SAP
diff --git a/‎src/main/java/com/sap/oss/phosphor/fosstars/advice/oss/SnykAdvisor.java
+43 b/‎src/main/java/com/sap/oss/phosphor/fosstars/advice/oss/SnykAdvisor.java
+43
diff --git a/‎src/main/java/com/sap/oss/phosphor/fosstars/data/DataProviderSelector.java
+2 b/‎src/main/java/com/sap/oss/phosphor/fosstars/data/DataProviderSelector.java
+2
diff --git a/‎src/main/java/com/sap/oss/phosphor/fosstars/data/github/AbstractDependencyScanDataProvider.java
+140 b/‎src/main/java/com/sap/oss/phosphor/fosstars/data/github/AbstractDependencyScanDataProvider.java
+140
diff --git a/‎src/main/java/com/sap/oss/phosphor/fosstars/data/github/HasExecutableBinaries.java
-2 b/‎src/main/java/com/sap/oss/phosphor/fosstars/data/github/HasExecutableBinaries.java
-2
diff --git a/‎src/main/java/com/sap/oss/phosphor/fosstars/data/github/PackageManagement.java
+4 b/‎src/main/java/com/sap/oss/phosphor/fosstars/data/github/PackageManagement.java
+4
@@ -0,0 +1,43 @@
+package com.sap.oss.phosphor.fosstars.advice.oss;
+
+import static com.sap.oss.phosphor.fosstars.model.feature.oss.OssFeatures.USES_SNYK;
+
+import com.sap.oss.phosphor.fosstars.advice.Advice;
+import com.sap.oss.phosphor.fosstars.advice.oss.OssAdviceContentYamlStorage.OssAdviceContext;
+import com.sap.oss.phosphor.fosstars.model.Subject;
+import com.sap.oss.phosphor.fosstars.model.Value;
+import com.sap.oss.phosphor.fosstars.model.score.oss.SnykDependencyScanScore;
+import com.sap.oss.phosphor.fosstars.model.value.ScoreValue;
+import java.net.MalformedURLException;
+import java.util.Collections;
+import java.util.List;
+import java.util.Optional;
+
+/**
+ * An advisor for features related to Snyk.
+ */
+public class SnykAdvisor extends AbstractOssAdvisor {
+
+  /**
+   * Create a new advisor.
+   *
+   * @param contextFactory A factory that provides contexts for advice.
+   */
+  public SnykAdvisor(OssAdviceContextFactory contextFactory) {
+    super(OssAdviceContentYamlStorage.DEFAULT, contextFactory);
+  }
+
+  @Override
+  protected List<Advice> adviceFor(
+      Subject subject, List<Value<?>> usedValues, OssAdviceContext context)
+      throws MalformedURLException {
+
+    Optional<ScoreValue> snykScore = findSubScoreValue(subject, SnykDependencyScanScore.class);
+
+    if (!snykScore.isPresent() || snykScore.get().isNotApplicable()) {
+      return Collections.emptyList();
+    }
+
+    return adviceForBooleanFeature(usedValues, USES_SNYK, subject, context);
+  }
+}
@@ -56,6 +56,7 @@
 import com.sap.oss.phosphor.fosstars.data.github.UsesOwaspDependencyCheck;
 import com.sap.oss.phosphor.fosstars.data.github.UsesSanitizers;
 import com.sap.oss.phosphor.fosstars.data.github.UsesSignedCommits;
+import com.sap.oss.phosphor.fosstars.data.github.UsesSnyk;
 import com.sap.oss.phosphor.fosstars.data.github.VulnerabilityAlertsInfo;
 import com.sap.oss.phosphor.fosstars.data.interactive.AskAboutSecurityTeam;
 import com.sap.oss.phosphor.fosstars.data.interactive.AskAboutUnpatchedVulnerabilities;
@@ -210,6 +211,7 @@ public DataProviderSelector(GitHubDataFetcher fetcher, NVD nvd) throws IOExcepti
         new LgtmDataProvider(fetcher),
         new UsesSignedCommits(fetcher),
         new UsesDependabot(fetcher),
+        new UsesSnyk(fetcher),
         new ProgrammingLanguages(fetcher),
         new PackageManagement(fetcher),
         new UsesNoHttpTool(fetcher),
 
@@ -0,0 +1,140 @@
+package com.sap.oss.phosphor.fosstars.data.github;
+
+import com.sap.oss.phosphor.fosstars.model.subject.oss.GitHubProject;
+import java.io.IOException;
+import java.time.Duration;
+import java.time.Instant;
+import java.util.Date;
+import java.util.Optional;
+import org.kohsuke.github.GHIssueState;
+import org.kohsuke.github.GHPullRequest;
+import org.kohsuke.github.GHUser;
+
+/**
+ * This is a base class for dependency checker data providers such as Dependabot and Snyk.
+ */
+public abstract class AbstractDependencyScanDataProvider extends GitHubCachingDataProvider {
+
+  /**
+   * Period of time to be checked.
+   */
+  private static final Duration ONE_YEAR = Duration.ofDays(365);
+
+  /**
+   * A minimal number of characters in a config for dependency checker.
+   */
+  private static final int ACCEPTABLE_CONFIG_SIZE = 10;
+
+  protected abstract String getDependencyCheckerPattern();
+
+  /**
+   * Initializes a data provider.
+   *
+   * @param fetcher An interface to GitHub.
+   */
+  public AbstractDependencyScanDataProvider(
+      GitHubDataFetcher fetcher) {
+    super(fetcher);
+  }
+
+  /**
+   * Checks if a repository contains commits from dependency checker in the commit history.
+   *
+   * @param repository The repository.
+   * @return True if at least one commit from dependency checker was found, false otherwise.
+   */
+  public boolean hasDependencyCheckerCommits(LocalRepository repository) {
+    Date date = Date.from(Instant.now().minus(ONE_YEAR));
+
+    try {
+      for (Commit commit : repository.commitsAfter(date)) {
+        if (isDependencyChecker(commit)) {
+          return true;
+        }
+      }
+    } catch (IOException e) {
+      logger.warn("Something went wrong!", e);
+    }
+
+    return false;
+  }
+
+  /**
+   * Checks if a repository has a configuration file for dependency checker.
+   *
+   * @param repository The repository
+   * @param configs The config files path as String array
+   * @return True if a config was found, false otherwise.
+   * @throws IOException If something went wrong.
+   */
+  public boolean hasDependencyCheckerConfig(LocalRepository repository, String[] configs)
+      throws IOException {
+    for (String config : configs) {
+      Optional<String> content = repository.file(config);
+      if (content.isPresent() && content.get().length() >= ACCEPTABLE_CONFIG_SIZE) {
+        return true;
+      }
+    }
+
+    return false;
+  }
+
+  /**
+   * Checks whether a project has open pull requests from dependency checker.
+   *
+   * @param project The project.
+   * @return True if the project has open pull requests form dependency checker.
+   * @throws IOException If something went wrong.
+   */
+  public boolean hasOpenPullRequestFromDependencyChecker(GitHubProject project) throws IOException {
+    return fetcher.repositoryFor(project).getPullRequests(GHIssueState.OPEN).stream()
+        .anyMatch(this::createdByDependencyChecker);
+  }
+
+  /**
+   * Checks if a pull request was created by dependency checker.
+   *
+   * @param pullRequest The pull request.
+   * @return True if the user looks like dependency checker, false otherwise.
+   */
+  private boolean createdByDependencyChecker(GHPullRequest pullRequest) {
+    try {
+      GHUser user = pullRequest.getUser();
+      return isDependencyChecker(user.getName()) || isDependencyChecker(user.getLogin());
+    } catch (IOException e) {
+      logger.warn("Oops! Could not fetch name or login!", e);
+      return false;
+    }
+  }
+
+  /**
+   * Checks if a commit was done by dependency checker.
+   *
+   * @param commit The commit to be checked.
+   * @return True if the commit was done by dependency checker, false otherwise.
+   */
+  private boolean isDependencyChecker(Commit commit) {
+    if (isDependencyChecker(commit.authorName()) || isDependencyChecker(commit.committerName())) {
+      return true;
+    }
+
+    for (String line : commit.message()) {
+      if ((line.startsWith("Signed-off-by:") || line.startsWith("Co-authored-by:"))
+          && line.contains(getDependencyCheckerPattern())) {
+        return true;
+      }
+    }
+
+    return false;
+  }
+
+  /**
+   * Checks whether a name looks like dependency checker.
+   *
+   * @param name The name.
+   * @return True if the name looks like dependency checker, false otherwise.
+   */
+  private boolean isDependencyChecker(String name) {
+    return name != null && name.toLowerCase().contains(getDependencyCheckerPattern());
+  }
+}
@@ -10,8 +10,6 @@
 import java.nio.file.Path;
 import java.util.Arrays;
 import java.util.List;
-import org.kohsuke.github.GitHub;
-import org.kohsuke.github.GitHubBuilder;
 
 /**
  * The data provider tries to figure out if an open-source project has executable binaries (for
 
@@ -4,6 +4,7 @@
 import static com.sap.oss.phosphor.fosstars.model.feature.oss.OssFeatures.PACKAGE_MANAGERS;
 import static com.sap.oss.phosphor.fosstars.model.value.Language.C_SHARP;
 import static com.sap.oss.phosphor.fosstars.model.value.Language.F_SHARP;
+import static com.sap.oss.phosphor.fosstars.model.value.Language.GO;
 import static com.sap.oss.phosphor.fosstars.model.value.Language.JAVA;
 import static com.sap.oss.phosphor.fosstars.model.value.Language.JAVASCRIPT;
 import static com.sap.oss.phosphor.fosstars.model.value.Language.PHP;
@@ -13,6 +14,7 @@
 import static com.sap.oss.phosphor.fosstars.model.value.Language.VISUALBASIC;
 import static com.sap.oss.phosphor.fosstars.model.value.PackageManager.COMPOSER;
 import static com.sap.oss.phosphor.fosstars.model.value.PackageManager.DOTNET;
+import static com.sap.oss.phosphor.fosstars.model.value.PackageManager.GOMODULES;
 import static com.sap.oss.phosphor.fosstars.model.value.PackageManager.GRADLE;
 import static com.sap.oss.phosphor.fosstars.model.value.PackageManager.MAVEN;
 import static com.sap.oss.phosphor.fosstars.model.value.PackageManager.NPM;
@@ -63,6 +65,7 @@ public class PackageManagement extends CachedSingleFeatureGitHubDataProvider<Pac
     register(PYTHON, PIP);
     register(RUBY, RUBYGEMS);
     register(PHP, COMPOSER);
+    register(GO, GOMODULES);
   }
 
   /**
@@ -83,6 +86,7 @@ public class PackageManagement extends CachedSingleFeatureGitHubDataProvider<Pac
         ".vcxproj"::equals, ".fsproj"::equals, "packages.config"::equals);
     register(RUBYGEMS, "Gemfile.lock"::equals, "Gemfile"::equals, ".gemspec"::endsWith);
     register(COMPOSER, "composer.json"::equals, "composer.lock"::equals);
+    register(GOMODULES, "go.mod"::equals, "go.sum"::equals);
   }
 
   /**