Use the Snyk plugin to secure your Eclipse projects
From the Snyk Results click whenever you are ready to scan your projects. It shouldn’t take too long for the results to appear—but no worries! You can continue to work as usual in the meantime anyway.
If for any reason you need to stop the scan before the build ends, click .
If you only want to scan a single project in your workspace, navigate to the Package Explorer panel, right-click the root of the project you want to test, and then choose Snyk test.
When the scan ends, results and any relevant error messages as well, are displayed from the Snyk Results, grouped by project similar to the following:
Work with Snyk Results from Eclipse as follows:
|Context menu||Right-click menu||Options include:
Ignore issue—Hover over the specific issue that you want to ignore for the next 30 days and then access the context menu.
Snyk test—Run the Snyk test for the entire workspace.
Preferences—Access and update Snyk Vuln Scanner preferences directly from the right-click menu.
|Title||The name of the project.|
|Dependency||A summary of vulnerabilities and the number of affected paths found per project.|
|Title||The full name of the vulnerability affecting your project, linked to a description and complete details of the vulnerability in our database, to assist you in resolving the issue.|
|Dependency||The name of the direct dependency package in your project (the package you explicitly installed) that is affected by the vulnerability, either directly or indirectly.|
|All details appear on a single row and the Dependency (the name of the package explicitly used in the code) and Package (the name of the package that actually contains the vulnerability) columns both display the name of the same package:
|When your project is affected by an indirect vulnerability:
|An arrow appears on the row, grouping together all relevant details, similar to the following examples:
Package X uses Package Y, which in turn uses Package Z.
Package Z contains a Cross-Site Scripting (XSS) vulnerability, indirectly affecting your project.
The Dependency (the name of the package explicitly used in the code) is Package X; the Package field displays Package Z (the name of the package that actually contains the vulnerability).
|Expanded mode||Click the arrow on the row to expand and view the full path from the direct dependency to the actual vulnerable package.
In the example above, the full path would appear as:
[Name of Package X]-->[Name of Package Y]-->[Name of Package Z]
|Package||The name of the package in your project that is directly affected by the vulnerability.
In the example above:
|Fix||The name of the package, if such exists, and the version that it can be upgraded to in order to resolve the issue.|