search

snyk / gradle-plugin

Snyk Gradle Plugin - Scanning and monitoring your dependencies for security vulnerabilities from Gradle
Other
20 stars 19 forks source link

severity other than low does not fail the snyk-test task #12

Open lpicquet opened 2 years ago

lpicquet commented 2 years ago

given a build.gradle snippet:

plugins {
...
    id "io.snyk.gradle.plugin.snykplugin" version "0.4"
---
}

snyk {
    arguments = '--all-sub-projects'
    severity = 'high'
    autoDownload = true
    autoUpdate = true
}

given that a high or critical vulnerability exists in my java11 project when I run ./gradlew snyk-test then the task should fail but instead I get the following

Starting a Gradle Daemon, 1 incompatible and 2 stopped Daemons could not be reused, use --status for details

> Task :snyk-check-binary
look for standalone binary
Using Snyk CLI version: 1.821.0 (standalone)

> Task :snyk-test

Testing /home/laurent/workspace/whitepaw...

Organization:      lpicquet
Package manager:   gradle
Target file:       build.gradle
Project name:      whitepaw
Open source:       no
Project path:      /home/laurent/workspace/whitepaw
Licenses:          enabled

✔ Tested 203 dependencies for known issues, no vulnerable paths found.

Next steps:
- Run `snyk monitor` to be notified about new related vulnerabilities.
- Run `snyk test` as part of your CI/test.

BUILD SUCCESSFUL in 2m 44s
lpicquet commented 2 years ago

If I set the severity to 'low', the task fails as expected