SupportSnyk LearnAPI referenceProduct updatesSign up for free

CLI commands and options summary

This page only summarizes the CLI commands and the options for each command. For details, use the links in this summary to open the help docs page for the command you are using. The help docs pages are the same as the help in the CLI.

Usage

snyk [COMMAND] [SUBCOMMAND] [OPTIONS] [PACKAGE] [CONTEXT-SPECIFIC-OPTIONS]

Description

The Snyk CLI is a build-time tool to find and fix known vulnerabilities in your projects. For a more detailed description of Snyk CLI and Snyk, see Snyk CLI. For an introduction on how to use the Snyk CLI, see Getting started with the CLI.

Available CLI commands

To learn more about each Snyk CLI command, use the --help option, for example, snyk auth --help or snyk container --help. Each command in this list is linked to the corresponding help page in these docs.

Note: Lists of all the options for Snyk CLI commands are on this page. The options are explained in detail in the help for each command.

snyk auth

Authenticate Snyk CLI with a Snyk account.

snyk config

Manage Snyk CLI configuration.

snyk config environment

Use to set your environment for the region before you run the snyk auth command.

snyk test

Test a Project for open-source vulnerabilities and license issues.

snyk monitor

Snapshot and continuously monitor a project for open-source vulnerabilities and license issues.

snyk code

Print the name of the snyk code command with its help option: snyk code test

snyk code test

Test source code for any known security issues (Static Application Security Testing).

snyk container

Print a list of the snyk container commands, snyk container monitor and snyk container test.

snyk container monitor

Capture the container image layers and dependencies and monitor for vulnerabilities on snyk.io.

snyk container SBOM

Generate an SBOM for a container image

snyk container test

Test container images for any known vulnerabilities.

snyk iac

Print a list of the snyk iac commands: snyk iac describe, snyk iac update-exclude-policy, and snyk iac test.

snyk iac test

Test for any known security issue.

snyk iac capture

Generate a mapping artifact that contains the minimum amount of information needed to generate resource mappings from code to Cloud from Terraform state files, such as resource IDs and names, and send the mapping artifact to Snyk.

snyk iac describe

Detect, track, and alert on infrastructure drift and unmanaged resources.

snyk iac rules init

Initialize custom rules project structure, relation, rule, or spec

snyk iac rules test

Run tests for all custom rules.

snyk iac rules push

Bundle and upload custom rule bundles to Snyk Cloud API.

snyk iac update-exclude-policy

Generate exclude policy rules to be used by snyk iac describe.

snyk ignore

Modify the .snyk policy to ignore stated issues.

snyk log4shell

Find Log4Shell vulnerability.

snyk policy

Display the .snyk policy for a package.

snyk sbom

Generate an SBOM for a local software project in an ecosystem supported by Snyk.

snyk sbom test

Check an SBOM for vulnerabilities in o pen-source packages.

New CLI commands

snyk fix

Apply the recommended updates for supported ecosystems automatically. For more information, see Automatic fixing with snyk fix.

snyk apps

Create a Snyk App using the Snyk CLI. For more information, see Snyk Apps.

Subcommands of CLI commands

The following is a list of the sub-commands for Snyk CLI commands. Each sub-command is followed by the command(s) to which the sub-command applies. The commands are linked to their help docs. For details concerning each sub-command, see the help docs.

get <KEY>: subcommand of config

set <KEY>=<VALUE>: subcommand of config

unset <KEY>: subcommand of config

clear: subcommand of config

environment: subcommand of config

Configure the Snyk CLI

You can use environment variables to configure the Snyk CLI and also set variables to configure the Snyk CLI to connect with the Snyk API. See Configure the Snyk CLI.

Debug

See Debugging the Snyk CLI for detailed information about the --d option.

Exit codes for CLI commands

Exit codes for the test commands are all the same. See the exit codes in the following help docs:

Additional CLI commands have exit codes as listed in the following help docs:

Options for multiple commands

Lists of the options for Snyk CLI commands follow. Each option is followed by the command(s) to which the option applies. The commands are linked to their help docs. For details concerning each option, see the help docs.

--all-projects: test, monitor,sbom

--fail-fast: test, monitor

--detection-depth=<DEPTH>: test, monitor, iac test, sbom

--exclude=<NAME>[,<NAME>]...>: test, monitor, sbom

--prune-repeated-subdependencies, -p: test, monitor, sbom

--print-deps: test, monitor, container test

--remote-repo-url=<URL>: test, monitor, iac test

--dev: test, monitor, sbom

--org=<ORG_ID>: test, monitor, code test, container test, container monitor, iac test, iac describe, iac capture, sbom, container sbom

--file=<FILE>: test, monitor

--file=<FILE_PATH>: container test, container monitor, sbom test

--package-manager=<PACKAGE_MANAGER_NAME>: test, monitor

--unmanaged: test, monitor. See also Options for scanning using --unmanaged and the sbom command help for another use of this option.

--ignore-policy: test, monitor, iac test, iac describe

--trust-policies test, monitor

--show-vulnerable-paths=<none|some|all> test

--project-name=<PROJECT_NAME>: test, monitor, container test, container monitor

--target-reference=<TARGET_REFERENCE>: test, monitor, iac test,container monitor

--policy-path=<PATH_TO_POLICY_FILE>: test, monitor, container test, container monitor, iac test, iac describe, ignore

--json: test, monitor, code test, container test, container monitor, iac test, iac describe, sbom test

--json-file-output=<OUTPUT_FILE_PATH>: test, code test, container test, iac test,sbom

--sarif: test, code test, container test, iac test

--sarif-file-output=<OUTPUT_FILE_PATH>: test, code test, container test, iac test

--severity-threshold=<low|medium|high|critical>: test, code test, container test, iac test

--fail-on=<all|upgradable|patchable>: container test, test

--project-environment=<ENVIRONMENT>[,<ENVIRONMENT>]...>: monitor, container monitor, iac test

--project-lifecycle=<LIFECYCLE>[,<LIFECYCLE>]...>: monitor, container monitor, iac test

--project-business-criticality=<BUSINESS_CRITICALITY>[,<BUSINESS_CRITICALITY>]...>: monitor, container monitor, iac test

--project-tags=<TAG>[,<TAG>]...>: monitor, container monitor, iac test

--tags=<TAG>[,<TAG>]...>: monitor, container monitor

snyk auth command options

--auth-type=<TYPE> --client-secret=<SECRET> --client-id=<ID> snyk auth

snyk code test command option

--include-ignores: code test

snyk config environment command option

--no-check snyk config environment

snyk container command options

--app-vulns: container test, containermonitor

--exclude-app-vulns: container test, container monitor, container sbom

--nested-jars-depth: container test, container monitor

--exclude-base-image-vulns: container test, container monitor

--platform=<PLATFORM>: container test, container monitor

--username=<CONTAINER_REGISTRY_USERNAME>: container test, container monitor

--password=<CONTAINER_REGISTRY_PASSWORD>: container test, container monitor

snyk iac test command options

--scan=<TERRAFORM_PLAN_SCAN_MODE>: iac test

--target-name=<TARGET_NAME>: iac test

--rules=<PATH_TO_CUSTOM_RULES_BUNDLE>: iac test

--var-file=<PATH_TO_VARIABLE_FILE>: iac test

--report: iac test

snyk iac capture command options

--stdin: iac capture

PATH: iac capture

snyk iac describe command options

--from=<STATE>[,<STATE>...]: iac describe

--to=<PROVIDER+TYPE>: iac describe

--service=<SERVICE>[,<SERVICE]...>: iac describe

--quiet: iac describe

--filter: iac describe

--html: iac describe

--html-file-output=<OUTPUTFILEPATH>: iac-describe

--fetch-tfstate-headers: iac describe

--tfc-token: iac describe

--tfc-endpoint: iac describe

--tf-provider-version: iac describe

--strict: iac describe

--deep: iac describe

--tf-lockfile: iac describe

--config-dir: iac describe

snyk iac update-exclude-policy command options

--exclude-changed: iac update-exclude-policy

--exclude-missing: iac update-exclude-policy

--exclude-unmanaged: iac update-exclude-policy

snyk iac rules push command option

--delete: iac rules push

snyk iac rules test command option

--update-expected: iac rules test

snyk ignore command options

--id=<ISSUE_ID>: ignore

--expiry=<EXPIRY>: ignore

--reason=<REASON>: ignore

--path=<PATH_TO_RESOURCE>: ignore

snyk sbom and snyk container sbom command options

--format=<cyclonedx1.4+json|cyclonedx1.4+xml|cyclonedx1.5+json|cyclonedx1.5+xml|cyclonedx1.6+json|cyclonedx1.6+xml|spdx2.3+json>: snyk sbom, snyk container sbom

[--file=] or [--f=]: snyk sbom

[--name=<NAME>]: snyk sbom

[--version=<VERSION>]: snyk sbom

[<TARGET_DIRECTORY>]: snyk sbom

<IMAGE>: snyk container sbom

Option for Maven projects

--maven-aggregate-project: test, monitor

--scan-unmanaged: test, monitor

--scan-all-unmanaged: test, monitor

Options for Gradle projects

--sub-project=<NAME>, --gradle-sub-project=<NAME>: test, monitor

--all-sub-projects: test, monitor

--configuration-matching=<CONFIGURATION_REGEX>: test, monitor

--configuration-attributes=<ATTRIBUTE>[,<ATTRIBUTE>]...: test, monitor

--init-script=<FILE: test, monitor

Options for .Net and NuGet projects

--file=.sln: test

--file=<filename>.sln: sbom

--file=packages.config: test, sbom

--assets-project-name: test, monitor, sbom

--packages-folder: test, monitor, sbom

--project-name-prefix=<PREFIX_STRING>: test, monitor

--project-name-prefix=my-group/: test, monitor

--dotnet-runtime-resolution: test, monitor

--dotnet-target-framework: test, monitor

Options for npm projects

--strict-out-of-sync=true|false: test, monitor, sbom

Options for pnpm projects

--dev: test, monitor

--all-projects: test, monitor

--fail-on: test

--prune-repeated-subdependencies: test, monitor

Options for Yarn projects

--strict-out-of-sync=true|false: test, monitor, sbom

--yarn-workspaces: test, monitor, sbom

Options for CocoaPods projects

--strict-out-of-sync=true|false: test, monitor

Options for Python projects

--command=<COMMAND>: test, monitor, sbom

--skip-unresolved=true|false: test, monitor, sbom

--File=<filename>: sbom

--pakage-manager=<package manager>: sbom

Options for Go projects

The following options are not supported:

--fail-on=<all|upgradable|patchable>: test

Options for scanning using --unmanaged

--org=<ORG_ID>: test, monitor

--json: test, monitor

--json-file-output=<OUTPUT_FILE_PATH>: test

--remote-repo-url=<URL>: test

--severity-threshold=<low|medium|high|critical>: test

--target-reference=<TARGET_REFERENCE>: test, monitor

--max-depth: test, monitor, sbom

--print-dep-paths: test, monitor

--project-name=c-project: monitor

-- [<CONTEXT-SPECIFIC_OPTIONS>]

These options are used with the snyk test and snyk monitor commands. See the help docs for snyk test and snyk monitor for details.

PreviousFix vulnerabilities using the Snyk CLINextCLI help

Last updated

More information

Snyk privacy policy

© 2024 Snyk Limited | All product and company names and logos are trademarks of their respective owners.