SupportSnyk LearnAPI referenceProduct updatesSign up for free

User-defined custom images for CLI

Context for user-defined custom images for CLI

Following Snyk announcements regarding Snyk CLI Images and Snyk Images, Snyk is providing instructions that customers will find useful in building their own custom images. You can visit the Snyk Images build tool chain on GitHub for a list of currently supported images.

Snyk does not build or maintain images that contain end-of-life software by an upstream vendor. The list of unsupported images is available on the GitHub repo.

Using custom images will allow you to extend environment support to any environment supported by the Snyk CLI.

Requirements for user-defined custom images for CLI

In order for your custom image to be supported, it must:

  • Use an environment supported by the Snyk CLI

  • Use a language and framework supported by Snyk

  • Have Snyk CLI installed on the image; see Install or update the Snyk CLI for steps to install the CLI

  • Be publicly accessible; the integration will pull the image.

Use of user-defined custom images for CLI

Providing a custom image gives you more control over your environment. For example, unless you use custom images, you cannot use an environment with Node LTS.

Example: How to create a custom image using Dockerfile for Node LTS support

Given the base requirements, you can create a custom image to use Node LTS with the following Dockerfile:

Dockerfile
FROM alpine:3.18

# Install curl
RUN apk add --no-cache curl

# Install Node LTS
RUN apk add --no-cache nodejs

# Install & setup Snyk CLI
RUN curl -o ./snyk-alpine https://downloads.snyk.io/cli/stable/snyk-alpine && \
    curl -o ./snyk-alpine.sha256 https://downloads.snyk.io/cli/stable/snyk-alpine.sha256 && \
    sha256sum -c snyk-alpine.sha256 && \
    mv snyk-alpine /usr/local/bin/snyk && \
    chmod +x /usr/local/bin/snyk

The base image uses Alpine to keep things lightweight. You have installed Node and the Snyk CLI; this satisfies three-quarters of the requirements.

After the Dockerfile is defined, you can build and tag the image using docker build and push the image using docker push:

# bulid image
docker build <PATH-TO-DOCKERFILE> --tag foobar/snyk:node-lts

# push image
docker push foobar/snyk:node-lts

Example: how to use a custom image in a BitBucket pipeline

Compatibility in the BitBucket Pipeline integration is limited to environments supported by the Docker container the integration runs in. Following the Snyk announcement Decoupling Snyk Scan from Snyk CLI Docker Images, before v1.0.0, the experience was limited to environments supported by the Snyk CLI Docker Images.

With the release of v1.0.0, users can define custom images. If the list of environments provided by the LANGUAGE variable does not support your particular build environment, you can define your own build environment in the form of a custom Docker image.

Ensure that the Prerequisites for Bitbucket Pipelines integration are met.

As long as the pushed image is publicly accessible, you can use the SNYK_BASE_IMAGE and LANGUAGE variables to reference your custom image and tag, respectively, in your Bitbucket pipeline:

bitbucket-pipelines.yml
script:
  - npm install
  - npm test

  - pipe: snyk/snyk-scan:1.0.0
    variables:
      SNYK_TOKEN: $SNYK_TOKEN
      LANGUAGE: "node-lts"
      SNYK_BASE_IMAGE: "foobar/snyk"

# rest of script
PreviousGitHub actions migrationNextAWS CodePipeline integration by adding a Snyk scan stage

Last updated

Was this helpful?