Announcing Snyk for Gradle, Scala and Python
Since we launched nearly two years ago, Snyk has been focused on making it easier to use open-source code without compromising security. Initially, we focused on Node.js, making sure we built up a robust, developer-friendly tool in the process. Since then we added support for Ruby and Maven and the ability to monitor deployed code in serverless environments. All the while we’ve learned from our users, working to make it as easy as possible for Snyk to do its job and then get out of the way so that you can do yours.
Today, we’re taking another leap forward and launching support for Python, Scala and Gradle! All three are available today, so you can try them immediately.
Python is supported through both our CLI and the GitHub integration. The Python integration works with any packages installed from the Python Package Index (PyPI) using pip and works great with both the 2.x and 3.x streams of Python.
The GitHub integration looks at your
requirements.txt file to see what dependencies you’re using, scan our open-source vulnerability database and report any issues we find.
You can easily monitor these repositories as well to avoid adding any vulnerable dependencies to your application as it grows and ensuring that you are alerted to any new vulnerabilities as soon as they are discovered.
The Snyk CLI for Python will look through all the dependencies—direct and transient—to check for vulnerabilities using the local pip. You can use both
snyk test and
snyk monitor in your CI environments to bake security into the process.
Securing Gradle and Scala
As with Python, Gradle and Scala are now supported both in the CLI and through the GitHub integration. Gradle and Scala will use your
build.sbt files, respectively, to identify any Maven dependencies that are being used. Those dependencies are then tested against our database to see if any vulnerabilities are contained.
The GitHub integration allows you to automatically check any new pull-request to seamlessly ensure no vulnerabilities are introduced into your application. If any are found, the PR check will fail so that you have an opportunity to address the issues before introducing them into your application.
The CLI gives you the flexibility to test your Gradle and Scala applications manually or at key steps in your CI process. It looks through your dependency tree to identify each dependency in use, and its version, before testing them all.
As with all languages Snyk supports, the CLI and GitHub integration also enables you to setup continuous monitoring of your Gradle and Scala applications. This means that if any newly disclosed vulnerabilities impact your application, you’ll be alerted right away so that you can fix them.
Try it out!
We’ve been working hard on this launch, gathering feedback from beta users and making refinements along the way. We’re thrilled to now open it up to everyone.
If you’re using Python, Scala, Gradle or all of the above, start testing now to see if you have any known vulnerabilities lurking in your dependencies. As always, Snyk is free for open-source use—no matter how many open-source projects you have. Open-source is a huge boon for development, and we’re happy to play our part in making it as secure as possible.
If you have any feedback, please let us know. We’re always eager to make Snyk even better. Likewise, if there are any languages or package managers that you would like Snyk to support, let us know which ones. Not only does it help us prioritize, but we love being able to give beta access to developers eager to test and provide feedback.
Snyk and Atlassian, Sitting in a Tree
August 24, 2017With Snyk support for Bitbucket Server now out of beta, you can tightly integrate Snyk with your Atlassian workflow from start to finish—from easily monitoring your projects, to integration with Bitbucket pipelines and even JIRA Software ticket creation.
Getting the Most Out of Snyk Test with JSON
June 29, 2017Running `snyk test` out of the box will scan your application's dependencies and test to see if any of them contain known vulnerabilities. In this post, we discuss how you can customize the results using the `--json` option a few free tools.
Subscribe to The Secure Developer Podcast
A podcast about security for developers, covering tools and best practices.
Interested in web security?
Subscribe to our newsletter: