EOL policy: Snyk Images

This page outlines the Snyk end-of-life policy for images provided by the Snyk Images build tool chain. Snyk is introducing this policy, and it takes effect immediately as explained in the product announcement.

Purpose of policy

As a continued commitment to helping customers ship secure code, Snyk will provide images that contain software supported by its upstream vendor. Snyk will not build, maintain, or ship images based on EOL software. For example, Snyk has stopped building images based on Python 3.7, which is not actively supported does not receive security updates from Python.

Snyk Images life cycle

Snyk is updating this page annually for planned removal of images containing software nearing end of life.

Users are encouraged to check this page from time to time, and also to determine whether their build pipelines are using EOL software by checking the endoflife.date website.

Snyk follows a phased approach to building, maintaining, and sunsetting an image.

Creation phase

Based on demand and requests, a base image can be added to snyk-images if the base image is vendor-supported.

Snyk accepts only base images from trusted vendors. The table that follows lists software bundled with the Snyk CLI in a Docker image. For a complete list of versions that are currently available, see the current images repository.

Snyk is not responsible for securing the vendor-provided base image itself.

Software bundled with Snyk
Alpine
Swift
Clojure
Composer
Docker
Golang
Gradle
Gradle dk
Maven
Maven jdk
Microsoft .NET
Node
Python
Ruby
Ubuntu
Scala/sbt

Software bundled with Snyk

Alpine

Swift

Clojure

Composer

Docker

Golang

Gradle

Gradle dk

Maven

Maven jdk

Microsoft .NET

Node

Python

Ruby

Ubuntu

Scala/sbt

Active support and maintenance phase

As long as the vendor supports the base image, the Snyk image will include the latest stable Snyk CLI version and a regularly updated version of the base image.

End of Life (EOL) phase

After the vendor software reaches EOL, that is, stops receiving active support and security updates, Snyk will also stop building, maintaining, and shipping the impacted image. Snyk will take this action during a four-month planned removal process.

Snyk will update the current images repository and user documentation to reflect this change followed by complete removal of images containing EOL software.

Here is how Snyk implements this phased approach during the four-month annual cycle:

Annual Timeline	Planned Changes	Customer Impact
May	Update current images repository and user documentation with the list of Snyk Images nearing EOL.	No changes to existing images at this point,
June	Stop building impacted images,	Impacted images will stop receiving latest stable Snyk CLI release and security updates,
July	Create and publish new Snyk images where applicable,	Snyk will introduce new images as applicable,
July	Create and publish migration user guides on docs.snyk.io where applicable,	User documentation will be updated with migration guides,
August	Remove impacted images from Docker Hub,	Impacted images will be removed,

Annual Timeline

Planned Changes

Customer Impact

May

Update current images repository and user documentation with the list of Snyk Images nearing EOL.

No changes to existing images at this point,

June

Stop building impacted images,

Impacted images will stop receiving latest stable Snyk CLI release and security updates,

July

Create and publish new Snyk images where applicable,

Snyk will introduce new images as applicable,

July

Create and publish migration user guides on docs.snyk.io where applicable,

User documentation will be updated with migration guides,

August

Remove impacted images from Docker Hub,

Impacted images will be removed,

For more details, see Images planned to be removed in 2024 and Images no longer supported by Snyk.

PreviousCI/CD troubleshooting and resources NextImages planned to be removed in 2024

Last updated 4 months ago