Snyk plugin for Gradle
Snyk helps you find, fix and monitor for known vulnerabilities in your dependencies, both on an ad hoc basis and as part of your CI (Build) system.
The Snyk Gradle plugin tests and monitors your Gradle dependencies.
| ℹ️ This product is not an official Snyk supported product. It is an open-source community driven project that is initialised and partially maintained by Snyk engineers |
|---|
Using the Snyk Plugin for Gradle
The latest version of the plugin is released at the Gradle Plugins Portal. Import the plugin using the plugin DSL
Groovy:
plugins {
id "io.snyk.gradle.plugin.snykplugin" version "0.4"
}Kotlin
plugins {
id("io.snyk.gradle.plugin.snykplugin") version "0.4"
}Setting:
Groovy:
snyk {
arguments = '--all-sub-projects'
severity = 'low'
api = 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'
autoDownload = true
autoUpdate = true
}all fields are optional
- arguments - add extra arguments to the Snyk CLI. See Snyk CLI help for more information. In this example it scans all sub-projects for gradle
- severity - what is the severity threshold. Leave empty to only show the vulnerabilites but not break
- api - api key that can be found on the settings page of your (free) snyk account. Alternatively you can set a environment variable SNYK_TOKEN and ommit it here
- autoDownload - automatically download the CLI is none is installed (default = true)
- autoUpdate - update the CLI if there is a newer version (only if downloaded by gradle plugin) (default = false)
Running:
Snyk Test:
$ gradle snyk-testSnyk Test together with a clean build:
$ gradle clean build snyk-testSnyk Monitor: Snyk Test:
$ gradle snyk-monitorSnyk Monitor together with a clean build:
$ gradle clean build snyk-monitor