Yes, we're now running our Black Friday Sale. All Access and Pro are 33% off until 2nd December, 2025:
Modern software architecture is often broken. Slow delivery leads to missed opportunities, innovation is stalled due to architectural complexities, and engineering resources are exceedingly expensive.
Orkes is the leading workflow orchestration platform built to enable teams to transform the way they develop, connect, and deploy applications, microservices, AI agents, and more.
With Orkes Conductor managed through Orkes Cloud, developers can focus on building mission critical applications without worrying about infrastructure maintenance to meet goals and, simply put, taking new products live faster and reducing total cost of ownership.
Try a 14-Day Free Trial of Orkes Conductor today.
Modern software architecture is often broken. Slow delivery leads to missed opportunities, innovation is stalled due to architectural complexities, and engineering resources are exceedingly expensive.
Orkes is the leading workflow orchestration platform built to enable teams to transform the way they develop, connect, and deploy applications, microservices, AI agents, and more.
With Orkes Conductor managed through Orkes Cloud, developers can focus on building mission critical applications without worrying about infrastructure maintenance to meet goals and, simply put, taking new products live faster and reducing total cost of ownership.
Try a 14-Day Free Trial of Orkes Conductor today.
Mocking is an essential part of unit testing, and the Mockito library makes it easy to write clean and intuitive unit tests for your Java code.
Get started with mocking and improve your application tests using our Mockito guide:
Spring 5 added support for reactive programming with the Spring WebFlux module, which has been improved upon ever since. Get started with the Reactor project basics and reactive programming in Spring Boot:
Since its introduction in Java 8, the Stream API has become a staple of Java development. The basic operations like iterating, filtering, mapping sequences of elements are deceptively simple to use.
But these can also be overused and fall into some common pitfalls.
To get a better understanding on how Streams work and how to combine them with other language features, check out our guide to Java Streams:
Explore Spring Boot 3 and Spring 6 in-depth through building a full REST API with the framework:
Yes, Spring Security can be complex, from the more advanced functionality within the Core to the deep OAuth support in the framework.
I built the security material as two full courses - Core and OAuth, to get practical with these more complex scenarios. We explore when and how to use each feature and code through it on the backing project.
You can explore the course here:
Modern software architecture is often broken. Slow delivery leads to missed opportunities, innovation is stalled due to architectural complexities, and engineering resources are exceedingly expensive.
Orkes is the leading workflow orchestration platform built to enable teams to transform the way they develop, connect, and deploy applications, microservices, AI agents, and more.
With Orkes Conductor managed through Orkes Cloud, developers can focus on building mission critical applications without worrying about infrastructure maintenance to meet goals and, simply put, taking new products live faster and reducing total cost of ownership.
Try a 14-Day Free Trial of Orkes Conductor today.
Spring Data JPA is a great way to handle the complexity of JPA with the powerful simplicity of Spring Boot.
Get started with Spring Data JPA through the guided reference course:
Refactor Java code safely — and automatically — with OpenRewrite.
Refactoring big codebases by hand is slow, risky, and easy to put off. That’s where OpenRewrite comes in. The open-source framework for large-scale, automated code transformations helps teams modernize safely and consistently.
Each month, the creators and maintainers of OpenRewrite at Moderne run live, hands-on training sessions — one for newcomers and one for experienced users. You’ll see how recipes work, how to apply them across projects, and how to modernize code with confidence.
Join the next session, bring your questions, and learn how to automate the kind of work that usually eats your sprint time.
Yes, we're now running our Black Friday Sale. All Access and Pro are 33% off until 2nd December, 2025:
1. Overview
In the rapidly changing realm of software development, the assurance of robust security is an important yet often tricky task. As modern applications rely heavily on open-source libraries and dependencies, the vulnerabilities lurking within these components can pose a serious threat.
This is where Snyk comes into play, giving developers tools to detect potentially vulnerable code or dependencies automatically. In this article, we’ll explore its features and how they can be used in the context of a Java project.
2. What Is Snyk?
Snyk is a cloud-native security platform that focuses on identifying and mitigating vulnerabilities in open-source software components and containers. Before we dive into using specific features, let’s look at the main usages that will be the focus of this article.
2.1. Snyk Open Source
Snyk Open Source scans our project’s dependencies by analyzing the libraries and packages that our application relies on. It checks these dependencies against a comprehensive database of known vulnerabilities. Snyk Open Source not only points out vulnerabilities but also offers actionable remediation guidance. It suggests possible solutions to address the vulnerabilities, such as upgrading to a secure version or applying patches.
2.2. Snyk Code
Snyk Code employs static code analysis techniques to review source code and identify security vulnerabilities and other issues. It reviews the code without executing it to find potential problems by analyzing the structure, logic, and patterns in the codebase. This includes vulnerabilities originating from known security databases, as well as code quality issues such as code smells, potential logical errors, and misconfigurations.
2.3. Integration
We can integrate Snyk into a project by using the Snyk CLI on demand or by connecting it to a version control system (such as Git). This integration allows Snyk to access our codebase and perform automated scans whenever code changes are made. Alternatively, we can use a plugin for our build system (such as Gradle) to execute scans as a part of our build process.
3. Setup
Before we dive into making our projects more secure, we need to execute a few steps to set up Snyk CLI and its connection to Snyk services.
3.1. Creating Account
Snyk is a cloud-native solution. We’ll need an account to use it. At the time of writing this article, a basic Snyk account, sufficient for testing and small projects, is free.
3.2. Installing the CLI
Snyk offers a Command-Line Interface (CLI) that allows us to interact with Snyk services from a terminal. Once we install the CLI app, it will only do the job of connecting to the Snyk server, and all the hard work will happen in the cloud.
We can install the CLI globally using Node Package Manager (npm):
$ npm install -g snykWe can also use other installation methods described in the Snyk manual.
3.3. Authenticating
Finally, we need to authenticate so that the CLI knows to which account it should connect:
$ snyk auth4. Using CLI to Test for Vulnerabilities
Snyk CLI is a tool provided by Snyk that allows us to easily connect to the Snyk services and execute scans from the command line. Let’s look at two of Snyk’s fundamental features: dependency scan and code scan.
4.1. Dependency Scan
To run a dependency scan on our project using the Snyk CLI, we can simply type:
$ snyk testThis command will analyze your project’s dependencies and identify any problems. Snyk will provide a detailed report showing the vulnerabilities, their severity levels, and the affected packages:
[...]
Package manager: gradle
Target file: build.gradle
Project name: snyktest
Open source: no
Project path: [...]
Licenses: enabled
✔ Tested 7 dependencies for known issues, no vulnerable paths found.4.2. Code Scan
We can also enable static code analysis in the settings on the Snyk page and run a scan of vulnerabilities inside our own code:
$ snyk code test
[...]
✔ Test completed
Organization: [...]
Test type: Static code analysis
Project path: [...]
Summary:
✔ Awesome! No issues were found.5. Using Gradle Integration
Instead of using Snyk CLI, we can use the Gradle plugin and run Snyk tests automatically during the build process. First, we need to add the plugin to the build.gradle file:
plugins {
id "io.snyk.gradle.plugin.snykplugin" version "0.5"
}Then, we can optionally provide some configuration:
snyk {
arguments = '--all-sub-projects'
severity = 'low'
api = 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'
}However, defaults should be good enough in most cases. Also, we don’t need to provide an API key if we authenticated using CLI before. Finally, to run the tests, we can simply type:
$ ./gradlew snyk-testWe can also configure Gradle to run Snyk tests with every build:
tasks.named('build') {
dependsOn tasks.named('snyk-test')
}Mind that the free version of Snyk has a limited number of tests we can run monthly, so running tests with every build can be wasteful.
6. Conclusion
Snyk Code is a valuable tool for developers and organizations aiming to improve their application security by identifying vulnerabilities and code quality issues early in the development lifecycle. In this article, we learned how to use Snyk Open Source and Code features to scan our projects for possible security issues. Additionally, we looked into how to integrate Snyk into the Gradle build system.
