Testing Gradle dependencies for security vulnerabilities

tkadlec · August 2, 2017, 9:10pm

Hey folks! We (Snyk) just launched support (free for open-source) for testing Gradle-based projects for known vulnerable dependencies (both transient and direct).

Basically, we look through the entire dependency tree and check against our open-source vulnerability database (Maven being the relevant one) to see if any vulnerabilities exist. If they do, we can be used to break a build, block a PR on GitHub or whatever specific action you may want to take using the CLI.

We did run it through some folks for a beta period, but it’s still early and we’re keen on getting a lot more feedback if possible. If anyone is willing to give it a go (it’s free for open-source projects), we would welcome any feedback you might have.

Thanks!
Tim

eriwen · August 2, 2017, 9:40pm

Hi Tim,

It’s awesome that you’ve added support for Gradle. I’ll try this out in some of my projects, and we will also let our users know that Synk has added this feature.

Please let us know if there is something that would make your Gradle support much better.

Cheers,
Eric

tkadlec · August 3, 2017, 7:35pm

Thanks, Eric. Definitely pass along any feedback you have.

I’ll keep you posted if we come up with something that would be particularly helpful.

Take care,
Tim

Topic		Replies	Views
Gradle-1.0-rc1 snapshot available Old Forum Archive	2	505	April 11, 2012
Gradle and CVE_2020-7692 Help/Discuss	0	411	September 4, 2020
Soft introduction of dependency locks Help/Discuss	2	337	July 12, 2021
Gradle-groovysh-plugin 0.3.0 released, code review desired Old Forum Archive	0	621	June 1, 2014
Gradle is a model open source project! Old Forum Archive	2	719	February 20, 2014

Testing Gradle dependencies for security vulnerabilities

Related Topics