Comment on page

Running scans

You can use Snyk to scan your code:
  • Manually: using the Snyk CLI, the Snyk Web UI, and the Snyk API.
  • Automatically: after Project import or using the snyk monitor CLI command or using PR Checks to scan new PRs.
To start using Snyk scanning capabilities for open-source libraries, container images, and application code, see Start scanning.
Scans may be limited on your account, depending on your Pricing Plan. See What counts as a scan? for more information.

Scan manually

Using the CLI

You can use the following Snyk CLI commands:
  • Scan open-source code with snyk test.
  • Scan application code with snyk code test.
  • Scan container images with snyk container test.
  • Scan Infrastructure as Code (IaC) files with snyk iac test.

Using the Snyk Web UI

A scan runs when you import a Snyk Project (see Import a Project) or click the Retest now button on a Project.
See Exploring the Snyk Web UI for details.

Using the API

Scans are counted when calls are made to the endpoint.
See the API documentation for details.

Scan automatically

Using the CLI (snyk monitor)

Use the snyk monitor CLI command to create a snapshot of a project on the Snyk website that will be continuously monitored for new vulnerabilities.
Projects are scanned at the frequency you select in your settings; the default is daily. After using snyk monitor, you will have recurring scans running on monitored Projects.

Using the Snyk Web UI

After you import a Project, Snyk automatically runs periodic scans on that Project, to see if your code is affected by newly disclosed vulnerabilities.
The default scan frequency and available frequencies vary depending on the type of Project: Open Source, Code analysis, Container, or IaC. For more information, see Usage page details. You can also set frequency in the Project Settings (see View project settings) or use the Snyk REST API: see Updates project by project ID.

Using PR Checks

Snyk can scan every new Pull Request (PR) submitted on your monitored repositories to help prevent new vulnerabilities from being added to your codebase.
See Run PR Checks for details.