SupportAPI docsProduct updatesSign up for free
Search…
Snyk User Documentation
Introducing Snyk
Implementing Snyk in your teams
Getting started
Snyk Web UI
Snyk CLI
Snyk API
Snyk for IDEs
Snyk Apps
Snyk Integrations
SNYK PRODUCTS
Snyk Open Source
Snyk Code
Snyk Container
Snyk Infrastructure as Code
USING SNYK
Snyk Broker
User and group management
Fixing and prioritizing issues
Reports
Snyk Tools
SNYK INFO
Disclosing vulnerabilities
How Snyk handles your data
Snyk Partner workshops
Atlassian Integrations
AWS Integrations
Snyk Integrations
Snyk Account
CircleCI
Docker
Dynatrace
GCP
GitHub
Microsoft Azure
Oracle Cloud Infrastructure
Red Hat
SpringOne
Workshop Overview
Create Github Repository
Configure Snyk for DevSecOps
Developer Environment and Snyk
CI/CD Pipeline
Snyk Open-Source (SCA)
Import SPC into Snyk UI
Review Project Issues
Review Project Dependency Tree
Project fix advice
Snyk checks in GitHub
Snyk CI/CD
Snyk Containers
Snyk Infrastructure as Code (IaC)
Workshop Wrap Up
Powered By GitBook
Review Project Dependency Tree

Viewing the dependency tree

Snyk uses the package manager of your application to build the dependency tree and display it in the Snyk UI. The dependency tree helps visualize which component is introducing the vulnerability and helps Snyk to determine the appropriate fix advice.
In our sample application, we see how the transitive dependencies introduced a vulnerability into our application by examining the direct dependency org.springframework.boot:[email protected] The developer directly included this library into the source code via the pom.xml file and the org.springframework.boot:[email protected] library had a dependency on org.springframework.boot:[email protected] which has another dependency org.apache.tomcat.embed:[email protected]. This helps understand how the dependency was introduced to the application and also how Snyk can fix the issue.
The org.apache.tomcat.embed:[email protected] library is included multiple times due to transitive dependencies.
Previous
Review Project Issues
Next
Project fix advice
Last modified 8d ago
Export as PDF
Copy link
Edit on GitHub