Snyk Gradle-jdk17 action

This page provides examples of using the Snyk GitHub action for Gradle (jdk17). For instructions on using the action and further information, see GitHub Actions for Snyk setup and checking for vulnerabilities.

Snyk Gradle (jdk17) Action

You can use the Snyk Gradle (jdk17) action to check for vulnerabilities as follows:

name: Example workflow for Gradle (jdk17) using Snyk
on: push
jobs:
  security:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@master
      - name: Run Snyk to check for vulnerabilities
        uses: snyk/actions/gradle-jdk17@master
        env:
          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

You can use the Snyk Gradle (jdk17) action to check for only high severity vulnerabilities as follows:

name: Example workflow for Gradle (jdk17) using Snyk
on: push
jobs:
  security:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@master
      - name: Run Snyk to check for vulnerabilities
        uses: snyk/actions/gradle-jdk17@master
        env:
          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
        with:
          args: --severity-threshold=high

Using the Snyk Gradle (jdk17) action to run snyk monitor

For an example of running snyk monitor, see this Snyk monitor example.

Uploading Snyk scan results to GitHub Code Scanning using the Snyk Gradle (jdk17) action

Using --sarif-file-output Snyk CLI option and the GitHub SARIF upload action, you can upload Snyk scan results to GitHub Code Scanning.

The Snyk action fails when vulnerabilities are found. This would prevent the SARIF upload action from running. Thus, you must use a continue-on-error option as shown in this example:

name: Example workflow for Gradle (jdk17) using Snyk
on: push
jobs:
  security:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@master
      - name: Run Snyk to check for vulnerabilities
        uses: snyk/actions/gradle-jdk17@master
        continue-on-error: true # To make sure that SARIF upload gets called
        env:
          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
        with:
          args: --sarif-file-output=snyk.sarif
      - name: Upload result to GitHub Code Scanning
        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: snyk.sarif

To use the upload-sarif option for private repositories, you must have GitHub Advanced Security.

If you see the error Advanced Security must be enabled for this repository to use code scanning, check that GitHub Advanced Security is enabled. For more information, see Managing security and analysis settings for your repository.

PreviousSnyk Gradle-jdk16 action NextSnyk Maven action

Last updated 7 months ago

Was this helpful?

hashtagSnyk Gradle (jdk17) Action

hashtagUsing the Snyk Gradle (jdk17) action to run snyk monitor

hashtagUploading Snyk scan results to GitHub Code Scanning using the Snyk Gradle (jdk17) action

Snyk Gradle (jdk17) Action

Using the Snyk Gradle (jdk17) action to run snyk monitor

Uploading Snyk scan results to GitHub Code Scanning using the Snyk Gradle (jdk17) action