Snyk CLI for container security
The Snyk Container command line interface (CLI) helps you find and fix vulnerabilities in container images on your local machine.
To use the CLI, you must first install it and then authenticate.
Testing an image
To test an image, run the container test command, for example:
snyk container test debianThis command does the following:
- Downloads the image if it is not already available locally in your Docker daemon 
- Determines the software installed in the image 
- Sends that bill of materials to the Snyk service 
- Returns a list of the vulnerabilities in your image 
You can use Snyk to test any image you can pull from a remote registry or any image you have built locally and made available in your local Docker daemon.
snyk container test <repository>:<tag>If you use a Dockerfile to build your image, you can specify that when running snyk container test.
snyk container test <repository>:<tag> --file=DockerfileSpecifying a Dockerfile provides more context and allows Snyk to provide clear recommendations on how to fix discovered vulnerabilities.
As of January 24, 2023, Snyk detects application vulnerabilities in your image by default.
Monitoring an image
Snyk Container also allows you to monitor an image. This provides the following advantages:
- Snyk alerts you if new vulnerabilities are disclosed that affect your image without your having to retest your image locally. 
- Snyk interactively filters the results and explores the list of vulnerabilities in your web browser. 
- You can share results on Snyk with other members of your team. 
You can also access aggregate reports of vulnerabilities across all of your Projects,
To monitor an image, run the container monitor command:
snyk container monitor <repository>:<tag>This command does the following:
- Downloads the image if it is not already available locally in your Docker daemon 
- Determines the software installed in the image 
- Sends that bill of materials to the Snyk service 
- Returns a link to the Snyk service, where you can see the results 

More information for Snyk Container CLI
- Learn more about container security 
Last updated
Was this helpful?

