Dart and Flutter

Dart and Flutter for Snyk Code

For an overview of the supported security rules, visit Dart and Flutter rules.

Supported frameworks and libraries

For Dart and Flutter with Snyk Code, Snyk supports the following frameworks and libraries:

Supported file formats

The following file formats are supported: .dart

Available features

• Reports

• Interfile analysis

Dart and Flutter for Snyk Open Source

Available features

• Test your app's SBOM and packages using pkg:pub PURLs, using the sbom test command

• Test & monitor your Flutter apps native platform dependencies using snyk test and snyk monitor commands

Testing a Dart applications pub dependency tree

Activate the pub sbom package & create a minimal sbom.yaml file in the root folder of the repository:

Use the dart sbom command to create a SBOM file & test it using the sbom test command:

Testing platform dependencies (iOS, macOS, Android) in Flutter apps

Flutter applications rely on native platform dependencies to handle lower-level tasks, such as analytics, hardware access, or integrating existing functionality. These dependencies can be added through pub packages to extend functionality or integrated directly into build systems like Gradle or Cocoapods.

Snyk’s regular open-source support can scan these packages; however, a complete app build is necessary to make them available in the repository and accessible to CLI tools.

You can start by building the application for all relevant platforms. This ensures that pub fetches all required packages, and the Flutter build system establishes the necessary links for the native build systems.

Next, run the snyk monitor command to scan for native dependencies:

The --exclude parameter removes duplicates and ignores example applications, which are part of the plugin source code but not included in regular application builds.

You are now able to view in the Snyk Web UI all native dependencies, including those introduced by third-party plugins.