loading...
Cover image for [Video] The Snyk Gradle Plugin

[Video] The Snyk Gradle Plugin

brianverm profile image 🧑đŸŧ‍đŸ’ģ Brian Vermeer ãƒģ1 min read

Check out the Snyk Gradle plugin.

Scan your thirds party open source dependencies for security vulnerabilities direct from Gradle using the new Snyk Gradle plugin.

For more information check out:

GitHub logo snyk / gradle-plugin

Snyk Gradle Plugin - Scanning and monitoring your dependencies for security vulnerabilities from Gradle

Snyk logo

Snyk plugin for Gradle

Application CI

Snyk helps you find, fix and monitor for known vulnerabilities in your dependencies, both on an ad hoc basis and as part of your CI (Build) system.

The Snyk Gradle plugin tests and monitors your Gradle dependencies.

ℹī¸ This product is not an official Snyk supported product. It is an open-source community driven project that is initialised and partially maintained by Snyk engineers

Using the Snyk Plugin for Gradle

The latest version of the plugin is released at the Gradle Plugins Portal Import the plugin using the plugin DSL

Groovy:

plugins {
  id "io.snyk.gradle.plugin.snykplugin" version "0.4"
}
Enter fullscreen mode Exit fullscreen mode

Kotlin

plugins {
  id("io.snyk.gradle.plugin.snykplugin") version "0.4"
}
Enter fullscreen mode Exit fullscreen mode

Setting:

Groovy:

snyk {
    arguments = '--all-sub-projects'
    severity = 'low'
    api = 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'
    autoDownload = true
    autoUpdate = true
}
Enter fullscreen mode Exit fullscreen mode

all fields are optional

  • argumentsâ€Ļ

Snyk plugging on the Gradle plugin portal

Discussion

pic
Editor guide
Collapse
jlleitschuh profile image
Jonathan Leitschuh

Instead of using test.finalizedBy('snyk-test') It would be better to use:

tasks.named("check").configure {
    dependsOn("snyk-test")
}
Enter fullscreen mode Exit fullscreen mode
Collapse
brianverm profile image
🧑đŸŧ‍đŸ’ģ Brian Vermeer Author

Thanks Jonathan, great comment!
It all depends on your situation. We just supply the tasks, how you integrate is all up to you. I am not judging how it fits anybody's needs, just giving an example :)