Testing Gradle dependencies for security vulnerabilities


(Tim Kadlec) #1

Hey folks! We (Snyk) just launched support (free for open-source) for testing Gradle-based projects for known vulnerable dependencies (both transient and direct).

Basically, we look through the entire dependency tree and check against our open-source vulnerability database (Maven being the relevant one) to see if any vulnerabilities exist. If they do, we can be used to break a build, block a PR on GitHub or whatever specific action you may want to take using the CLI.

We did run it through some folks for a beta period, but it’s still early and we’re keen on getting a lot more feedback if possible. If anyone is willing to give it a go (it’s free for open-source projects), we would welcome any feedback you might have.

Thanks!
Tim


(Eric Wendelin) #2

Hi Tim,

It’s awesome that you’ve added support for Gradle. I’ll try this out in some of my projects, and we will also let our users know that Synk has added this feature.

Please let us know if there is something that would make your Gradle support much better.

Cheers,
Eric


(Tim Kadlec) #3

Thanks, Eric. Definitely pass along any feedback you have.

I’ll keep you posted if we come up with something that would be particularly helpful. :slight_smile:

Take care,
Tim