We’re happy to announce the beta availability of Reachable Vulnerabilities for GitHub, enabling you to prioritize fixes for vulnerabilities in your GitHub-hosted applications using deep, application-level context.
Just like eating from the healthy parts of a rotten fruit, a vulnerability in one part of your code does not necessarily mean that the entire library or package is vulnerable. Vulnerabilities not being reached will usually not compromise the application as a whole and therefore pose less of a risk compared to vulnerabilities that are reached.
The analysis executed by Snyk’s Reachable Vulnerabilities - now also supported for GitHub-hosted applications - determines the reachability for a given vulnerability and helps you assess risk quickly and more accurately.
This capability is being gradually rolled out, in beta, across all Snyk plans for Java (Maven) projects. You can learn more about this announcement and Snyk’s Reachable Vulnerabilities, in this blog post. Feel free to check it out, and let us know what you think.