SCM integrations with Maven and Gradle
Last updated
Last updated
More information
Snyk privacy policy© 2024 Snyk Limited | All product and company names and logos are trademarks of their respective owners.
Maven Projects | Gradle Projects |
---|---|
Release status
Improved Gradle SCM scanning is in Early Access. You can enable the feature by using Snyk Preview.
You can now obtain more accurate results for your Gradle Projects imported through Git integrations by using Improved Gradle SCM scanning.
The following lists some of the main supported Gradle features:
Local and global variables, maps, and string interpolation
Gradle lockfiles
Gradle properties and system properties - gradle.properties
Multi-project builds, project names, project references
Maven BOMs as platform
dependencies
Some Gradle features are not supported, and this may influence the scan results. These Gradle features include:
If you see unexpected results from this Early Access feature, contact Snyk support.
Improved Gradle scanning supports importing a maximum limit of 5,000 build.gradle(.kts)
files per Git repository. Attempts to import repos with more than 5,000 Gradle build files will fail.
To enable this feature, follow these steps for your Snyk Organisation:
Configure package repository integrations (if you use Artifactory or Nexus, see below).
Enable Workspaces for SCM integrations.
Enable Improved Gradle scanning in Snyk Preview.
After Improved Gradle SCM scanning is enabled:
Previously imported Git repositories will have existing Gradle Groovy DSL Projects automatically updated on the next manual or recurring test.
Re-import the repository to start seeing results for Gradle Kotlin DSL Projects.
Configure language settings for your open source and licensing at the Organization level. The configuration settings apply to all Projects in that Organization.
Open Snyk Web UI and go to Settings > Languages section.
Under Languages, go to Java and select Edit settings.
Configure the settings for Maven.
Update Settings to save changes.
If your application build uses private package repositories, you must configure the relevant Snyk integration to get the most accurate results.
To use package repository integrations with the Improved Gradle scanning Early Access feature, use the configuration instructions and settings for Maven.
These will be detected and used in improved Gradle scans.
In the Java language settings, you can integrate Snyk with your private package repositories (for example, Artifactory or Nexus).
This enables Snyk to build a complete dependency tree when scanning Maven or Gradle (Early Access) projects that reference private packages.
For more information, see Artifactory Registry for Maven in the Package repository integrations.