Snyk plugin for Gradle

Snyk helps you find, fix and monitor for known vulnerabilities in your dependencies, both on an ad-hoc basis and as part of your CI (Build) system.

The Snyk Gradle plugin tests and monitors your Gradle dependencies.

This product is not an official Snyk supported product. It is an open-source community driven project that is initialised and partially maintained by Snyk engineers

Using the Snyk Plugin for Gradle

The latest version of the plugin is released at the Gradle Plugins Portal.
Import the plugin using the plugin DSL

Groovy:

plugins {
  id "io.snyk.gradle.plugin.snykplugin" version "0.7.0"
}

Kotlin

plugins {
  id("io.snyk.gradle.plugin.snykplugin") version "0.7.0"
}

Setting:

Groovy:

snyk {
    arguments = '--all-sub-projects'
    severity = 'low'
    api = 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'
    autoDownload = true
    autoUpdate = true
}

Kotlin:

snyk {
    setArguments("--all-sub-projects")
    setSeverity("low")
    setApi("xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx")
    setAutoDownload(true)
    setAutoUpdate(true)
}

all fields are optional

• arguments - add extra arguments to the Snyk CLI. See Snyk CLI help for more information. In this example it scans all subprojects for gradle
• severity - what is the severity threshold. Leave empty to only show the vulnerabilities but not break
• api - api key that can be found on the settings page of your (free) Snyk account. Alternatively you can set an environment variable SNYK_TOKEN and omit it here
• autoDownload - automatically download the CLI is none is installed (default = true)
• autoUpdate - update the CLI if there is a newer version (only if downloaded by gradle plugin) (default = false)

Running:

Snyk Test:

$ gradle snyk-test

Snyk Test together with a clean build:

$ gradle clean build snyk-test

Snyk Monitor:

$ gradle snyk-monitor

Snyk Monitor together with a clean build:

$ gradle clean build snyk-monitor