Comment on page
snyk code test [<OPTIONS>] [<PATH>]
snyk code testcommand tests for any known security issues using Static Code Analysis.
Possible exit codes and their meaning:
0: success (scan completed), no vulnerabilities found 1: action_needed (scan completed), vulnerabilities found 2: failure, try to re-run the command. Use
-dto output the debug logs. 3: failure, no supported projects detected
-doption to output the debug logs.
<ORG_ID>to run Snyk commands tied to a specific organization. The
<ORG_ID>influences private test limits.
If you have multiple organizations, you can set a default from the CLI using:
$ snyk config set org=<ORG_ID>
Set a default to ensure all newly tested projects are tested under your default organization. If you need to override the default, use the
Note that you can also use
ORG_IDworks in both the CLI and the API. The organization slug name works in the CLI, but not in the API.
NEW option: Share results with the Snyk Web UI.
Feature availability: This feature is currently in Closed Beta. To obtain access, contact your Snyk account representative.
This creates a project in your Snyk account with a snapshot of the current configuration issues or appends the snapshot to an existing project.
After using this option, log in to the Snyk website and view your projects to see the snapshot.
$ snyk code test --report --project-name="PROJECT_NAME"
Print results on the console as a JSON data structure.
$ snyk code test --json
Save test output as a JSON data structure directly to the specified file, regardless of whether or not you use the
Use to display the human-readable test output using stdout and, at the same time, save the JSON data structure output to a file.
For SAST, if no issues are found, Snyk does not create a
jsonfile. In contrast, for open-source, Snyk creates a file whether or not issues are found.
$ snyk code test --json-file-output=vuln.json
Return results in SARIF format.
$ snyk code --sarif
Save test output in SARIF format directly to the <OUTPUT_FILE_PATH> file, regardless of whether or not you use the
Use to display the human-readable test output using stdout and, at the same time, save the SARIF format output to a file.
Report only vulnerabilities at the specified level or higher.
Note: The Snyk Code configuration issues do not use the