Review the Snyk Open Source CLI results

After you run the snyk test command in the CLI, the Snyk Open Source test results are displayed. The report of results includes a summary of the test findings, a list of vulnerability issues detected, and descriptive information about the Snyk Project tested.

Summary of test findings

The summary of the test findings at the beginning of the report of results shows the following:

The number of direct and transitive dependencies scanned
Total number of issues found across one or more paths
The number of paths through which vulnerable dependencies are introduced

List of vulnerability issues detected by Snyk Open Source

The list of issues discovered in the Snyk Open Source test includes the following sections.

Issues to fix by upgrading

These are issues that can be fixed by upgrading a direct dependencies version. They contain the following information:

Which dependency to upgrade to resolve the issue
The issue type
The severity rating for the issue
A link to the related issue in the Snyk Vulnerability Database
The dependency through which this vulnerability is introduced and its path

Issues with no direct upgrade or patch

These are issues that cannot be resolved by upgrading a direct dependency. They contain the same information as the issues to fix by upgrading, with versions in which the vulnerability could be fixed if the dependency were upgradeable.

License Issues

License issues are determined by the license policy of your Snyk Organization. License issues contain the following information:

Type of license
License severity as determined by the license policy of your Snyk Organization
Link to the Snyk Vulnerability Database, which provides more information about the license
Dependency path through which this license is introduced

Descriptive information about the Snyk Project scanned

The descriptive information about the test results includes the following details:

Organization: The Snyk ID or internal name of the Organization under which the test ran. For more information, see --org=ORG_ID> option in the snyk test help.
Package manager: The package manager associated with this Open Source scan
Target File: The target file which was scanned for Open Source vulnerabilities
Project Name: The name of the directory in which this Project is located
Open Source: Information about whether or not this scan was performed on an Open Source Project.
Project Path: The path through which the target file is introduced
Local Snyk Policy: Information about whether this scan was performed on an Open Source Project. For more information, see The .snyk file.
Licenses: Information about whether this Project was scanned for license issues

PreviousUse options to customize the snyk test command NextIntegrate Snyk into your workflow using the CLI

Last updated 5 months ago

Was this helpful?

List of vulnerability issues detected by Snyk Open Source

The list of issues discovered in the Snyk Open Source test includes the following sections.

Issues to fix by upgrading

These are issues that can be fixed by upgrading a direct dependencies version. They contain the following information:

Which dependency to upgrade to resolve the issue

The issue type

The severity rating for the issue

A link to the related issue in the Snyk Vulnerability Database

The dependency through which this vulnerability is introduced and its path

Issues with no direct upgrade or patch

License Issues

License issues are determined by the license policy of your Snyk Organization. License issues contain the following information:

Type of license

License severity as determined by the license policy of your Snyk Organization

Link to the Snyk Vulnerability Database, which provides more information about the license

Dependency path through which this license is introduced

Descriptive information about the Snyk Project scanned

The descriptive information about the test results includes the following details:

Organization: The Snyk ID or internal name of the Organization under which the test ran. For more information, see --org=ORG_ID> option in the snyk test help.

Package manager: The package manager associated with this Open Source scan

Target File: The target file which was scanned for Open Source vulnerabilities

Project Name: The name of the directory in which this Project is located

Open Source: Information about whether or not this scan was performed on an Open Source Project.

Project Path: The path through which the target file is introduced

Local Snyk Policy: Information about whether this scan was performed on an Open Source Project. For more information, see The .snyk file.

Licenses: Information about whether this Project was scanned for license issues