snyk · rrama · Dec 10, 2025 · Dec 5, 2025 · Dec 9, 2025 · Dec 10, 2025
@@ -180,8 +180,17 @@
             "description": "Severity issues to display.",
             "scope": "window"
           },
-          "snyk.issueViewOptions": {
+          "snyk.riskScoreThreshold": {
             "order": 6,
+            "type": "integer",
+            "minimum": 0,
+            "maximum": 1000,
+            "default": 0,
+            "markdownDescription": "[Early Access] Filters Open Source issues by [risk score](https://docs.snyk.io/manage-risk/prioritize-issues-for-fixing/risk-score). Only issues with a risk score >= threshold are shown. Set to 0 to show all issues.",
+            "scope": "window"
+          },
+          "snyk.issueViewOptions": {
+            "order": 7,
             "type": "object",
             "default": {
               "openIssues": true,
@@ -215,13 +224,13 @@
               "Shows all issues that have been identified, including both new and existing issues.",
               "Shows only new issues filtering out previously known issues in a base branch"
             ],
-            "order": 7
+            "order": 8
           },
           "snyk.advanced.additionalParameters": {
             "type": "string",
             "description": "Parameters to pass to Snyk CLI for Open Source security tests.",
             "scope": "window",
-            "order": 8
+            "order": 9
           }
         }
       },

@@ -24,6 +24,7 @@ import {
   IAC_ENABLED_SETTING,
   ISSUE_VIEW_OPTIONS_SETTING,
   OSS_ENABLED_SETTING,
+  RISK_SCORE_THRESHOLD_SETTING,
   SCANNING_MODE,
   AUTO_CONFIGURE_MCP_SERVER,
   SECURITY_AT_INCEPTION_EXECUTION_FREQUENCY,
@@ -93,7 +94,7 @@ export const DEFAULT_ISSUE_VIEW_OPTIONS: IssueViewOptions = {
   openIssues: true,
 };
 
-export const DEFAULT_SECURE_AT_INCEPTION_EXECUTION_FREQUENCY = 'Manual';
+export const DEFAULT_RISK_SCORE_THRESHOLD = 0; // Should match value in package.json.
 
 export interface SeverityFilter {
   critical: boolean;
@@ -113,6 +114,8 @@ export const DEFAULT_SEVERITY_FILTER: SeverityFilter = {
 
 const DEFAULT_AUTO_ORGANIZATION = false; // Should match value in package.json.
 
+export const DEFAULT_SECURE_AT_INCEPTION_EXECUTION_FREQUENCY = 'Manual';
+
 export type PreviewFeatures = Record<string, never>;
 
 export interface IConfiguration {
@@ -217,6 +220,8 @@ export interface IConfiguration {
 
   issueViewOptions: IssueViewOptions;
 
+  riskScoreThreshold: number;
+
   severityFilter: SeverityFilter;
 
   scanningMode: string | undefined;
@@ -599,6 +604,15 @@ export class Configuration implements IConfiguration {
     return config ?? DEFAULT_ISSUE_VIEW_OPTIONS;
   }
 
+  get riskScoreThreshold(): number {
+    return (
+      this.workspace.getConfiguration<number>(
+        CONFIGURATION_IDENTIFIER,
+        this.getConfigName(RISK_SCORE_THRESHOLD_SETTING),
+      ) ?? DEFAULT_RISK_SCORE_THRESHOLD
+    );
+  }
+
   get severityFilter(): SeverityFilter {
     const config = this.workspace.getConfiguration<SeverityFilter>(
       CONFIGURATION_IDENTIFIER,

@@ -25,6 +25,7 @@ export const ADVANCED_CLI_RELEASE_CHANNEL = `${CONFIGURATION_IDENTIFIER}.advance
 export const ADVANCED_AUTHENTICATION_METHOD = `${CONFIGURATION_IDENTIFIER}.advanced.authenticationMethod`;
 
 export const ISSUE_VIEW_OPTIONS_SETTING = `${CONFIGURATION_IDENTIFIER}.issueViewOptions`;
+export const RISK_SCORE_THRESHOLD_SETTING = `${CONFIGURATION_IDENTIFIER}.riskScoreThreshold`;
 export const SEVERITY_FILTER_SETTING = `${CONFIGURATION_IDENTIFIER}.severity`;
 export const TRUSTED_FOLDERS = `${CONFIGURATION_IDENTIFIER}.trustedFolders`;
 export const FOLDER_CONFIGS = `${CONFIGURATION_IDENTIFIER}.folderConfigs`;

@@ -35,6 +35,7 @@ export type ServerSettings = {
 
   // Security and scanning settings
   filterSeverity?: SeverityFilter;
+  riskScoreThreshold?: number;
   issueViewOptions?: IssueViewOptions;
   scanningMode?: string;
   insecure?: string;
@@ -91,6 +92,7 @@ export class LanguageServerSettings {
       additionalParams: configuration.getAdditionalCliParameters(),
       manageBinariesAutomatically: `${configuration.isAutomaticDependencyManagementEnabled()}`,
       filterSeverity: configuration.severityFilter,
+      riskScoreThreshold: configuration.riskScoreThreshold,
       issueViewOptions: configuration.issueViewOptions,
       scanningMode: configuration.scanningMode,
       insecure: `${configuration.getInsecure()}`,

@@ -10,9 +10,7 @@ import {
   ADVANCED_AUTO_SELECT_ORGANIZATION,
   ADVANCED_ORGANIZATION,
   IAC_ENABLED_SETTING,
-  ISSUE_VIEW_OPTIONS_SETTING,
   OSS_ENABLED_SETTING,
-  SEVERITY_FILTER_SETTING,
   TRUSTED_FOLDERS,
   DELTA_FINDINGS,
   FOLDER_CONFIGS,
@@ -59,10 +57,6 @@ class ConfigurationWatcher implements IWatcher {
       return extension.viewManagerService.refreshAllCodeAnalysisViews();
     } else if (key === IAC_ENABLED_SETTING) {
       return extension.viewManagerService.refreshIacView();
-    } else if (key === ISSUE_VIEW_OPTIONS_SETTING) {
-      extension.viewManagerService.refreshAllViews();
-    } else if (key === SEVERITY_FILTER_SETTING) {
-      return extension.viewManagerService.refreshAllViews();
     } else if (key === ADVANCED_CUSTOM_ENDPOINT) {
       return configuration.clearToken();
     } else if (key === ADVANCED_AUTHENTICATION_METHOD) {
@@ -108,13 +102,11 @@ class ConfigurationWatcher implements IWatcher {
         OSS_ENABLED_SETTING,
         CODE_SECURITY_ENABLED_SETTING,
         IAC_ENABLED_SETTING,
-        SEVERITY_FILTER_SETTING,
         ADVANCED_CUSTOM_ENDPOINT,
         ADVANCED_CLI_PATH,
         ADVANCED_CLI_RELEASE_CHANNEL,
         ADVANCED_AUTHENTICATION_METHOD,
         TRUSTED_FOLDERS,
-        ISSUE_VIEW_OPTIONS_SETTING,
         DELTA_FINDINGS,
         FOLDER_CONFIGS,
         AUTO_CONFIGURE_MCP_SERVER,

@@ -5,6 +5,7 @@ import { v4 } from 'uuid';
 import { IAuthenticationService } from '../../../../snyk/base/services/authenticationService';
 import {
   DEFAULT_ISSUE_VIEW_OPTIONS,
+  DEFAULT_RISK_SCORE_THRESHOLD,
   DEFAULT_SEVERITY_FILTER,
   FolderConfig,
   IConfiguration,
@@ -91,6 +92,7 @@ suite('Language Server', () => {
         return true;
       },
       severityFilter: DEFAULT_SEVERITY_FILTER,
+      riskScoreThreshold: DEFAULT_RISK_SCORE_THRESHOLD,
       issueViewOptions: DEFAULT_ISSUE_VIEW_OPTIONS,
       getTrustedFolders(): string[] {
         return ['/trusted/test/folder'];
@@ -258,6 +260,7 @@ suite('Language Server', () => {
           manageBinariesAutomatically: 'true',
           deviceId: user.anonymousId,
           filterSeverity: DEFAULT_SEVERITY_FILTER,
+          riskScoreThreshold: DEFAULT_RISK_SCORE_THRESHOLD,
           issueViewOptions: DEFAULT_ISSUE_VIEW_OPTIONS,
           enableTrustedFoldersFeature: 'true',
           trustedFolders: ['/trusted/test/folder'],

@@ -2,6 +2,7 @@ import assert from 'assert';
 import sinon from 'sinon';
 import {
   DEFAULT_ISSUE_VIEW_OPTIONS,
+  DEFAULT_RISK_SCORE_THRESHOLD,
   DEFAULT_SEVERITY_FILTER,
   FolderConfig,
   IConfiguration,
@@ -55,6 +56,7 @@ suite('Language Server: Middleware', () => {
         return defaultFeaturesConfigurationStub;
       },
       severityFilter: DEFAULT_SEVERITY_FILTER,
+      riskScoreThreshold: DEFAULT_RISK_SCORE_THRESHOLD,
       issueViewOptions: DEFAULT_ISSUE_VIEW_OPTIONS,
       getTrustedFolders: () => ['/trusted/test/folder'],
       getFolderConfigs(): FolderConfig[] {

@@ -1,6 +1,7 @@
 import assert from 'assert';
 import {
   DEFAULT_ISSUE_VIEW_OPTIONS,
+  DEFAULT_RISK_SCORE_THRESHOLD,
   DEFAULT_SEVERITY_FILTER,
   FolderConfig,
   IConfiguration,
@@ -40,6 +41,7 @@ suite('LanguageServerSettings', () => {
           return 'oauth';
         },
         severityFilter: DEFAULT_SEVERITY_FILTER,
+        riskScoreThreshold: DEFAULT_RISK_SCORE_THRESHOLD,
         issueViewOptions: DEFAULT_ISSUE_VIEW_OPTIONS,
         scanningMode: 'scan-mode',
       } as unknown as IConfiguration;