Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/snyk/gradle-plugin

Snyk Gradle Plugin - Scanning and monitoring your dependencies for security vulnerabilities from Gradle
https://github.com/snyk/gradle-plugin

gradle-plugin snyk-cli snyk-monitor snyk-plugin snyk-test

Last synced: 8 months ago
JSON representation

Snyk Gradle Plugin - Scanning and monitoring your dependencies for security vulnerabilities from Gradle

Awesome Lists containing this project

README 

          
![Snyk logo](https://snyk.io/style/asset/logo/snyk-print.svg)



# Snyk plugin for Gradle



[![Application CI](https://github.com/snyk/gradle-plugin/workflows/Application%20CI/badge.svg?branch=master)](https://github.com/snyk/gradle-plugin/actions?query=workflow%3A%22Application+CI%22)



Snyk helps you find, fix and monitor for known vulnerabilities in your dependencies, both on an ad-hoc basis and as part of your CI (Build) system.



The Snyk Gradle plugin tests and monitors your Gradle dependencies.



| :information_source: This product is not an official Snyk supported product. It is an open-source community driven project that is initialised and partially maintained by Snyk engineers |

|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|



## Using the Snyk Plugin for Gradle

The latest version of the plugin is released at the [Gradle Plugins Portal](https://plugins.gradle.org/plugin/io.snyk.gradle.plugin.snykplugin).

Import the plugin using the plugin DSL



Groovy:

```groovy

plugins {

  id "io.snyk.gradle.plugin.snykplugin" version "0.7.0"

}

```



Kotlin

```kotlin

plugins {

  id("io.snyk.gradle.plugin.snykplugin") version "0.7.0"

}

```



### Setting:



Groovy:

```groovy

snyk {

    arguments = '--all-sub-projects'

    severity = 'low'

    api = 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'

    autoDownload = true

    autoUpdate = true

}

```

Kotlin:

```kotlin

snyk {

    setArguments("--all-sub-projects")

    setSeverity("low")

    setApi("xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx")

    setAutoDownload(true)

    setAutoUpdate(true)

}

```



all fields are optional



- **arguments** - add extra arguments to the Snyk CLI. See Snyk CLI help for more information. In this example it scans all subprojects for gradle

- **severity** - what is the severity threshold. Leave empty to only show the vulnerabilities but not break

- **api** - api key that can be found on the settings page of your (free) Snyk account. Alternatively you can set an environment variable `SNYK_TOKEN` and omit it here

- **autoDownload** - automatically download the CLI is none is installed (default = true)

- **autoUpdate** - update the CLI if there is a newer version (only if downloaded by gradle plugin) (default = false)



### Running:



Snyk Test:

```bash

$ gradle snyk-test

```



Snyk Test together with a clean build:

```bash

$ gradle clean build snyk-test

```



Snyk Monitor:

```bash

$ gradle snyk-monitor

```



Snyk Monitor together with a clean build:

```bash

$ gradle clean build snyk-monitor

```