MACRO NEPAL
Snyk Vulnerability Scanning in Java
awiskar acharya
November 11, 2025
9:18 am

Overview

Snyk is a developer security platform that helps find and fix vulnerabilities in dependencies, containers, and infrastructure as code. It integrates seamlessly into Java development workflows.

Setup and Installation

1. Installation Methods

# Install Snyk CLI via npm
npm install -g snyk
# Install via Homebrew (macOS)
brew tap snyk/tap
brew install snyk
# Install via Docker
docker run --rm -it -v $(pwd):/project snyk/snyk:java test
# Install via SDKMAN (Java specific)
sdk install snyk

2. Authentication

# Authenticate with Snyk
snyk auth
# Or with token
snyk auth <your-token>
# Configure default organization
snyk config set org=your-org-id

Maven Integration

1. Basic Maven Configuration

<!-- pom.xml with Snyk plugin -->
<project>
<build>
<plugins>
<!-- Snyk Maven Plugin -->
<plugin>
<groupId>io.snyk</groupId>
<artifactId>snyk-maven-plugin</artifactId>
<version>2.0.0</version>
<executions>
<execution>
<id>snyk-test</id>
<phase>test</phase>
<goals>
<goal>test</goal>
</goals>
</execution>
<execution>
<id>snyk-monitor</id>
<phase>deploy</phase>
<goals>
<goal>monitor</goal>
</goals>
</execution>
</executions>
<configuration>
<apiToken>${env.SNYK_TOKEN}</apiToken>
<org>your-org-id</org>
<projectName>${project.artifactId}</projectName>
<failOnSeverity>high</failOnSeverity>
<severityThreshold>high</severityThreshold>
</configuration>
</plugin>
<!-- OWASP Dependency Check (complementary) -->
<plugin>
<groupId>org.owasp</groupId>
<artifactId>dependency-check-maven</artifactId>
<version>8.4.2</version>
<executions>
<execution>
<goals>
<goal>check</goal>
</goals>
</execution>
</executions>
<configuration>
<failBuildOnAnyVulnerability>true</failBuildOnAnyVulnerability>
<suppressionFile>dependency-check-suppressions.xml</suppressionFile>
</configuration>
</plugin>
</plugins>
</build>
</project>

2. Advanced Maven Security Configuration

<!-- Security-focused Maven configuration -->
<project>
<properties>
<!-- Enforce dependency versions with security fixes -->
<log4j2.version>2.20.0</log4j2.version>
<jackson.version>2.15.2</jackson.version>
<spring-boot.version>2.7.14</spring-boot.version>
</properties>
<dependencyManagement>
<dependencies>
<!-- Bill of Materials for known secure versions -->
<dependency>
<groupId>com.fasterxml.jackson</groupId>
<artifactId>jackson-bom</artifactId>
<version>${jackson.version}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<dependencies>
<!-- Dependencies with known secure versions -->
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-core</artifactId>
<version>${log4j2.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<version>${spring-boot.version}</version>
<exclusions>
<!-- Exclude vulnerable transitive dependencies -->
<exclusion>
<groupId>commons-collections</groupId>
<artifactId>commons-collections</artifactId>
</exclusion>
</exclusions>
</dependency>
</dependencies>
<build>
<plugins>
<!-- Versions Maven Plugin for dependency updates -->
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>versions-maven-plugin</artifactId>
<version>2.16.0</version>
<configuration>
<rulesUri>file://${project.basedir}/security-rules.xml</rulesUri>
</configuration>
</plugin>
<!-- Maven Enforcer Plugin for security rules -->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<version>3.3.0</version>
<executions>
<execution>
<id>enforce-security</id>
<goals>
<goal>enforce</goal>
</goals>
<configuration>
<rules>
<bannedDependencies>
<excludes>
<exclude>commons-collections:commons-collections:[3.0,3.2.2]</exclude>
<exclude>log4j:log4j:(,1.2.18]</exclude>
</excludes>
<includes>
<include>*:*</include>
</includes>
</bannedDependencies>
<requireJavaVersion>
<version>[11,18)</version>
</requireJavaVersion>
</rules>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
</project>

Gradle Integration

1. Gradle Plugin Configuration

// build.gradle
plugins {
id 'java'
id 'io.snyk.gradle.plugin.snykplugin' version '0.4'
id 'org.owasp.dependencycheck' version '8.4.2'
}
snyk {
arguments = '--all-sub-projects'
severity = 'high'
api = System.getenv('SNYK_TOKEN')
autoDownload = true
}
dependencyCheck {
failBuildOnAnyVulnerability = true
suppressionFile = file('dependency-check-suppressions.xml')
analyzers {
assemblyEnabled = false
}
formats = ['HTML', 'JSON', 'SARIF']
}
// Dependency version constraints for security
dependencies {
constraints {
implementation('org.apache.logging.log4j:log4j-core') {
version {
strictly '[2.17.0, 3.0.0['
prefer '2.20.0'
}
because 'CVE-2021-44228, CVE-2021-45046'
}
implementation('com.fasterxml.jackson.core:jackson-databind') {
version {
strictly '[2.13.0, 3.0.0['
prefer '2.15.2'
}
because 'Multiple CVEs in earlier versions'
}
}
implementation 'org.springframework.boot:spring-boot-starter-web:2.7.14'
implementation 'org.apache.logging.log4j:log4j-core'
}
// Task to generate dependency report
task securityReport(type: Exec) {
commandLine 'snyk', 'test', '--json', '--json-file-output=snyk-report.json'
}
// Custom task for CI security checks
task ciSecurityCheck {
dependsOn 'snykTest', 'dependencyCheckAnalyze'
doLast {
println "Security checks completed"
}
}

2. Advanced Gradle Security Setup

// security.gradle - Applied in main build.gradle
apply plugin: 'io.snyk.gradle.plugin.snykplugin'
apply plugin: 'org.owasp.dependencycheck'
ext {
secureVersions = [
'log4j': '2.20.0',
'jackson': '2.15.2',
'springBoot': '2.7.14',
'tomcat': '9.0.78'
]
}
configurations.all {
resolutionStrategy {
// Force secure versions
force "org.apache.logging.log4j:log4j-core:${secureVersions.log4j}"
force "org.apache.logging.log4j:log4j-api:${secureVersions.log4j}"
force "com.fasterxml.jackson.core:jackson-databind:${secureVersions.jackson}"
// Fail on version conflicts
failOnVersionConflict()
// Cache dynamic versions for 10 minutes
cacheDynamicVersionsFor 10*60, 'seconds'
cacheChangingModulesFor 0, 'seconds'
}
}
dependencyCheck {
scanConfigurations = ['runtimeClasspath']
skipConfigurations = ['compileOnly', 'testCompileOnly']
failBuildOnAnyVulnerability = true
suppressionFile = 'dependency-check-suppressions.xml'
analyzers {
centralEnabled = true
nexusEnabled = false
pyDistributionEnabled = false
pyPackageEnabled = false
nodeEnabled = false
nodeAuditEnabled = false
nugetconfEnabled = false
assemblyEnabled = false
}
// Custom vulnerability filters
if (project.hasProperty('ignoreLowSeverity')) {
failBuildOnCVSS = 4
}
}
snyk {
severity = 'high'
api = System.getenv('SNYK_TOKEN')
arguments = '--all-sub-projects --detection-depth=6'
}
// Custom security task
task securityAudit {
group = 'Security'
description = 'Runs comprehensive security audit'
dependsOn tasks.named('snykTest')
dependsOn tasks.named('dependencyCheckAnalyze')
doLast {
println "Security audit completed at ${new Date()}"
// Generate combined report
def snykFile = file('snyk-report.json')
def owaspFile = file('build/reports/dependency-check-report.json')
if (snykFile.exists() && owaspFile.exists()) {
println "Security reports generated:"
println "- Snyk: ${snykFile.path}"
println "- OWASP: ${owaspFile.path}"
}
}
}

Snyk CLI Usage

1. Basic Scanning Commands

#!/bin/bash
# security-scan.sh
# Test project for vulnerabilities
echo "Running Snyk test..."
snyk test --severity-threshold=high --json-file-output=snyk-results.json
# Monitor project for continuous monitoring
echo "Monitoring project..."
snyk monitor --org=my-org --project-name=my-java-app
# Test with specific configuration
snyk test \
--all-projects \
--detection-depth=6 \
--prune-repeated-subdependencies \
--strict-out-of-sync=false \
--severity-threshold=medium
# Test with custom policies
snyk test --policy-path=.snyk --json
# Test specific file
snyk test --file=pom.xml
# Test with fail-on criteria
snyk test --fail-on=upgradable

2. Advanced Scanning Script

#!/bin/bash
# advanced-security-scan.sh
set -e
# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m'
# Configuration
SNYK_ORG="${SNYK_ORG:-my-org}"
SEVERITY_THRESHOLD="${SEVERITY_THRESHOLD:-high}"
FAIL_BUILD="${FAIL_BUILD:-true}"
OUTPUT_DIR="${OUTPUT_DIR:-./security-reports}"
# Create output directory
mkdir -p "$OUTPUT_DIR"
echo -e "${YELLOW}Starting comprehensive security scan...${NC}"
# Function to run Snyk test
run_snyk_test() {
local project_type=$1
local file=$2
local project_name=$3
echo -e "${YELLOW}Scanning $project_name ($project_type)...${NC}"
snyk test \
--file="$file" \
--org="$SNYK_ORG" \
--project-name="$project_name" \
--severity-threshold="$SEVERITY_THRESHOLD" \
--json-file-output="$OUTPUT_DIR/snyk-$project_name.json" \
--sarif-file-output="$OUTPUT_DIR/snyk-$project_name.sarif" || {
if [ "$FAIL_BUILD" = "true" ]; then
echo -e "${RED}Security scan failed for $project_name${NC}"
return 1
else
echo -e "${YELLOW}Security scan found issues for $project_name (continuing)${NC}"
return 0
fi
}
}
# Function to monitor project
monitor_project() {
local project_type=$1
local file=$2
local project_name=$3
echo -e "${YELLOW}Monitoring $project_name...${NC}"
snyk monitor \
--file="$file" \
--org="$SNYK_ORG" \
--project-name="$project_name" \
--severity-threshold="$SEVERITY_THRESHOLD"
}
# Scan Maven projects
if [ -f "pom.xml" ]; then
run_snyk_test "maven" "pom.xml" "maven-project"
monitor_project "maven" "pom.xml" "maven-project"
fi
# Scan Gradle projects
if [ -f "build.gradle" ]; then
run_snyk_test "gradle" "build.gradle" "gradle-project"
monitor_project "gradle" "build.gradle" "gradle-project"
fi
# Scan all projects in workspace
echo -e "${YELLOW}Scanning all projects in workspace...${NC}"
snyk test --all-projects \
--detection-depth=6 \
--json-file-output="$OUTPUT_DIR/snyk-all-projects.json" \
--sarif || {
if [ "$FAIL_BUILD" = "true" ]; then
echo -e "${RED}Comprehensive security scan failed${NC}"
exit 1
fi
}
# Generate report summary
echo -e "${YELLOW}Generating security report summary...${NC}"
if command -v jq >/dev/null 2>&1; then
for report in "$OUTPUT_DIR"/snyk-*.json; do
if [ -f "$report" ]; then
project_name=$(basename "$report" .json | sed 's/snyk-//')
vulnerability_count=$(jq '.vulnerabilities | length' "$report")
dependency_count=$(jq '.dependencyCount' "$report")
echo -e "Project: $project_name"
echo -e "Dependencies: $dependency_count"
echo -e "Vulnerabilities: $vulnerability_count"
echo "---"
fi
done
fi
echo -e "${GREEN}Security scan completed successfully${NC}"
echo -e "Reports saved to: $OUTPUT_DIR"

CI/CD Integration

1. GitHub Actions

# .github/workflows/security-scan.yml
name: Security Scan
on:
push:
branches: [ main, develop ]
pull_request:
branches: [ main ]
schedule:
- cron: '0 0 * * 1' # Weekly on Monday
jobs:
security:
name: Security Scan
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Java
uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: '17'
cache: 'maven'
- name: Setup Snyk
uses: snyk/actions/setup@master
- name: Build project
run: mvn compile -DskipTests
- name: Run Snyk test
uses: snyk/actions/maven@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
args: --severity-threshold=high --sarif-file-output=snyk.sarif
command: test
- name: Run Snyk monitor
uses: snyk/actions/maven@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
command: monitor
- name: Upload SARIF results
uses: github/codeql-action/upload-sarif@v3
if: always()
with:
sarif_file: snyk.sarif
- name: OWASP Dependency Check
run: |
mvn org.owasp:dependency-check-maven:check \
-DfailBuildOnAnyVulnerability=true \
-Dformat=HTML
- name: Upload OWASP Report
uses: actions/upload-artifact@v4
if: always()
with:
name: dependency-check-report
path: target/dependency-check-report.html
container-security:
name: Container Security
runs-on: ubuntu-latest
if: github.event_name == 'push'
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Build Docker image
run: docker build -t my-app:${{ github.sha }} .
- name: Scan container image
uses: snyk/actions/docker@master
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
with:
image: my-app:${{ github.sha }}
args: --file=Dockerfile --severity-threshold=high

2. Jenkins Pipeline

// Jenkinsfile
pipeline {
agent any
environment {
SNYK_TOKEN = credentials('snyk-token')
JAVA_HOME = '/usr/lib/jvm/java-11-openjdk'
}
stages {
stage('Build') {
steps {
sh 'mvn clean compile -DskipTests'
}
}
stage('Security Scan') {
parallel {
stage('Snyk Dependency Scan') {
steps {
script {
try {
sh '''
snyk test --all-projects \
--severity-threshold=high \
--json-file-output=snyk-report.json \
--sarif-file-output=snyk.sarif
'''
} catch (Exception e) {
unstable "Snyk found vulnerabilities"
}
}
}
post {
always {
archiveArtifacts artifacts: 'snyk-report.json, snyk.sarif', fingerprint: true
publishSARIF sarifFile: 'snyk.sarif'
}
}
}
stage('Snyk Container Scan') {
when {
expression { fileExists('Dockerfile') }
}
steps {
sh 'docker build -t my-app:${BUILD_TAG} .'
sh 'snyk container test my-app:${BUILD_TAG} --file=Dockerfile --severity-threshold=high'
}
}
stage('OWASP Dependency Check') {
steps {
sh 'mvn org.owasp:dependency-check-maven:check -Dformat=ALL'
}
post {
always {
archiveArtifacts artifacts: 'target/dependency-check-report.*', fingerprint: true
}
}
}
}
}
stage('Monitor Dependencies') {
steps {
sh 'snyk monitor --all-projects'
}
}
}
post {
always {
emailext (
subject: "Security Scan Results: ${env.JOB_NAME} #${env.BUILD_NUMBER}",
body: """
Security scan completed for build ${env.BUILD_NUMBER}
Build URL: ${env.BUILD_URL}
Snyk Report: ${env.BUILD_URL}artifact/snyk-report.json
OWASP Report: ${env.BUILD_URL}artifact/target/dependency-check-report.html
""",
to: '[email protected]'
)
}
}
}

Snyk Policy Configuration

1. .snyk Policy File

# .snyk policy file
version: v1.19.0
ignore:
'SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2314720':
- 'app > org.apache.logging.log4j:log4j-core > org.apache.logging.log4j:log4j-api':
reason: 'Temporary ignore for legacy system'
created: '2023-10-01T00:00:00.000Z'
expires: '2023-12-31T23:59:59.999Z'
'SNYK-JAVA-COMFASTERXMLJACKSONCORE-2326698':
- 'app > com.fasterxml.jackson.core:jackson-databind':
reason: 'False positive in our usage context'
created: '2023-10-01T00:00:00.000Z'
patch:
'SNYK-JAVA-COMGOOGLEGUAVA-3224165':
- 'app > com.google.guava:guava':
patched: '2023-10-01T00:00:00.000Z'
exclude:
paths:
- 'test-fixtures/'
- '**/test/**'
- '**/generated/**'
# Security rules
rules:
- id: 'no-high-severity'
effect: 'fail'
conditions:
- type: 'severity'
level: 'high'
- id: 'no-unfixed-vulnerabilities'
effect: 'fail'
conditions:
- type: 'vuln_exists'
fixed_in: ''
- id: 'allow-temporary-ignores'
effect: 'pass'
conditions:
- type: 'vuln_ignored'
max_days: 90

2. Custom Security Rules

# security-rules.yml
rules:
- id: 'block-critical-severity'
effect: 'fail'
conditions:
- type: 'severity'
level: 'critical'
message: 'Critical severity vulnerabilities are not allowed'
- id: 'require-remediation'
effect: 'fail'
conditions:
- type: 'remediation_exists'
exists: false
- type: 'severity'
level: 'medium'
message: 'Medium or higher severity vulnerabilities must have remediation'
- id: 'block-known-exploited'
effect: 'fail'
conditions:
- type: 'cve'
ids: ['CVE-2021-44228', 'CVE-2021-45046']
message: 'Known exploited vulnerabilities are blocked'
- id: 'enforce-upgrade-paths'
effect: 'warn'
conditions:
- type: 'remediation_type'
types: ['upgrade']
- type: 'major_upgrade'
allowed: false
message: 'Major version upgrades should be carefully reviewed'

Vulnerability Management

1. Java Security Configuration Class

package com.example.security;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.CommandLineRunner;
import org.springframework.stereotype.Component;
import java.security.Security;
import java.util.Arrays;
@Component
public class SecurityConfig implements CommandLineRunner {
private static final Logger logger = LoggerFactory.getLogger(SecurityConfig.class);
@Override
public void run(String... args) throws Exception {
configureJavaSecurity();
logSecurityProperties();
}
private void configureJavaSecurity() {
// Configure security properties
System.setProperty("jdk.tls.disabledAlgorithms", 
"SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL");
System.setProperty("jdk.certpath.disabledAlgorithms", 
"MD2, MD5, SHA1 jdkCA & usage TLSServer, RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224");
// Enable additional security features
Security.setProperty("securerandom.strongAlgorithms", "NativePRNGBlocking:SUN");
logger.info("Java security configuration applied");
}
private void logSecurityProperties() {
String[] securityProps = {
"jdk.tls.disabledAlgorithms",
"jdk.certpath.disabledAlgorithms",
"securerandom.strongAlgorithms",
"jdk.tls.ephemeralDHKeySize"
};
Arrays.stream(securityProps).forEach(prop -> {
String value = System.getProperty(prop);
logger.info("Security property {} = {}", prop, value);
});
}
}

2. Dependency Security Scanner

package com.example.security;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.scheduling.annotation.Scheduled;
import org.springframework.stereotype.Service;
import java.io.File;
import java.io.IOException;
import java.net.HttpURLConnection;
import java.net.URL;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.Map;
@Service
public class DependencySecurityScanner {
@Value("${app.security.snyk.token:}")
private String snykToken;
@Value("${app.security.report.dir:./security-reports}")
private String reportDir;
private final ObjectMapper objectMapper = new ObjectMapper();
@Scheduled(cron = "0 0 6 * * MON") // Run every Monday at 6 AM
public void scheduledSecurityScan() {
try {
logger.info("Starting scheduled security scan");
runSecurityScan();
logger.info("Scheduled security scan completed");
} catch (Exception e) {
logger.error("Scheduled security scan failed", e);
}
}
public void runSecurityScan() throws IOException, InterruptedException {
// Create report directory
Path reportPath = Paths.get(reportDir);
Files.createDirectories(reportPath);
// Run Snyk test
ProcessBuilder pb = new ProcessBuilder(
"snyk", "test",
"--all-projects",
"--json",
"--json-file-output=" + reportDir + "/snyk-report.json",
"--severity-threshold=high"
);
if (snykToken != null && !snykToken.isEmpty()) {
pb.environment().put("SNYK_TOKEN", snykToken);
}
Process process = pb.start();
int exitCode = process.waitFor();
if (exitCode == 0) {
logger.info("Security scan completed - no high severity vulnerabilities found");
} else {
logger.warn("Security scan completed - vulnerabilities found");
parseAndLogVulnerabilities();
}
}
private void parseAndLogVulnerabilities() throws IOException {
File reportFile = new File(reportDir + "/snyk-report.json");
if (!reportFile.exists()) {
return;
}
Map<String, Object> report = objectMapper.readValue(reportFile, Map.class);
@SuppressWarnings("unchecked")
var vulnerabilities = (java.util.List<Map<String, Object>>) report.get("vulnerabilities");
if (vulnerabilities != null) {
logger.warn("Found {} vulnerabilities:", vulnerabilities.size());
vulnerabilities.forEach(vuln -> {
String id = (String) vuln.get("id");
String severity = (String) vuln.get("severity");
String title = (String) vuln.get("title");
logger.warn("Vulnerability: {} - {} - {}", id, severity, title);
});
}
}
public boolean isVulnerabilityPresent(String cveId) throws IOException {
File reportFile = new File(reportDir + "/snyk-report.json");
if (!reportFile.exists()) {
return false;
}
Map<String, Object> report = objectMapper.readValue(reportFile, Map.class);
@SuppressWarnings("unchecked")
var vulnerabilities = (java.util.List<Map<String, Object>>) report.get("vulnerabilities");
if (vulnerabilities != null) {
return vulnerabilities.stream()
.anyMatch(vuln -> cveId.equals(vuln.get("id")));
}
return false;
}
}

Reporting and Monitoring

1. Security Dashboard Integration

package com.example.security;
import org.springframework.http.*;
import org.springframework.scheduling.annotation.Scheduled;
import org.springframework.stereotype.Component;
import org.springframework.web.client.RestTemplate;
import java.util.HashMap;
import java.util.Map;
@Component
public class SecurityDashboardReporter {
private final RestTemplate restTemplate = new RestTemplate();
@Scheduled(cron = "0 0 8 * * *") // Daily at 8 AM
public void reportSecurityMetrics() {
try {
SecurityMetrics metrics = gatherSecurityMetrics();
sendToDashboard(metrics);
} catch (Exception e) {
logger.error("Failed to report security metrics", e);
}
}
private SecurityMetrics gatherSecurityMetrics() throws IOException {
SecurityMetrics metrics = new SecurityMetrics();
// Read Snyk report
File reportFile = new File("security-reports/snyk-report.json");
if (reportFile.exists()) {
ObjectMapper mapper = new ObjectMapper();
Map<String, Object> report = mapper.readValue(reportFile, Map.class);
@SuppressWarnings("unchecked")
var vulnerabilities = (java.util.List<Map<String, Object>>) report.get("vulnerabilities");
if (vulnerabilities != null) {
metrics.setTotalVulnerabilities(vulnerabilities.size());
metrics.setCriticalCount(countBySeverity(vulnerabilities, "critical"));
metrics.setHighCount(countBySeverity(vulnerabilities, "high"));
metrics.setMediumCount(countBySeverity(vulnerabilities, "medium"));
metrics.setLowCount(countBySeverity(vulnerabilities, "low"));
}
}
metrics.setTimestamp(System.currentTimeMillis());
metrics.setApplicationName("my-java-app");
return metrics;
}
private long countBySeverity(java.util.List<Map<String, Object>> vulnerabilities, String severity) {
return vulnerabilities.stream()
.filter(vuln -> severity.equals(vuln.get("severity")))
.count();
}
private void sendToDashboard(SecurityMetrics metrics) {
HttpHeaders headers = new HttpHeaders();
headers.setContentType(MediaType.APPLICATION_JSON);
HttpEntity<SecurityMetrics> request = new HttpEntity<>(metrics, headers);
ResponseEntity<String> response = restTemplate.postForEntity(
"https://dashboard.company.com/api/security-metrics",
request,
String.class
);
if (response.getStatusCode() == HttpStatus.OK) {
logger.info("Security metrics reported successfully");
} else {
logger.warn("Failed to report security metrics: {}", response.getStatusCode());
}
}
public static class SecurityMetrics {
private String applicationName;
private long timestamp;
private int totalVulnerabilities;
private int criticalCount;
private int highCount;
private int mediumCount;
private int lowCount;
// Getters and setters
public String getApplicationName() { return applicationName; }
public void setApplicationName(String applicationName) { this.applicationName = applicationName; }
public long getTimestamp() { return timestamp; }
public void setTimestamp(long timestamp) { this.timestamp = timestamp; }
public int getTotalVulnerabilities() { return totalVulnerabilities; }
public void setTotalVulnerabilities(int totalVulnerabilities) { this.totalVulnerabilities = totalVulnerabilities; }
public int getCriticalCount() { return criticalCount; }
public void setCriticalCount(int criticalCount) { this.criticalCount = criticalCount; }
public int getHighCount() { return highCount; }
public void setHighCount(int highCount) { this.highCount = highCount; }
public int getMediumCount() { return mediumCount; }
public void setMediumCount(int mediumCount) { this.mediumCount = mediumCount; }
public int getLowCount() { return lowCount; }
public void setLowCount(int lowCount) { this.lowCount = lowCount; }
}
}

This comprehensive guide covers Snyk vulnerability scanning in Java with configurations for Maven, Gradle, CI/CD integration, policy management, and custom security monitoring. The implementation demonstrates how to integrate Snyk into Java development workflows for continuous security assessment.

Category : JAVA

Leave a Reply

Your email address will not be published. Required fields are marked *


Macro Nepal Helper