Snyk helps you find, fix and monitor for known vulnerabilities in your dependencies, both on an ad-hoc basis and as part of your CI (Build) system.
The Snyk Gradle plugin tests and monitors your Gradle dependencies.
| ℹ️ This product is not an official Snyk supported product. It is an open-source community driven project that is initialised and partially maintained by Snyk engineers |
|---|
The latest version of the plugin is released at the Gradle Plugins Portal. Import the plugin using the plugin DSL
Groovy:
plugins {
id "io.snyk.gradle.plugin.snykplugin" version "0.7.0"
}Kotlin
plugins {
id("io.snyk.gradle.plugin.snykplugin") version "0.7.0"
}Groovy:
snyk {
arguments = '--all-sub-projects'
severity = 'low'
api = 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'
autoDownload = true
autoUpdate = true
}Kotlin:
snyk {
setArguments("--all-sub-projects")
setSeverity("low")
setApi("xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx")
setAutoDownload(true)
setAutoUpdate(true)
}all fields are optional
- arguments - add extra arguments to the Snyk CLI. See Snyk CLI help for more information. In this example it scans all subprojects for gradle
- severity - what is the severity threshold. Leave empty to only show the vulnerabilities but not break
- api - api key that can be found on the settings page of your (free) Snyk account. Alternatively you can set an environment variable
SNYK_TOKENand omit it here - autoDownload - automatically download the CLI is none is installed (default = true)
- autoUpdate - update the CLI if there is a newer version (only if downloaded by gradle plugin) (default = false)
Snyk Test:
$ gradle snyk-testSnyk Test together with a clean build:
$ gradle clean build snyk-testSnyk Monitor:
$ gradle snyk-monitorSnyk Monitor together with a clean build:
$ gradle clean build snyk-monitor