Snyk Gradle Plugin

5.1.1 verified Sat Apr 25 auth: no javascript

Snyk CLI plugin for Gradle projects providing dependency metadata for vulnerability scanning. Current version 5.1.1 (Nov 2025), with a fast release cadence around 2-3 months. Supports Gradle 4-9, Node 16-20, and Windows/Linux/macOS. Key differentiator: integrates with Snyk CLI to automatically detect and fix vulnerabilities in Gradle dependencies, including multi-project builds and custom configuration matching.

Common errors

error Error: Cannot find module 'snyk-gradle-plugin' ↓

cause Package not installed or ESM import used in CJS context

fix

Ensure package is installed: npm install snyk-gradle-plugin. Use import syntax, not require, as the package is ESM-only.

error TypeError: snyk_gradle_plugin_1.inspect is not a function ↓

cause Incorrect import: using default import instead of named import

fix

Use named import: import { inspect } from 'snyk-gradle-plugin'

error Error: ENOENT: no such file or directory, stat './build.gradle' ↓

cause Missing or misconfigured project path

fix

Set options.path to the correct Gradle project directory containing build.gradle

Warnings

breaking Node IDs changed to uniquely identify all dependencies in v5.0.0 ↓

fix Update any code relying on node ID format; previously node IDs assumed only one artifact per resolved dependency

deprecated CommonJS require() is deprecated; the package is ESM-only since v5.0.0 ↓

fix Use import statements: `import { inspect } from 'snyk-gradle-plugin'`

gotcha Spaces in project path on Windows cause errors (fixed in v4.9.1 but may appear in older versions) ↓

fix Upgrade to v4.9.1 or later, or ensure paths have no spaces

breaking v5.0.0 requires Node >=16 (drops Node 14 support) ↓

fix Upgrade Node to version 16 or later

Install

npm install snyk-gradle-plugin

yarn add snyk-gradle-plugin

pnpm add snyk-gradle-plugin

Imports

inspect

wrong

const inspect = require('snyk-gradle-plugin')

correct

import { inspect } from 'snyk-gradle-plugin'

ESM-only since v5.0.0; default export not available

buildDepTree

wrong

import buildDepTree from 'snyk-gradle-plugin'

correct

import { buildDepTree } from 'snyk-gradle-plugin'

Named export, not default export

PluginOptions

wrong

import { PluginOptions } from 'snyk-gradle-plugin'

correct

import type { PluginOptions } from 'snyk-gradle-plugin'

TypeScript type import, not a runtime value

Quickstart

Scans a Gradle project for vulnerabilities using the inspect function, with configuration matching for specific dependency configurations.

import { inspect } from 'snyk-gradle-plugin';

const options = {
  path: process.cwd(),
  gradleSubProject: process.env.GRADLE_SUB_PROJECT || '',
  allSubProjects: false,
  configurationMatching: '^releaseRuntimeClasspath$',
  configurationAttributes: 'buildtype:release,usage:java-runtime',
};

async function run() {
  try {
    const result = await inspect(options);
    console.log(JSON.stringify(result, null, 2));
  } catch (error) {
    console.error('Inspection failed:', error.message);
  }
}

run();