snyk

Find and fix security vulnerabilities

TLDR

Test project for vulnerabilities

$ snyk test

Test specific file

$ snyk test --file=[package.json]

Monitor project continuously

$ snyk monitor

Test container image

$ snyk container test [image:tag]

Test IaC files

$ snyk iac test [/path/to/terraform/]

Test code for issues

$ snyk code test

Authenticate

$ snyk auth

Ignore specific vulnerability

$ snyk ignore --id=[SNYK-JS-LODASH-567746]

SYNOPSIS

snyk command [--file file] [--severity-threshold level] [options] [target]

Snyk finds and fixes vulnerabilities in code, dependencies, containers, and infrastructure as code. It integrates into development workflows, CI/CD pipelines, and provides continuous monitoring.
Dependency testing scans package manifests (package.json, requirements.txt, pom.xml, etc.) against Snyk's vulnerability database. Results show CVEs, severity, and available fixes.
Container scanning analyzes Docker images layer by layer, identifying vulnerable packages in base images and application dependencies. Recommendations include secure base image alternatives.
Infrastructure as Code testing catches misconfigurations in Terraform, CloudFormation, Kubernetes, and other IaC files before deployment. Issues include security groups, encryption settings, and access controls.
Static analysis (code test) finds security issues in source code: injection flaws, hardcoded secrets, and other vulnerabilities.
The monitor command creates a snapshot in Snyk's service for ongoing vulnerability alerting as new CVEs are discovered.

PARAMETERS

test

Test project for vulnerabilities.

monitor

Record project snapshot for monitoring.

container test IMAGE

Test container image.

container monitor IMAGE

Monitor container image.

iac test PATH

Test Infrastructure as Code.

code test

Test source code (SAST).

auth [TOKEN]

Authenticate with Snyk.

ignore

Ignore an issue.

wizard

Interactive remediation.

policy

Manage .snyk policy file.

--file FILE

Manifest file to test.

--severity-threshold LEVEL

Only report: low, medium, high, critical.

--json

Output as JSON.

--sarif

Output as SARIF.

--all-projects

Test all projects in directory.

--fail-on TYPE

Fail on: all, upgradable, patchable.

--prune-repeated-subdependencies

Prune repeated dependencies.

-d, --debug

Debug output.

--org ORG

Specify organization.

CAVEATS

Requires account for full functionality. Some features need paid plans. Internet required for database access. Large projects take time to scan. False positives possible. Not all package ecosystems fully supported.

HISTORY

Snyk was founded in 2015 by Guy Podjarny. The name is "kyns" (open source security) reversed. Starting with JavaScript dependency scanning, it expanded to containers, IaC, and code analysis. The company raised significant funding and became a leader in developer security tools.