SupportSnyk LearnAPI referenceProduct updatesSign up for free
Edit

Snyk pipe parameters and values (Bitbucket Cloud)

Snyk pipe variables to configure

The following is the Snyk pipe that should be configured as part of a pipeline YAML file in order to include vulnerability scanning as part of your CI/CD workflow:

- pipe: snyk/snyk-scan:0.4.6

Variables to configure:

SNYK_TOKEN: It is preferable to encrypt this value and enter the string $SNYK_TOKEN only in the pipeline. See the table that follows for more information.

LANGUAGE: Required unless you use the snyk-cli image

IMAGE_NAME: Only required if LANGUAGE set to 'docker'

CODE_INSIGHTS_RESULTS: Optional. Default: false

SNYK_TEST_JSON_INPUT: Optional. Default: false

DONT_BREAK_BUILD: Optional

MONITOR: Optional

SEVERITY_THRESHOLD: Optional

ORGANIZATION: Optional

PROJECT_FOLDER: Optional

TARGET_FILE: Optional

EXTRA_ARGS: Optional

DEBUG: Optional

Snyk pipe parameters

In order to use a custom API, set the **SNYK_API ** environment variable to the URL of the API.

Parameter

Description

SNYK_TOKEN

Enter the Snyk API token, which you can retrieve from your Snyk Account settings.

We recommend you encrypt the token: you can add it as a predefined variable in a separate part of the Bitbucket pipes directory:

  1. From the build directory, navigate to add a new Repository value, name the parameter “SNYK_TOKEN” and enter your API token from Snyk as the value.

  2. From the pipeline YAML file that you're building, enter $SNYK_TOKEN as the value for the SNYK_TOKEN parameter in the Snyk pipe.

    Snyk_token_in_pipeline.png

See Bitbucket documentation for more information about predefined variables.

LANGUAGE

Configure the package manager of the app (for example, npm, maven, rubygems, composer, nuget or docker).

See Dockerhub for a full list of possible tags.

IMAGE_NAME

For docker language only, configure the image name for which to perform a docker scan.

CODE_INSIGHTS_RESULTS

Create Code Insight report with Snyk test results. Default: false.

SNYK_TEST_JSON_INPUT

Use if you want to create only a Code Insights report from a previously generated snyk test --json output.

DONT_BREAK_BUILD

When set to true, continues the build even when vulnerabilities are discovered.

Default: false. The build fails.

MONITOR

Records a snapshot of the project for the Snyk UI and then continues monitoring the project after the build is run.

If the test succeeds, this records a snapshot of the dependencies in the Snyk Web UI and allows you to see the state of your deployed code, have it monitored, and receive alerts when new vulnerabilities are found in the code.

Default: false. The project is not monitored after the initial scan.

SEVERITY_THRESHOLD

Reports issues equal to or higher than the configured level. Possible values: low, med, high, critical

Default: low. All vulnerabilities are reported.

ORGANIZATION

Configures the organization from your Snyk account to which to associate the repository.

Default: none.

PROJECT_FOLDER

The folder in which the project resides.

Default: ..

TARGET_FILE

The package file (for example package.json), equivalent to --file= in the CLI.

For Docker enter the Dockerfile as the value.

Default: none.

EXTRA_ARGS

Extra arguments to be passed to the Snyk CLI. Use the parameters and arguments as described here.

Default: none.

DEBUG

Turn on extra debug information.

Default: false

PreviousHow to add a Snyk pipeNextExample of a Snyk pipe for Docker

Last updated

Was this helpful?

#4707: More info: Update pricing plans page

Change request updated