Configure the following Snyk pipe as part of a pipeline YAML file in order to include vulnerability scanning as part of your CI/CD workflow:
For information on how these variables are used, see the Snyk pipe examples.
Last updated
More information
Snyk privacy policy© 2023 Snyk Limited | All product and company names and logos are trademarks of their respective owners.
Variable
Description
SNYK_TOKEN (required)
Enter the Snyk API token, which you can retrieve from your Snyk Account settings.
Snyk recommends that you encrypt the token. You can add it as a predefined variable in a separate part of the Bitbucket pipes directory:
From the build directory, navigate to Add a new Repository value, name the parameter SNYK_TOKEN, and enter your Snyk API token as the value.
From the pipeline YAML file that you are building, enter $SNYK_TOKEN as the value for the SNYK_TOKEN parameter in the Snyk pipe.
See the Bitbucket documentation for more information about predefined variables.
LANGUAGE (required)
Configure the package manager of the app, for example, Node, Maven, Ruby, Composer, or Docker).
See Dockerhub for a full list of possible tags.
Note: When you are using LANGUAGE with SNYK_BASE_IMAGE, this field refers to your base image tag.
IMAGE_NAME (conditionally required)
For Docker LANGUAGE only, configure the image name for which to perform a Docker scan. Required if LANGUAGE=docker
SNYK_BASE_IMAGE
Supply your own custom image if you do not wish to use Snyk Images.
Default: snyk/snyk.
Note: LANGUAGE will refer to your base image tag; ensure the tag is valid
CODE_INSIGHTS_RESULTS
Create a Code Insight report with Snyk test results. Default: false.
SNYK_TEST_JSON_INPUT
Use if you want to create only a Code Insights report from previously generated snyk test --json output.
DONT_BREAK_BUILD
Do not fail the build if vulnerabilities are found.
Default: false. The build will fail when vulnerabilities are found.
MONITOR
Records a snapshot of the Project for the Snyk UI and then continues monitoring the Project after the build is run. See Monitor in the glossary.
If the test succeeds, this records a snapshot of the dependencies in the Snyk Web UI and allows you to see the state of your deployed code, have it monitored, and receive alerts when new vulnerabilities are found in the code.
Default: false. The Project is not monitored after the initial scan.
SEVERITY_THRESHOLD
Reports issues equal to or higher than the configured level. Possible values: low, med, high, critical
Default: low. All vulnerabilities are reported.
ORGANIZATION
Configures the Organization from your Snyk account with which to associate the repository.
Default: none. The default repository configured in your Snyk account is used.
PROJECT_FOLDER
The folder in which the Project resides.
Default: ./ .
TARGET_FILE
The target manifest file, for example package.json, equivalent to --file= in the CLI.
For Docker, enter the Dockerfile as the value.
Default: none.
EXTRA_ARGS
Extra arguments to be passed to the Snyk CLI. Use the parameters and arguments as described in the CLI commands and options summary.
Default: none.
DEBUG
Turn on extra debug information.
Default: false
SNYK_API
Specify the Snyk API endpoint, for example, https://api.eu.snyk.io
Default: https://api.snyk.io
