DEV Community

Cover image for [Video] Security scanning within Gradle
1

[Video] Security scanning within Gradle

Check out the Snyk Gradle plugin.

Scan your thirds party open source dependencies for security vulnerabilities direct from Gradle using the new Snyk Gradle plugin.

For more information check out:

GitHub logo snyk / gradle-plugin

Snyk Gradle Plugin - Scanning and monitoring your dependencies for security vulnerabilities from Gradle

Snyk logo

Snyk plugin for Gradle

Application CI

Snyk helps you find, fix and monitor for known vulnerabilities in your dependencies, both on an ad-hoc basis and as part of your CI (Build) system.

The Snyk Gradle plugin tests and monitors your Gradle dependencies.

ℹ️ This product is not an official Snyk supported product. It is an open-source community driven project that is initialised and partially maintained by Snyk engineers

Using the Snyk Plugin for Gradle

The latest version of the plugin is released at the Gradle Plugins Portal Import the plugin using the plugin DSL

Groovy:

plugins {
  id "io.snyk.gradle.plugin.snykplugin" version "0.6.1"
}
Enter fullscreen mode Exit fullscreen mode

Kotlin

plugins {
  id("io.snyk.gradle.plugin.snykplugin") version "0.6.1"
}
Enter fullscreen mode Exit fullscreen mode

Setting:

Groovy:

snyk {
    arguments = '--all-sub-projects'
    severity = 'low'
    api = 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'
    autoDownload = true
    autoUpdate = true
}
Enter fullscreen mode Exit fullscreen mode

Kotlin:

snyk {
    setArguments("--all-sub-projects
…
Enter fullscreen mode Exit fullscreen mode

Snyk plugging on the Gradle plugin portal

Top comments (0)

Image of Datadog

Create and maintain end-to-end frontend tests

Learn best practices on creating frontend tests, testing on-premise apps, integrating tests into your CI/CD pipeline, and using Datadog’s testing tunnel.

Download The Guide

πŸ‘‹ Kindness is contagious

Engage with a sea of insights in this enlightening article, highly esteemed within the encouraging DEV Community. Programmers of every skill level are invited to participate and enrich our shared knowledge.

A simple "thank you" can uplift someone's spirits. Express your appreciation in the comments section!

On DEV, sharing knowledge smooths our journey and strengthens our community bonds. Found this useful? A brief thank you to the author can mean a lot.

Okay