# CLI support for Python ## Set the Python version in the CLI To set the Python version in the CLI, add the following option to `snyk test` or `snyk monitor` with the name of the Python binary: ```sh --command=python3 ``` For details, see the options for Python Projects in the [`snyk test`](/developer-tools/snyk-cli/commands/test.md) and [`snyk monitor`](/developer-tools/snyk-cli/commands/monitor.md) help. ## Pip and CLI {% hint style="info" %} Run `pip install` before scanning with the CLI, for example: ``` pip install -r requirements.txt ``` {% endhint %} Pip `requirements.txt` files specify only top-level dependencies, not nested or transitive ones. Therefore, the full Pip Project must be installed to ensure the CLI can build a complete dependency tree. ## Poetry and CLI {% hint style="info" %} [PEP 621](https://peps.python.org/pep-0621/) is a standard for defining direct dependencies in `pyproject.toml` files. Snyk supports PEP 621 only for Poetry v2. Poetry v1 uses an alternative approach. Snyk does not support PEP 621 for any package manager other than Poetry. {% endhint %} Poetry v1 and v2 are supported. To build the dependency tree for a Poetry application, Snyk uses `pyproject.toml` and `poetry.lock` files. Both files must be present for Snyk to scan Poetry dependencies and identify issues. If no `poetry.lock` file is present; you should run `poetry lock` to generate one before scanning. For Poetry, it is possible to get mixed `include` entries in `pyproject.toml` Snyk fails to scan Poetry Projects and returns an "unparsable manifest" or "unable to parse pyproject.toml" error if you define mixed include entries in the `pyproject.toml` file. Under `[tool.poetry]`, Poetry allows the `include` array to mix plain path strings and `{ path = "...", format = [...] }` inline tables. This is valid TOML 1.0 and a valid Poetry configuration. However, Snyk parses `pyproject.toml` using a TOML implementation that does not accept mixed-type inline arrays. Snyk stops parsing at the mixed array and treats the file as invalid before it runs the dependency logic. Example of a failing configuration: ``` include = [ "py.typed", { path = "src/my_package/templates/**/*", format = ["sdist", "wheel"] }, ] ``` To fix this issue, use only one format for every entry. For example, use only inline tables: ``` include = [ { path = "py.typed" }, { path = "src/my_package/templates/**/*", format = ["sdist", "wheel"] }, ] ``` ## Pipenv and CLI To build the dependency tree for a Pipenv application, Snyk uses `Pipfile` and `Pipfile.lock` files. Both files must be present for Snyk to scan Pipenv dependencies and identify issues. Run `pip install` before scanning with the CLI. Run `pipenv install` to ensure the CLI can build an up-to-date, accurate dependency tree using `pipenv graph`. ## setup.py and CLI To build the dependency tree, Snyk analyzes the `setup.py` file, and detects packages listed in the `install_requires` key. This file will not be discovered automatically by the CLI. It must be specified manually using the `--file` option, for example: ```python snyk test --file=setup.py ``` You can also convert `setup.py` to `requirements.txt` by installing the packages into a virtual environment and then running `pip freeze`. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.snyk.io/supported-languages/supported-languages-list/python/snyk-cli-for-python.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.