Running tests

Introduction to running Snyk tests

You can use Snyk to test your code in different ways:
Tests may be limited on your account; see What counts as a test? for more information.

Run tests manually

Run tests manually with the CLI

You can use the following commands to run tests with the Snyk CLI:
  • Scan open-source code with snyk test.
  • Scan application code with snyk code test.
  • Scan container images with snyk container test.
  • Scan Infrastructure as Code (IaC) files with snyk iac test.

Run tests manually with the Snyk Web UI

A test is run when you import a Snyk Project (see Import a Project) or click the Retest now button on a Project in the Overview tab. During retests, Snyk fetches the assets that need to be scanned for Snyk to find any new issues.
See Exploring the Snyk Web UI for details.

Run tests manually with the API

Tests are counted when calls are made to the endpoint.
See the API documentation for details.

Run tests automatically

Run tests automatically with the Snyk Web UI

After you import a Project, Snyk automatically runs periodic scans on that Project, to see if your code is affected by newly disclosed vulnerabilities.
The default test frequency and available test frequencies vary depending on the type of Project: Open Source, Code analysis, Container, or IaC. For more information, see Usage page details (Set test frequency). You can also set test frequency in the Project Settings (see View project settings) or use theSnyk REST API: Updates project by project ID.

Run tests automatically with snyk monitor

Use the snyk monitor CLI command to create a snapshot of a project on the Snyk website that will be continuously monitored for new vulnerabilities.
Projects are tested at the test frequency you select in your settings; the default is daily. After using snyk monitor, you will have recurring tests. Recurring tests are scheduled retests that run on monitored projects.

Run tests automatically using PR Checks

Snyk can scan every new Pull Request (PR) submitted on your monitored repositories to help prevent new vulnerabilities from being added to your codebase.
See Run PR Checks for details.