2026-33186 (e98d9ef)
  • CVE-2026-32283 (d26e83f)
  • CVE-2026-29181 (f5418b6)