Start scanning

You can use Snyk to scan your code manually and automatically, using the Snyk CLI, the Snyk Web UI, the Snyk API, and by running PR Checks.

Scans may be limited on your account, depending on your Pricing Plan. See What counts as a scan? for more information.

Prerequisites

  1. Ensure that the code in your repositories is in a supported language and platform. For more information, see Supported languages and frameworks.

  2. Ensure you have completed the steps in the Quickstart.

  3. If you are using Snyk Code, Enable Snyk Code.

  4. If you are scanning container images, Set up integration with a supported container registry.

Overview of ways to scan your Projects

You can run your scans from the Web UI, the CLI, the API, or with PR Checks.

FeaturesSnyk Web UISnyk CLISnyk APIPR Checks

Auto scanning

✔️

✔️

✔️

✔️

Manual scanning

✔️

✔️

✔️

Local scans

✔️

Incorporate into the CI/CD pipelines

✔️

Obtain results precisely reflecting the Project vulnerabilities and configurations

✔️

✔️

✔️

✔️

Scan using the CLI

See Getting started with the CLI for more details.

Overview

If you use the Snyk CLI for scanning, you can run scans locally, or you can incorporate them into your CI/CD pipelines, providing more control and flexibility over the scanning process.

In addition, using the CLI enables you to scan your code, open-source packages, and container images in their development environments, ensuring results that precisely reflect the dependencies and configurations of your Projects.

CLI scanning prerequisites

Before initiating a scan using the CLI, ensure you follow all the installation, authentication, and getting started steps:

  • Follow the instructions on the Install or update the Snyk CLI page and choose the installation method that best suits your needs.

  • After the CLI is installed, you must authenticate your machine by following the instructions on the Authentication page.

  • You can test your installation by running snyk --help in the CLI.

  • After the CLI setup in complete, you can start scanning. See Getting started with the CLI for more details.

Run a CLI scan

Each Snyk product has specific commands and options; some apply to specific scanning methods such as Snyk Code, and some apply across all methods. For a complete list of Snyk CLI commands and options, see the CLI commands and options summary.

You can use the following Snyk CLI commands for specific scanning methods:

CommandFunctionMore details

Scan open-source code

Scan application code

Scan container images

Scan infrastructure as code (IaC) files

View CLI scan results

After you run a Snyk CLI scan, the results are displayed in the terminal. The following pages explain the results for Snyk Open Source, Snyk Code, and Snyk Container scans:

Scan continuously using the CLI (snyk monitor)

Use the snyk monitor CLI command to create a snapshot of a Project on the Snyk website that will be continuously monitored for new vulnerabilities.

Projects are scanned at the frequency you select in your settings; the default is daily. After using snyk monitor, you will have recurring scans running on monitored Projects.

See Monitor your projects at regular intervals for detail

Scan using the Web UI

A scan runs when you import a Snyk Project (see Import a Project) or click the Retest now button on a Project. Snyk then automatically runs periodic scans on that imported Project, to see if your code is affected by newly disclosed vulnerabilities.

See Explore Snyk through the Web UI.

The default scan frequency and available frequencies vary depending on the type of Project: for more information, see Usage page details. You can also set the frequency in the Project Settings (see View project settings) or use the Snyk REST API: see Updates project by project ID.

Scan using the API

The Snyk API v1 offers a set of endpoints to test your code. Scans are counted when calls are made to the https://snyk.io/api/v1/test endpoint.

See the API documentation and the API v1 Test docs for more information.

Using PR Checks

Snyk can scan every new Pull Request (PR) submitted on your monitored repositories to help prevent new vulnerabilities from being added to your codebase.

See Run PR Checks for details.

Last updated

More information

Snyk privacy policy

© 2023 Snyk Limited | All product and company names and logos are trademarks of their respective owners.