Snyk pipe parameters and values (Bitbucket Cloud)
Configure the Snyk pipe
Configure the following Snyk pipe as part of a pipeline YAML file in order to include vulnerability scanning as part of your CI/CD workflow:
Snyk pipe variables
For information on how these variables are used, see the Snyk pipe examples.
Variable
Description
SNYK_TOKEN (required)
Enter the Snyk API token, which you can retrieve from your Snyk Account settings.
Snyk recommends that you encrypt the token. You can add it as a predefined variable in a separate part of the Bitbucket pipes directory:
From the build directory, navigate to Add a new Repository value, name the parameter
SNYK_TOKEN
, and enter your Snyk API token as the value.From the pipeline YAML file that you are building, enter
$SNYK_TOKEN
as the value for theSNYK_TOKEN
parameter in the Snyk pipe.
LANGUAGE (required)
Configure the package manager of the app, for example, Node, Maven, Ruby, Composer, or Docker).
Note: When you are using LANGUAGE
with SNYK_BASE_IMAGE
, this field refers to your base image tag.
IMAGE_NAME (conditionally required)
For Docker LANGUAGE
only, configure the image name for which to perform a Docker scan. Required if LANGUAGE=docker
SNYK_BASE_IMAGE
Default: snyk/snyk
.
Note: LANGUAGE will refer to your base image tag; ensure the tag is valid
CODE_INSIGHTS_RESULTS
SNYK_TEST_JSON_INPUT
Use if you want to create only a Code Insights report from previously generated snyk test --json
output.
DONT_BREAK_BUILD
Do not fail the build if vulnerabilities are found.
Default: false. The build will fail when vulnerabilities are found.
MONITOR
Default: false. The Project is not monitored after the initial scan.
SEVERITY_THRESHOLD
Reports issues equal to or higher than the configured level. Possible values: low
, med
, high
, critical
Default: low. All vulnerabilities are reported.
ORGANIZATION
Configures the Organization from your Snyk account with which to associate the repository.
PROJECT_FOLDER
The folder in which the Project resides.
Default: ./
.
TARGET_FILE
The target manifest file, for example package.json
, equivalent to --file=
in the CLI.
For Docker, enter the Dockerfile as the value.
Default: none.
EXTRA_ARGS
Default: none.
DEBUG
Turn on extra debug information.
Default: false
SNYK_API
Specify the Snyk API endpoint, for example, https://api.eu.snyk.io
Default: https://api.snyk.io
Last updated
Was this helpful?