or run

npx @tessl/cli init
Log in

Version

Tile

Overview

Evals

Files

docs

cli-commands.mdconfiguration.mdcontainer-security.mdindex.mdinfrastructure-as-code.mdproject-monitoring.mdsource-code-analysis.mdvulnerability-testing.md
tile.json

tessl/npm-snyk

Developer-first, cloud-native security tool to scan and monitor your software development projects for security vulnerabilities

Workspace
tessl
Visibility
Public
Created
Last updated
Describes
npmpkg:npm/snyk@1.1299.x

To install, run

npx @tessl/cli install tessl/npm-snyk@1.1299.0

index.mddocs/

Snyk CLI

Snyk CLI is a comprehensive developer-first, cloud-native security tool that scans and monitors software development projects for security vulnerabilities. It provides both command-line interface and programmatic API access for vulnerability scanning across multiple content types including open-source dependencies, application code, container images, and infrastructure-as-code configurations.

Package Information

  • Package Name: snyk
  • Package Type: npm
  • Language: JavaScript/TypeScript
  • Installation: npm install -g snyk or npm install snyk

Core Imports

Programmatic API

const snyk = require('snyk');

ES Module (if available)

import snyk from 'snyk';

CLI Usage

npx snyk <command> [options]

Basic Usage

CLI Testing

# Test current project for vulnerabilities
snyk test

# Test with specific options
snyk test --severity-threshold=high --json

# Monitor project for continuous scanning
snyk monitor

# Test Docker container
snyk container test nginx:latest

# Test Infrastructure as Code
snyk iac test ./terraform/

Programmatic Usage

const snyk = require('snyk');

// Test a project programmatically (main API function)
snyk.test('/path/to/project', {
  org: 'my-org',
  json: true
}).then(result => {
  console.log('Vulnerabilities found:', result);
}).catch(error => {
  console.error('Test failed:', error);
});

// Access configuration
console.log('API token:', snyk.api);
snyk.config.set('org', 'my-organization');

// Note: Monitor functionality is CLI-only, not available in programmatic API

Architecture

Snyk CLI is built around several key components:

  • CLI Interface: Full-featured command-line interface with 15+ commands for vulnerability scanning and management
  • Programmatic API: Node.js library providing test(), config, and other core functions for integration
  • Plugin System: Extensible architecture supporting 25+ package managers and ecosystems
  • Multi-Content Scanning: Support for open-source dependencies, source code (SAST), containers, and IaC
  • Policy Engine: Configurable rules and ignore patterns for customizing vulnerability reporting
  • Monitoring System: Continuous monitoring capabilities with webhook notifications
  • Output Formats: Human-readable, JSON, and SARIF output formats for integration with CI/CD systems

Capabilities

Vulnerability Testing

Core vulnerability scanning functionality for detecting security issues in projects and dependencies. Supports multiple scan types and package managers.

function test(root: string, options?: TestOptions, callback?: Function): Promise<TestResult>;

interface TestOptions {
  org?: string;
  file?: string;
  docker?: boolean;
  iac?: boolean;
  code?: boolean;
  json?: boolean;
  severityThreshold?: 'low' | 'medium' | 'high' | 'critical';
  showVulnPaths?: 'none' | 'some' | 'all';
  allProjects?: boolean;
  yarnWorkspaces?: boolean;
}

Vulnerability Testing

Project Monitoring

Continuous monitoring system for tracking security posture over time with automated alerts and notifications. Note: Monitor functionality is only available via CLI commands, not through the programmatic API.

snyk monitor [path]                     # Monitor project continuously
snyk monitor --org=<org-id>             # Monitor with specific organization
snyk monitor --project-name=<name>      # Set custom project name
snyk monitor --target-reference=<ref>   # Set target reference (e.g., branch name)

Project Monitoring

CLI Commands

Complete command-line interface providing access to all Snyk functionality through terminal commands.

# Core commands
snyk auth                    # Authentication management
snyk test                   # Test for vulnerabilities
snyk monitor                # Monitor project continuously
snyk fix                    # Auto-fix vulnerabilities
snyk protect                # Apply patches and protections

# Specialized commands  
snyk container test         # Container scanning
snyk iac test              # Infrastructure as Code scanning
snyk code test             # Source code analysis (SAST)
snyk config               # Configuration management
snyk policy               # Policy management
snyk ignore               # Manage vulnerability ignores

CLI Commands

Configuration Management

System for managing authentication, organization settings, and scan preferences.

interface Config {
  api: string;
  org?: string;
  'disable-analytics'?: boolean;
}

// Access configuration
const config = snyk.config;

Configuration

Container Security

Specialized scanning capabilities for Docker containers, including base image vulnerabilities and application layer scanning.

snyk container test <image>                 # Scan container image
snyk container test <image> --file=Dockerfile  # Include Dockerfile analysis
snyk container monitor <image>              # Monitor container continuously

Container Security

Infrastructure as Code (IaC)

Security scanning for infrastructure configuration files including Terraform, Kubernetes, CloudFormation, and ARM templates.

snyk iac test <path>                        # Scan IaC files
snyk iac test --detection-depth=<number>    # Control scan depth
snyk iac describe --only-managed            # Drift detection

Infrastructure as Code

Source Code Analysis

Static Application Security Testing (SAST) for identifying security vulnerabilities in application source code.

snyk code test                              # Scan source code
snyk code test --org=<org-id>               # Scan with specific organization

Source Code Analysis

Types

Core Types

interface TestResult {
  vulnerabilities: Vulnerability[];
  dependencyCount: number;
  licensesPolicy: LicensesPolicy;
  packageManager: string;
  platform: string;
  path: string;
  projectName: string;
  summary: string;
}

interface Vulnerability {
  id: string;
  title: string;
  description: string;
  severity: 'low' | 'medium' | 'high' | 'critical';
  packageName: string;
  version: string;
  fixedIn?: string[];
  patches?: Patch[];
  upgradePath?: string[];
}

interface MonitorResult {
  id: string;
  uri: string;
  path: string;
  projectName: string;
}

interface Patch {
  id: string;
  urls: string[];
  version: string;
  modificationTime: string;
  comments: string[];
}

Error Types

class UnsupportedPackageManagerError extends Error {
  constructor(packageManager: string);
}

class MissingOptionError extends Error {
  constructor(option: string, requiredOptions: string[]);
}

class ConnectionTimeoutError extends Error {
  constructor(message: string);
}

Package Manager Support

type SupportedPackageManagers = 
  | 'npm' | 'yarn' | 'pnpm'           // JavaScript
  | 'maven' | 'gradle' | 'sbt'        // Java/Scala
  | 'pip' | 'poetry'                  // Python
  | 'rubygems'                        // Ruby
  | 'composer'                        // PHP
  | 'nuget' | 'paket'                 // .NET
  | 'gomodules' | 'golangdep'         // Go
  | 'cocoapods' | 'swift'             // iOS/macOS
  | 'hex'                             // Elixir
  | 'Unmanaged (C/C++)';              // C/C++