CLI commands and options summary

Note: This page only summarizes the CLI commands and the options for each command. Be sure to use the links in this summary to look at the help for the command you are using for details. (The help in the docs is the same as the help in the CLI.)
Usage
snyk [COMMAND] [SUBCOMMAND] [OPTIONS] [PACKAGE] [CONTEXT-SPECIFIC-OPTIONS]
Description
The Snyk CLI is a build-time tool to find and fix known vulnerabilities in your projects. For a more detailed description of Snyk CLI and Snyk, see Snyk CLI. For an introduction on how to use the Snyk CLI, see Getting started with the CLI.
Available CLI commands
To learn more about each Snyk CLI command, use the --help option, for example, snyk auth --help or snyk container --help. Each command in this list is linked to the corresponding help page in these docs.
Note: Lists of all the options for Snyk CLI commands are on this page. The options are explained in detail in the help for each command.
​snyk auth​
Authenticate Snyk CLI with a Snyk account.
​snyk test​
Test a project for open source vulnerabilities and license issues.
​snyk monitor​
Snapshot and continuously monitor a project for open source vulnerabilities and license issues.
​snyk container​
Print a list of the snyk container commands, snyk container monitor and snyk container test.
​snyk container monitor​
Capture the container image layers and dependencies and monitor for vulnerabilities on snyk.io​
​snyk container test​
Test container images for any known vulnerabilities.
​snyk iac​
Print a list of the snyk iac commands: snyk iac describe, snyk iac update-exclude-policy, and snyk iac test.
​snyk iac describe​
Detect, track, and alert on infrastructure drift and unmanaged resources.
​snyk iac update-exclude-policy​
Generate exclude policy rules to be used by snyk iac describe.
​snyk iac test​
Test for any known security issue.
​snyk code​
Print the name of the snyk code command with its help option: snyk code test
​snyk code test​
Test for any known security issues using Static Code Analysis.
​snyk log4shell​
Find Log4Shell vulnerability.
​snyk config​
Manage Snyk CLI configuration.
​snyk policy​
Display the .snyk policy for a package.
​snyk ignore​
Modify the .snyk policy to ignore stated issues.
New CLI commands
​snyk fix​
Apply the recommended updates for supported ecosystems automatically.
​snyk apps​
Create a Snyk App using the Snyk CLI.
Subcommands of CLI commands
The following is a list of the sub-commands for Snyk CLI commands. Each sub-command is followed by the command(s) to which the sub-command applies. The commands are linked to their help docs. For details concerning each sub-command, see the help docs.
get <KEY>: subcommand of config​
set <KEY>=<VALUE>: subcommand of config​
unset <KEY>: subcommand of config​
clear: subcommand of config​
Configure the Snyk CLI
You can use environment variables to configure the Snyk CLI and also set variables to configure the Snyk CLI to connect with the Snyk API. See Configure the Snyk CLI.
Debug
Use -d option to output the debug logs for any command.
Options for multiple commands
Lists of the options for Snyk CLI commands follow. Each option is followed by the command(s) to which the option applies. The commands are linked to their help docs. For details concerning each option, see the help docs.
--all-projects: test, monitor​
--fail-fast: test, monitor​
--detection-depth=<DEPTH>: test, monitor, iac test​
--exclude=<NAME>[,<NAME>]...>: test, monitor​
--prune-repeated-subdependencies, -p: test, monitor​
--print-deps: test, monitor, container test​
--remote-repo-url=<URL>: test, monitor, iac test​
--dev: test, monitor​
--org=<ORG_ID>: test, monitor, code test, container test, container monitor, iac test, iac describe​
--file=<FILE>: test, monitor​
--package-manager=<PACKAGE_MANAGER_NAME>: test, monitor​
--unmanaged: test, monitor. See also Options for scanning using --unmanaged.
--ignore-policy: test, monitor, iac test, iac describe​
--trust-policies test, monitor​
--show-vulnerable-paths=<none|some|all> test​
--project-name=<PROJECT_NAME>: test, monitor, container test, container monitor​
--target-reference=<TARGET_REFERENCE>: test, monitor, iac test​
--policy-path=<PATH_TO_POLICY_FILE>: test, monitor, container test, container monitor, iac test, iac describe, ignore​
--json: test, monitor, code test, container test, container monitor, iac test, iac describe​
--json-file-output=<OUTPUT_FILE_PATH>: test, code test, container test, iac test​
--sarif: test, code test, container test, iac test​
--sarif-file-output=<OUTPUT_FILE_PATH>: test, code test, container test, iac test​
--severity-threshold=<low|medium|high|critical>: test, code test, container test, iac test​
--fail-on=<all|upgradable|patchable>: container test, test​
--project-environment=<ENVIRONMENT>[,<ENVIRONMENT>]...>: monitor, container monitor, iac test​
--project-lifecycle=<LIFECYCLE>[,<LIFECYCLE>]...>: monitor, container monitor, iac test​
--project-business-criticality=<BUSINESS_CRITICALITY>[,<BUSINESS_CRITICALITY>]...>: monitor, container monitor, iac test​
--project-tags=<TAG>[,<TAG>]...>: monitor, container monitor, iac test​
--tags=<TAG>[,<TAG>]...>: monitor, container monitor​
snyk container command options
--file=<FILE_PATH>: container test, container monitor​
--app-vulns: container test, containermonitor​
--exclude-app-vulns: container test, container monitor​
--nested-jars-depth: container test, container monitor​
--exclude-base-image-vulns: container test, container monitor​
--platform=<PLATFORM>: container test, container monitor​
--username=<CONTAINER_REGISTRY_USERNAME>: container test, container monitor​
--password=<CONTAINER_REGISTRY_PASSWORD>: container test, container monitor​
snyk iac test command options
--report: iac test​
--scan=<TERRAFORM_PLAN_SCAN_MODE>: iac test​
--target-name=<TARGET_NAME>: iac test​
--rules=<PATH_TO_CUSTOM_RULES_BUNDLE>: iac test​
--var-file=<PATH_TO_VARIABLE_FILE>: iac test​
snyk iac describe command options
--from=<STATE>[,<STATE>...]: iac describe​
--to=<PROVIDER+TYPE>: iac describe​
--service=<SERVICE>[,<SERVICE]...>: iac describe​
--all: iac describe​
--only-managed or --drift: iac describe​
--only-unmanaged: iac describe​
--quiet: iac describe​
--filter: iac describe​
--html: iac describe​
--html-file-output=<OUTPUTFILEPATH>: iac-describe​
--fetch-tfstate-headers: iac describe​
--tfc-token: iac describe​
--tfc-endpoint: iac describe​
--tf-provider-version: iac describe​
--strict: iac describe​
--deep: iac describe​
--tf-lockfile: iac describe​
--config-dir: iac describe​
snyk iac update-exclude-policy command options
--exclude-changed: iac update-exclude-policy​
--exclude-missing: iac update-exclude-policy​
--exclude-unmanaged: iac update-exclude-policy​
snyk ignore command options
--id=<ISSUE_ID>: ignore​
--expiry=<EXPIRY>: ignore​
--reason=<REASON>: ignore​
--path=<PATH_TO_RESOURCE>: ignore​
Option for Maven projects
--scan-all-unmanaged: test, monitor​
Options for Gradle projects
--sub-project=<NAME>, --gradle-sub-project=<NAME>: test, monitor​
--all-sub-projects: test, monitor​
--configuration-matching=<CONFIGURATION_REGEX>: test, monitor​
--configuration-attributes=<ATTRIBUTE>[,<ATTRIBUTE>]...: test, monitor​
--init-script=<FILE: test, monitor​
Options for .Net and NuGet projects
--assets-project-name: test, monitor​
--packages-folder: test, monitor​
--project-name-prefix=<PREFIX_STRING>: test, monitor​
--project-name-prefix=my-group/: test, monitor​
Options for npm projects
--strict-out-of-sync=true|false: test, monitor​
Options for Yarn projects
--strict-out-of-sync=true|false: test, monitor​
--yarn-workspaces: test, monitor​
Options for CocoaPods projects
--strict-out-of-sync=true|false: test, monitor​
Options for Python projects
--command=<COMMAND>: test, monitor​
--skip-unresolved=true|false: test, monitor​
Options for Go projects
Currently the following options are not supported:
--fail-on=<all|upgradable|patchable>: test​
Options for scanning using --unmanaged
--org=<ORG_ID>: test, monitor​
--json: test, monitor​
--json-file-output=<OUTPUT_FILE_PATH>: test​
--remote-repo-url=<URL>: test​
--severity-threshold=<low|medium|high|critical>: test​
--target-reference=<TARGET_REFERENCE>: test, monitor​
--max-depth: test, monitor​
--print-dep-paths: test, monitor​
--project-name=c-project: monitor​
-- [<CONTEXT-SPECIFIC_OPTIONS>]
These options are used with the snyk test and snyk monitor commands. See the help docs for snyk test and snyk monitor for details.

Differences in vulnerability counts across environments

CLI help

Last modified 1mo ago

CLI commands and options summary

Usage

Description

Available CLI commands

​snyk auth​

​snyk test​

​snyk monitor​

​snyk container​

​snyk container monitor​

​snyk container test​

​snyk iac​

​snyk iac describe​

​snyk iac update-exclude-policy​

​snyk iac test​

​snyk code​

​snyk code test​

​snyk log4shell​

​snyk config​

​snyk policy​

​snyk ignore​

New CLI commands

​snyk fix​

​snyk apps​

Subcommands of CLI commands

Configure the Snyk CLI

Debug

Options for multiple commands

snyk container command options

snyk iac test command options

snyk iac describe command options

snyk iac update-exclude-policy command options

snyk ignore command options

Option for Maven projects

Options for Gradle projects

Options for .Net and NuGet projects

Options for npm projects

Options for Yarn projects

Options for CocoaPods projects

Options for Python projects

Options for Go projects

Options for scanning using --unmanaged

-- [<CONTEXT-SPECIFIC_OPTIONS>]

`snyk auth`

`snyk test`

`snyk monitor`

`snyk container`

`snyk container monitor`

`snyk container test`

`snyk iac`

`snyk iac describe`

`snyk iac update-exclude-policy`

`snyk iac test`

`snyk code`

`snyk code test`

`snyk log4shell`

`snyk config`

`snyk policy`

`snyk ignore`

`snyk fix`

`snyk apps`

`snyk container` command options

`snyk iac test` command options

`snyk iac describe` command options

`snyk iac update-exclude-policy command options`

`snyk ignore` command options

Options for scanning using `--unmanaged`

`-- [<CONTEXT-SPECIFIC_OPTIONS>]`