Announcing Snyk for Gradle, Scala and Python
2 août 2017
0 minutes de lectureSince we launched nearly two years ago, Snyk has been focused on making it easier to use open-source code without compromising security. Initially, we focused on Node.js, making sure we built up a robust, developer-friendly tool in the process. Since then we added support for Ruby and Maven and the ability to monitor deployed code in serverless environments. All the while we’ve learned from our users, working to make it as easy as possible for Snyk to do its job and then get out of the way so that you can do yours.
Today, we’re taking another leap forward and launching support for Python, Scala and Gradle! All three are available today, so you can try them immediately.
Securing Python
Python is supported through both our CLI and the GitHub integration. The Python integration works with any packages installed from the Python Package Index (PyPI) using pip and works great with both the 2.x and 3.x streams of Python.
The GitHub integration looks at your requirements.txt
file to see what dependencies you’re using, scan our open-source vulnerability database and report any issues we find.
You can easily monitor these repositories as well to avoid adding any vulnerable dependencies to your application as it grows and ensuring that you are alerted to any new vulnerabilities as soon as they are discovered.
The Snyk CLI for Python will look through all the dependencies — direct and transient — to check for vulnerabilities using the local pip. You can use both snyk test
and snyk monitor
in your CI environments to bake security into the process.
Securing Gradle and Scala
As with Python, Gradle and Scala are now supported both in the CLI and through the GitHub integration. Gradle and Scala will use your build.gradle
and build.sbt
files, respectively, to identify any Maven dependencies that are being used. Those dependencies are then tested against our database to see if any vulnerabilities are contained.
The GitHub integration allows you to automatically check any new pull-request to seamlessly ensure no vulnerabilities are introduced into your application. If any are found, the PR check will fail so that you have an opportunity to address the issues before introducing them into your application.
The CLI gives you the flexibility to test your Gradle and Scala applications manually or at key steps in your CI process. It looks through your dependency tree to identify each dependency in use, and its version, before testing them all.
As with all languages Snyk supports, the CLI and GitHub integration also enables you to setup continuous monitoring of your Gradle and Scala applications. This means that if any newly disclosed vulnerabilities impact your application, you’ll be alerted right away so that you can fix them.
Try it out!
We’ve been working hard on this launch, gathering feedback from beta users and making refinements along the way. We’re thrilled to now open it up to everyone.
If you’re using Python, Scala, Gradle or all of the above, start testing now to see if you have any known vulnerabilities lurking in your dependencies. As always, Snyk is free for open-source use—no matter how many open-source projects you have. Open source is a huge boon for development, and we’re happy to play our part in making it as secure as possible.
If you have any feedback, please let us know. We’re always eager to make Snyk even better. Likewise, if there are any languages or package managers that you would like Snyk to support, let us know which ones. Not only does it help us prioritize, but we love being able to give beta access to developers eager to test and provide feedback.
Détecter et corriger automatiquement les vulnérabilités
Snyk fournit des PR de correction en un clic et des conseils de remédiation pour votre code, vos dépendances, vos conteneurs et votre infrastructure de cloud.