# snyk-delta This tool provides the means to get the delta between two Snyk Open Source snapshots. This is especially useful when you are running CLI-based scans, such as in your local environment, Git hooks, and so on. `snyk-delta` compares snapshots to provide details about: * New vulnerabilities not found in the baseline snapshot * New license issues not found in the baseline snapshot * Dependency delta between the two snapshots: * Direct dependencies added and removed * Indirect dependencies added and removed * Flag path(s) carrying new vulnerabilities ## Prerequisites * Snyk Enterprise plan (requires the Snyk API) * Your Project to be monitored * A `SNYK_TOKEN`, either exported to the environment or provided inline to `snyk-delta`, or the API token set with the `snyk config` command. Run `snyk config get api` to see if the API token is set. OAuth authentication is not supported by `snyk-delta`. ## Installation `npm i -g snyk-delta` or Download a binary of your choice from [the release page](https://github.com/snyk-tech-services/snyk-delta/releases) ## Usage You can use this tool inline or as a standalone command. ### Inline operations Use `snyk test --json --print-deps | snyk-delta` * You may point to a specific snapshot by specifying org+project coordinates:\ `snyk test --json --print-deps | snyk-delta --baselineOrg xxx --baselineProject xxx` * Use `--setPassIfNoBaseline` if used with `snyk-prevent_commit_status` and the Project is not monitored. This prevents`snyk-prevent_commit_status` from failing:\ `setPassIfNoBaseline` default to false\ `snyk test --json --print-deps | snyk-delta --baselineOrg xxx --baselineProject xxx --setPassIfNoBaseline true` {% hint style="info" %} The **BaselineProject** value is expected to be a UUID, not a name.\ Check the Snyk Web UI or API to retrieve those UUIDs. {% endhint %} ### Standalone operations Use `snyk-delta --baselineOrg xxx --baselineProject xxx --currentOrg xxx --currentProject xxx --setPassIfNoBaseline false` ## Usage as module ``` import { getDelta } from 'snyk-delta' const jsonResultsFromSnykTest = Read from file or pipe snyk test command const result = await getDelta(jsonResultsFromSnykTest); ``` **The result** is a number: * 0: no new issue * 1: new issue(s) or when using StrictMode and the unmonitored Project has issues (See more details in [StrictMode](#strictmode).) * 2: for errors like invalid auth Details for issues will be listed on stdout. ## Help for snyk-delta Use `-h` to display help. ### StrictMode When `snyk-delta` compares test results, it tries to find the same Project monitored on the Snyk platform. If no monitored Project is found, `snyk-delta` returns all the issues found by the CLI scan, essentially acting as a pass-through. The return code is 0 if no issue is found, and 1 if issues are found. ### Caution Use as a module requires a list of issues coming from the Snyk CLI. `snyk-delta` is not compatible with data coming straight from Snyk APIs. ### all-projects `snyk-delta` does not support the `--all-projects` option, but you can try using `snyk_delta_all_projects.sh` as a workaround until it does. ## Troubleshooting for snyk-delta If you have trouble, you can try the following: * Run the Snyk `test -d` step first and ensure it works. * If you get a 401 error, check to see that you have a valid `SNYK_TOKEN` or run `snyk config get api` .\ If you do not want to set the token in the environment, you can provide the `SNYK_TOKEN` as an inline command before the `snyk-delta` but after the | symbol: `snyk test --json | SNYK_TOKEN={token} snyk-delta ….{other arguments}`. * If you are using the `delta allprojects` script, try removing that and testing the Projects individually. * If no baseline is found, ensure there is an existing monitored Project first, and check the `.git` metadata if you are trying to match against an SCM-monitored Project. If you need help, contact [Snyk Support](https://support.snyk.io). --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.snyk.io/developer-tools/snyk-cli/scan-and-maintain-projects-using-the-cli/cli-tools/snyk-delta.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.