We just disclosed a widespread critical vulnerability called Zip Slip. It may affect you –
Snyk for Java supports testing Java projects that have their dependencies managed by Maven or Gradle.
Support is available for GitHub repositories, and via the Snyk CLI.
We scan Java projects by examining your pom.xml or build.gradle file to compare the specific versions of every direct and deep dependency in your project against our Maven vulnerability database.
We ignore test dependencies by default, but they can be included from the CLI.