CLI commands and options summary
This page only summarizes the CLI commands and the options for each command. For details, use the links in this summary to open the help docs page for the command you are using. The help docs pages are the same as the help in the CLI.
Usage
snyk [COMMAND] [SUBCOMMAND] [OPTIONS] [PACKAGE] [CONTEXT-SPECIFIC-OPTIONS]
Description
The Snyk CLI is a build-time tool to find and fix known vulnerabilities in your projects. For a more detailed description of Snyk CLI and Snyk, see Snyk CLI. For an introduction on how to use the Snyk CLI, see Getting started with the CLI.
Available CLI commands
To learn more about each Snyk CLI command, use the --help
option, for example, snyk auth --help
or snyk container --help
. Each command in this list is linked to the corresponding help page in these docs.
Note: Lists of all the options for Snyk CLI commands are on this page. The options are explained in detail in the help for each command.
Authenticate Snyk CLI with a Snyk account.
Manage Snyk CLI configuration.
Use to set your environment for the region before you run the snyk auth
command.
Test a Project for open-source vulnerabilities and license issues.
Snapshot and continuously monitor a project for open-source vulnerabilities and license issues.
Print the name of the snyk code
command with its help option: snyk code test
Test source code for any known security issues (Static Application Security Testing).
Print a list of the snyk container
commands, snyk container monitor
and snyk container test
.
Capture the container image layers and dependencies and monitor for vulnerabilities on snyk.io.
Generate an SBOM for a container image
Test container images for any known vulnerabilities.
Print a list of the snyk iac
commands: snyk iac describe
, snyk iac update-exclude-policy
, and snyk iac test
.
Test for any known security issue.
Generate a mapping artifact that contains the minimum amount of information needed to generate resource mappings from code to Cloud from Terraform state files, such as resource IDs and names, and send the mapping artifact to Snyk.
Detect, track, and alert on infrastructure drift and unmanaged resources.
Initialize custom rules project structure, relation, rule, or spec
Run tests for all custom rules.
Bundle and upload custom rule bundles to Snyk Cloud API.
Generate exclude policy rules to be used by snyk iac describe
.
Modify the .snyk
policy to ignore stated issues.
Find Log4Shell vulnerability.
Display the .snyk
policy for a package.
Generate an SBOM for a local software project in an ecosystem supported by Snyk.
Check an SBOM for vulnerabilities in o pen-source packages.
Create a Snyk App using the Snyk CLI. For more information, see Snyk Apps.
Subcommands of CLI commands
The following is a list of the sub-commands for Snyk CLI commands. Each sub-command is followed by the command(s) to which the sub-command applies. The commands are linked to their help docs. For details concerning each sub-command, see the help docs.
get <KEY>
: subcommand of config
set <KEY>=<VALUE>
: subcommand of config
unset <KEY>
: subcommand of config
clear
: subcommand of config
environment
: subcommand of config
Configure the Snyk CLI
You can use environment variables to configure the Snyk CLI and also set variables to configure the Snyk CLI to connect with the Snyk API. See Configure the Snyk CLI.
Debug
See Debugging the Snyk CLI for detailed information about the --d
option.
Exit codes for CLI commands
Exit codes for the test
commands are all the same. See the exit codes in the following help docs:
Additional CLI commands have exit codes as listed in the following help docs:
Options for multiple commands
Lists of the options for Snyk CLI commands follow. Each option is followed by the command(s) to which the option applies. The commands are linked to their help docs. For details concerning each option, see the help docs.
--all-projects
: test
, monitor
,sbom
--detection-depth=<DEPTH>
: test
, monitor
, iac test
, sbom
--exclude=<NAME>[,<NAME>]...>
: test
, monitor
, sbom
--prune-repeated-subdependencies, -p
: test
, monitor
, sbom
--print-deps
: test
, monitor
, container test
--remote-repo-url=<URL>
: test
, monitor
, iac test
--org=<ORG_ID>
: test
, monitor
, code test
, container test
, container monitor, iac test
, iac describe
, iac capture
, sbom
, container sbom
--file=<FILE_PATH>
: container test, container monitor
, sbom test
--package-manager=<PACKAGE_MANAGER_NAME>
: test
, monitor
--unmanaged:
test,
monitor. See also Options for scanning using --unmanaged
and the sbom
command help for another use of this option.
--ignore-policy
: test
, monitor
, iac test
, iac describe
--trust-policies
test
, monitor
--show-vulnerable-paths=<none|some|all>
test
--project-name=<PROJECT_NAME>
: test
, monitor
, container test
, container monitor
--target-reference=<TARGET_REFERENCE>
: test
, monitor
, iac test
,
container monitor
--policy-path=<PATH_TO_POLICY_FILE>
: test
, monitor
, container test
, container monitor
, iac test
, iac describe
, ignore
--json
: test
, monitor
, code test
, container test
, container monitor
, iac test
, iac describe
, sbom test
--json-file-output=<OUTPUT_FILE_PATH>
: test
, code test
, container test
, iac test
,sbom
--sarif
: test
, code test
, container test
, iac test
--sarif-file-output=<OUTPUT_FILE_PATH>
: test
, code test
, container test
, iac test
--severity-threshold=<low|medium|high|critical>
: test
, code test
, container test
, iac test
--fail-on=<all|upgradable|patchable>
: container test
, test
--project-environment=<ENVIRONMENT>[,<ENVIRONMENT>]...>
: monitor
, container monitor
, iac test
--project-lifecycle=<LIFECYCLE>[,<LIFECYCLE>]...>
: monitor
, container monitor
, iac test
--project-business-criticality=<BUSINESS_CRITICALITY>[,<BUSINESS_CRITICALITY>]...>
: monitor
, container monitor
, iac test
--project-tags=<TAG>[,<TAG>]...>
: monitor
, container monitor
, iac test
--tags=<TAG>[,<TAG>]...>
: monitor
, container monitor
snyk auth
command options
snyk auth
command options--auth-type=<TYPE>
--client-secret=<SECRET>
--client-id=<ID>
snyk auth
snyk code test
command option
snyk code test
command option --include-ignores
: code test
snyk config environment command option
snyk config environment command option
--no-check
snyk config environment
snyk container
command options
snyk container
command options--app-vulns
: container test
, container
monitor
--exclude-app-vulns
: container test
, container monitor
, container sbom
--nested-jars-depth
: container test
, container monitor
--exclude-base-image-vulns
: container test
, container monitor
--platform=<PLATFORM>
: container test
, container monitor
--username=<CONTAINER_REGISTRY_USERNAME>
: container test
, container monitor
--password=<CONTAINER_REGISTRY_PASSWORD>
: container test
, container monitor
snyk iac test
command options
snyk iac test
command options--scan=<TERRAFORM_PLAN_SCAN_MODE>
: iac test
--target-name=<TARGET_NAME>
: iac test
--rules=<PATH_TO_CUSTOM_RULES_BUNDLE>
: iac test
--var-file=<PATH_TO_VARIABLE_FILE>
: iac test
--report
: iac test
snyk iac capture
command options
snyk iac capture
command options--stdin
: iac capture
PATH
: iac capture
snyk iac describe
command options
snyk iac describe
command options--from=<STATE>[,<STATE>...]
: iac describe
--to=<PROVIDER+TYPE>
: iac describe
--service=<SERVICE>[,<SERVICE]...>
: iac describe
--quiet
: iac describe
--filter
: iac describe
--html
: iac describe
--html-file-output=<OUTPUT
FILE
PATH>
: iac-describe
--fetch-tfstate-headers
: iac describe
--tfc-token
: iac describe
--tfc-endpoint
: iac describe
--tf-provider-version
: iac describe
--strict
: iac describe
--deep
: iac describe
--tf-lockfile
: iac describe
--config-dir
: iac describe
snyk iac update-exclude-policy
command options
snyk iac update-exclude-policy
command options--exclude-changed
: iac update-exclude-policy
--exclude-missing
: iac update-exclude-policy
--exclude-unmanaged
: iac update-exclude-policy
snyk iac rules push
command option
snyk iac rules push
command option--delete
: iac rules push
snyk iac rules test
command option
snyk iac rules test
command option--update-expected
: iac rules test
snyk ignore
command options
snyk ignore
command options--id=<ISSUE_ID>
: ignore
--expiry=<EXPIRY>
: ignore
--reason=<REASON>
: ignore
--path=<PATH_TO_RESOURCE>
: ignore
snyk sbom
and snyk container sbom
command options
snyk sbom
and snyk container sbom
command options--format=<cyclonedx1.4+json|cyclonedx1.4+xml|cyclonedx1.5+json|cyclonedx1.5+xml|cyclonedx1.6+json|cyclonedx1.6+xml|spdx2.3+json>
: snyk sbom
, snyk container sbom
[--file=] or [--f=]
: snyk sbom
[--name=<NAME>]
: snyk sbom
[--version=<VERSION>]
: snyk sbom
[<TARGET_DIRECTORY>]
: snyk sbom
<IMAGE>
: snyk container sbom
Option for Maven projects
--maven-aggregate-project
: test
, monitor
--scan-unmanaged
: test
, monitor
--scan-all-unmanaged
: test
, monitor
Options for Gradle projects
--sub-project=<NAME>
, --gradle-sub-project=<NAME>
: test
, monitor
--all-sub-projects
: test
, monitor
--configuration-matching=<CONFIGURATION_REGEX>
: test
, monitor
--configuration-attributes=<ATTRIBUTE>[,<ATTRIBUTE>]...
: test
, monitor
--init-script=<FILE
: test
, monitor
Options for .Net and NuGet projects
--file=.sln
: test
--file=<filename>.sln
: sbom
--file=packages.config
: test, sbom
--assets-project-name
: test
, monitor
, sbom
--packages-folder
: test
, monitor
, sbom
--project-name-prefix=<PREFIX_STRING>
: test
, monitor
--project-name-prefix=my-group/
: test
, monitor
--dotnet-runtime-resolution
: test,
monitor
--dotnet-target-framework
: test,
monitor
Options for npm projects
--strict-out-of-sync=true|false
: test
, monitor
, sbom
Options for pnpm projects
--fail-on: test
--prune-repeated-subdependencies: test
, monitor
Options for Yarn projects
--strict-out-of-sync=true|false
: test
, monitor
, sbom
--yarn-workspaces
: test
, monitor
, sbom
Options for CocoaPods projects
--strict-out-of-sync=true|false
: test
, monitor
Options for Python projects
--command=<COMMAND>
: test
, monitor
, sbom
--skip-unresolved=true|false
: test
, monitor
, sbom
--File=<filename>:
sbom
--pakage-manager=<package manager>
: sbom
Options for Go projects
The following options are not supported:
--fail-on=<all|upgradable|patchable>
: test
Options for scanning using --unmanaged
--unmanaged
--json-file-output=<OUTPUT_FILE_PATH>
: test
--remote-repo-url=<URL>
: test
--severity-threshold=<low|medium|high|critical>:
test
--target-reference=<TARGET_REFERENCE>
: test
, monitor
--max-depth
: test
, monitor
, sbom
--print-dep-paths:
test
, monitor
--project-name=c-project
: monitor
-- [<CONTEXT-SPECIFIC_OPTIONS>]
-- [<CONTEXT-SPECIFIC_OPTIONS>]
These options are used with the snyk test
and snyk monitor
commands. See the help docs for snyk test
and snyk monitor
for details.
Last updated