Snyk pipe parameters and values (Bitbucket Cloud)

Configure the Snyk pipe

Configure the following Snyk pipe as part of a pipeline YAML file in order to include vulnerability scanning as part of your CI/CD workflow:

- pipe: snyk/snyk-scan:1.0.0
  variables:
    // variables go here

Snyk pipe variables

For information on how these variables are used, see the Snyk pipe examples.

Variable

Description

SNYK_TOKEN (required)

Enter the Snyk API token, which you can retrieve from your Snyk Account settings.

Snyk recommends that you encrypt the token. You can add it as a predefined variable in a separate part of the Bitbucket pipes directory:

  1. From the build directory, navigate to Add a new Repository value, name the parameter SNYK_TOKEN, and enter your Snyk API token as the value.

  2. From the pipeline YAML file that you are building, enter $SNYK_TOKEN as the value for the SNYK_TOKEN parameter in the Snyk pipe.

LANGUAGE (required)

Configure the package manager of the app, for example, Node, Maven, Ruby, Composer, or Docker).

Note: When you are using LANGUAGE with SNYK_BASE_IMAGE, this field refers to your base image tag.

IMAGE_NAME (conditionally required)

For Docker LANGUAGE only, configure the image name for which to perform a Docker scan. Required if LANGUAGE=docker

SNYK_BASE_IMAGE

Default: snyk/snyk. Note: LANGUAGE will refer to your base image tag; ensure the tag is valid

CODE_INSIGHTS_RESULTS

SNYK_TEST_JSON_INPUT

Use if you want to create only a Code Insights report from previously generated snyk test --json output.

DONT_BREAK_BUILD

Do not fail the build if vulnerabilities are found.

Default: false. The build will fail when vulnerabilities are found.

MONITOR

Default: false. The Project is not monitored after the initial scan.

SEVERITY_THRESHOLD

Reports issues equal to or higher than the configured level. Possible values: low, med, high, critical

Default: low. All vulnerabilities are reported.

ORGANIZATION

Configures the Organization from your Snyk account with which to associate the repository.

PROJECT_FOLDER

The folder in which the Project resides.

Default: ./ .

TARGET_FILE

The target manifest file, for example package.json, equivalent to --file= in the CLI.

For Docker, enter the Dockerfile as the value.

Default: none.

EXTRA_ARGS

Default: none.

DEBUG

Turn on extra debug information.

Default: false

SNYK_API

Specify the Snyk API endpoint, for example, https://api.eu.snyk.io Default: https://api.snyk.io

Last updated

Was this helpful?