When having issues scanning a Java Maven project in the CLI, the first step is to make sure that you're running the most recent version of the Snyk CLI. We continue to make improvements each day to language support, and there's a chance that we've already fixed your issue!
To update snyk:
npm i -g snyk
Secondly, the Snyk CLI uses mvn to build the dependency tree and interpret the transitive dependencies before comparing it against our vulnerability database.
To make sure that there is not a problem with your Maven project, you will want to make sure that the following command is successful and that the results are as you'd expect. If the results of this command confirm what Snyk is reporting, then the issue is with your project (or Maven) and not Snyk:
mvn dependency:tree -DoutputType=dotRequired Information for debugging
Lastly, if you're still not sure of what is wrong then you should contact our support team by creating a ticket or emailing support@snyk.io. Please also include the output of the above command as well as:
pom.xml- The output from the following commands:
DEBUG=* snyk testorsnyk test -dmvn dependency:tree -DoutputType=dot