snyk container <SUBCOMMAND> [<OPTIONS>] [<IMAGE>]
snyk container
command tests container images for vulnerabilities.test
monitor
-d
option to output the debug logs.--print-deps
--org=<ORG_ID>
<ORG_ID>
to run Snyk commands tied to a specific organization. The <ORG_ID>
influences some features availability and private test limits.$ snyk config set org=<ORG_ID>
--org=<ORG_ID>
option.--file=<FILE_PATH>
--project-name=<PROJECT_NAME>
--policy-path=<PATH_TO_POLICY_FILE>
.snyk
policy file.--json
$ snyk container test --json
--json-file-output=<OUTPUT_FILE_PATH>
--json
option.$ snyk container test --json-file-output=vuln.json
--sarif
--file
as well.--sarif-file-output=<OUTPUT_FILE_PATH>
<OUTPUT_FILE_PATH>
file, regardless of whether or not you use the --sarif
option.--project-environment=<ENVIRONMENT>[,<ENVIRONMENT>]...>
--project-environment=
frontend
, backend
, internal
, external
, mobile
, saas
, onprem
, hosted
, distributed
--project-lifecycle=<LIFECYCLE>[,<LIFECYCLE]...>
--project-lifecycle=
production, development, sandbox
--project-business-criticality=<BUSINESS_CRITICALITY>[,<BUSINESS_CRITICALITY>]...>
--project-business-criticality=
critical
, high
, medium
, low
--project-tags=<TAG>[,<TAG>]...>
--project-tags=department=finance,team=alpha
--project-tags=
--tags=<TAG>[,<TAG>]...>
--project tags
--severity-threshold=<low|medium|high|critical>
--app-vulns
--nested-jars-depth
--app-vulns
use the --nested-jars-depth
option to set how many levels of nested jars Snyk is to unpack. Depth must be a number.--exclude-base-image-vulns
snyk container test
only.--platform=<PLATFORM>
linux/amd64
, linux/arm64
, linux/riscv64
, linux/ppc64le
, linux/s390x
, linux/386
, linux/arm/v7
, or linux/arm/v6
--username=<CONTAINER_REGISTRY_USERNAME>
--password=<CONTAINER_REGISTRY_PASSWORD>
$ snyk container test <image>
$ snyk container monitor <image>
--file=path/to/Dockerfile
$ snyk container test app:latest --file=Dockerfile
$ snyk container test app:latest --file=Dockerfile --policy-path=path/to/.snyk