Check out the Snyk Gradle plugin.

Scan your thirds party open source dependencies for security vulnerabilities direct from Gradle using the new Snyk Gradle plugin.

For more information check out:

• The blog post

• The GitHub repo:

snyk / gradle-plugin

Snyk Gradle Plugin – Scanning and monitoring your dependencies for security vulnerabilities from Gradle

Snyk plugin for Gradle

Snyk helps you find, fix and monitor for known vulnerabilities in your dependencies, both on an ad-hoc basis and as part of your CI (Build) system.

The Snyk Gradle plugin tests and monitors your Gradle dependencies.

Using the Snyk Plugin for Gradle

The latest version of the plugin is released at the Gradle Plugins Portal Import the plugin using the plugin DSL

Groovy:

plugins {
  id "io.snyk.gradle.plugin.snykplugin" version "0.6.1"
}

Enter fullscreen mode Exit fullscreen mode

Kotlin

plugins {
  id("io.snyk.gradle.plugin.snykplugin") version "0.6.1"
}

Enter fullscreen mode Exit fullscreen mode

Setting:

Groovy:

snyk {
    arguments = '--all-sub-projects'
    severity = 'low'
    api = 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'
    autoDownload = true
    autoUpdate = true
}

Enter fullscreen mode Exit fullscreen mode

Kotlin:

snyk {
    setArguments("--all-sub-projects

… Enter fullscreen mode Exit fullscreen mode
View on GitHub

• The Gradle plugin portal

原文链接：[Video] Security scanning within Gradle