snyk

Log in to your Snyk account

$ snyk auth

$ snyk test

$ snyk test --docker [docker_image]

$ snyk monitor

$ snyk wizard

snyk <command> [options]

snyk test
    Scans your local project for known vulnerabilities in its open-source dependencies. This is often the first command used to assess a project's security posture.

snyk monitor
    Takes a snapshot of your project's dependencies and uploads it to the Snyk platform for continuous monitoring. Snyk will then notify you of newly discovered vulnerabilities affecting your project.

snyk auth
    Authenticates the Snyk CLI with your Snyk account, allowing it to access your organization and projects on the Snyk platform.

snyk iac test
    Scans Infrastructure as Code (IaC) files (e.g., Terraform, CloudFormation, Kubernetes, ARM) for security misconfigurations and best practice violations.

snyk container test
    Scans local or remote container images for known vulnerabilities in their layers and packages. This command helps secure your containerized applications.

snyk code test
    Scans your proprietary source code for security vulnerabilities and code quality issues using static application security testing (SAST) techniques.

--json
    Outputs the command results in JSON format, useful for programmatic processing and integration with other tools.

--severity-threshold=<level>
    Filters scan results to only show vulnerabilities at or above the specified severity level (low, medium, high, critical). Applies to snyk test, snyk iac test, etc.

--file=<path>
    Specifies the path to a manifest file (e.g., package.json, pom.xml, requirements.txt) or a specific IaC file to scan. By default, Snyk attempts to auto-detect.

--org=<ID>
    Specifies the Snyk Organization ID to associate with the scan results. Essential when working with multiple Snyk organizations.

--all-projects
    When used with snyk test, this option instructs Snyk to find and test all projects within a given directory, rather than just the top-level one.

The Snyk CLI is a powerful command-line interface tool that empowers developers to find and fix security vulnerabilities across their entire application stack. It integrates security into the development workflow by scanning open-source dependencies, proprietary code, container images, and infrastructure-as-code (IaC) configurations for known vulnerabilities and misconfigurations.

It supports a wide range of programming languages, package managers, and cloud environments, providing actionable remediation advice. The CLI is designed to be used locally during development, as well as integrated into Continuous Integration/Continuous Delivery (CI/CD) pipelines to automate security checks and prevent vulnerable code from reaching production.

The snyk command generally requires an active internet connection to communicate with the Snyk vulnerability database and platform. Authentication via snyk auth is mandatory for most operations. Users should ensure they have the necessary permissions within their Snyk organization to perform certain actions, like uploading project snapshots.

Before using most snyk commands, you must authenticate your CLI with your Snyk account. This is done by running snyk auth. The command will typically open your web browser to complete the authentication process securely. An authenticated CLI ensures that your scan results are associated with your Snyk organization and that you can access your project dashboards.

The snyk CLI is highly optimized for integration into Continuous Integration/Continuous Delivery (CI/CD) pipelines. Commands like snyk test and snyk monitor can be incorporated into build scripts to automatically scan code for vulnerabilities on every commit or build, helping to 'shift left' security and catch issues early in the development lifecycle.

Snyk was founded in 2015 with a vision to empower developers to own application security. The Snyk CLI has been a cornerstone of this vision, designed from the outset to be developer-friendly and integrate seamlessly into existing workflows. It has continuously evolved, expanding its capabilities from initially focusing on open-source dependencies to covering proprietary code (Snyk Code), container images (Snyk Container), and Infrastructure as Code (Snyk IaC), reflecting the growing needs of modern software development.

npm audit, pip-audit, docker scan, trivy(1), owasp/dependency-check