or run

npx @tessl/cli init
Log in

Version

Tile

Overview

Evals

Files

Files

docs

cli-commands.mdconfiguration.mdcontainer-security.mdindex.mdinfrastructure-as-code.mdproject-monitoring.mdsource-code-analysis.mdvulnerability-testing.md

cli-commands.mddocs/

0
# CLI Commands
1


2
Complete command-line interface providing access to all Snyk functionality through terminal commands. The CLI offers 15+ commands for authentication, scanning, monitoring, fixing vulnerabilities, and managing security policies.
3


4
## Capabilities
5


6
### Authentication Commands
7


8
Commands for managing authentication and API access.
9


10
```bash { .api }
11
# Authentication management
12
snyk auth                                    # Interactive login flow
13
snyk auth <api-token>                       # Authenticate with token
14
snyk auth --refresh                         # Refresh authentication
15
snyk config get api                         # Get current API token
16
snyk config set api=<token>                 # Set API token
17
snyk config unset api                       # Remove API token
18
```
19


20
### Core Testing Commands
21


22
Primary vulnerability scanning commands across different content types.
23


24
```bash { .api }
25
# Vulnerability testing
26
snyk test                                   # Test current project
27
snyk test <path>                           # Test specific path
28
snyk test --org=<org-id>                   # Test with organization
29
snyk test --json                           # JSON output
30
snyk test --sarif                          # SARIF output format
31
snyk test --severity-threshold=<level>     # Filter by severity
32
snyk test --fail-on=<condition>            # Control exit codes
33
snyk test --all-projects                   # Test all projects
34
snyk test --file=<manifest>                # Test specific file
35


36
# Container testing
37
snyk container test <image>                # Test Docker image  
38
snyk container test <image> --file=Dockerfile # Include Dockerfile
39
snyk container test <image> --org=<org>    # With organization
40
snyk container test <image> --json         # JSON output
41
snyk container test <image> --severity-threshold=high
42


43
# Infrastructure as Code testing  
44
snyk iac test                              # Test IaC files
45
snyk iac test <path>                       # Test specific path
46
snyk iac test --org=<org-id>               # With organization
47
snyk iac test --json                       # JSON output
48
snyk iac test --sarif                      # SARIF format
49
snyk iac test --detection-depth=<number>   # Control scan depth
50


51
# Source code testing
52
snyk code test                             # Test source code (SAST)
53
snyk code test <path>                      # Test specific path  
54
snyk code test --org=<org-id>              # With organization
55
snyk code test --json                      # JSON output
56
snyk code test --sarif                     # SARIF format
57
```
58


59
### Monitoring Commands
60


61
Commands for continuous vulnerability monitoring and project tracking.
62


63
```bash { .api }
64
# Project monitoring
65
snyk monitor                               # Monitor current project
66
snyk monitor <path>                        # Monitor specific path
67
snyk monitor --org=<org-id>                # Monitor with organization
68
snyk monitor --project-name=<name>        # Custom project name
69
snyk monitor --target-reference=<ref>     # Git branch/tag reference
70
snyk monitor --all-projects               # Monitor all projects
71


72
# Container monitoring
73
snyk container monitor <image>            # Monitor container image
74
snyk container monitor <image> --org=<org> # With organization
75
snyk container monitor <image> --project-name=<name> # Custom name
76
```
77


78
### Fix and Remediation Commands
79


80
Automated vulnerability fixing and remediation capabilities.
81


82
```bash { .api }
83
# Automatic fixing
84
snyk fix                                   # Auto-fix vulnerabilities
85
snyk fix --org=<org-id>                    # Fix with organization
86
snyk fix --dry-run                         # Preview fixes without applying
87
snyk fix --quiet                           # Suppress output
88
snyk fix --strip-ansi                      # Remove ANSI colors
89


90
# Legacy protection (deprecated but available)
91
snyk protect                               # Apply patches and protections
92
snyk wizard                                # Interactive setup wizard
93
```
94


95
### Policy and Ignore Management
96


97
Commands for managing security policies and vulnerability ignores.
98


99
```bash { .api }
100
# Policy management
101
snyk policy                                # Display current policy
102
snyk ignore --id=<vuln-id>                 # Ignore specific vulnerability
103
snyk ignore --id=<vuln-id> --reason=<text> # Ignore with reason
104
snyk ignore --id=<vuln-id> --expiry=<date> # Ignore with expiration
105
snyk ignore --path=<dep-path> --id=<vuln-id> # Ignore in specific path
106


107
# Policy file operations
108
snyk policy --file=.snyk                   # Use specific policy file
109
snyk update-exclude-policy                 # Update exclusion policies
110
```
111


112
### Configuration Commands  
113


114
Commands for managing CLI configuration and settings.
115


116
```bash { .api }
117
# Configuration management
118
snyk config                                # Show all configuration
119
snyk config get <key>                      # Get specific config value
120
snyk config set <key>=<value>             # Set configuration value
121
snyk config unset <key>                    # Remove configuration value
122


123
# Common configuration keys
124
snyk config set org=<org-id>               # Set default organization
125
snyk config set endpoint=<url>             # Set API endpoint
126
snyk config set disable-analytics=true     # Disable analytics
127
```
128


129
### Information and Help Commands
130


131
Commands for getting help, version information, and system details.
132


133
```bash { .api }
134
# Information commands
135
snyk --help                                # General help
136
snyk <command> --help                      # Command-specific help
137
snyk --version                             # Show CLI version
138
snyk version                               # Detailed version information
139
snyk about                                 # About Snyk CLI
140


141
# Advanced information
142
snyk log4shell                            # Log4Shell vulnerability checker
143
snyk woof                                 # Easter egg command
144
```
145


146
### Infrastructure Analysis Commands
147


148
Advanced infrastructure analysis and drift detection capabilities.
149


150
```bash { .api }
151
# Infrastructure drift detection
152
snyk iac describe                         # Describe infrastructure state
153
snyk iac describe --only-managed          # Show only managed resources
154
snyk iac describe --only-unmanaged        # Show only unmanaged resources
155
snyk iac describe --json                  # JSON output
156
snyk iac describe --html                  # HTML report
157
snyk iac describe --html-file-output=<file> # Save HTML report
158


159
# Drift analysis options
160
snyk iac describe --filter='<filter>'     # Filter resources
161
snyk iac describe --to=<state-path>       # Compare to specific state
162
snyk iac describe --from=<sources>        # Specify IaC sources
163
snyk iac describe --driftignore=<file>    # Use drift ignore file
164
```
165


166
### App Management Commands
167


168
Commands for managing Snyk Apps and integrations.
169


170
```bash { .api }
171
# App management
172
snyk apps                                  # List available apps
173
snyk apps create                          # Create new Snyk App  
174
snyk apps create --org=<org-id>           # Create app in organization
175
snyk apps create --name=<app-name>        # Create with specific name
176
```
177


178
## Command Options and Flags
179


180
### Global Options
181


182
Options available across all commands.
183


184
```bash { .api }
185
# Global flags
186
--org=<org-id>                            # Organization ID
187
--json                                    # JSON output format
188
--quiet                                   # Suppress output
189
--debug                                   # Enable debug output
190
--insecure                                # Allow insecure connections
191
--proxy=<url>                             # HTTP proxy URL
192
--proxy-ca=<file>                         # Proxy CA certificate
193
```
194


195
### Output Format Options
196


197
Options for controlling output format and destinations.
198


199
```bash { .api }
200
# Output formatting
201
--json                                    # JSON structured output
202
--json-file-output=<file>                 # Save JSON to file
203
--sarif                                   # SARIF format output
204
--sarif-file-output=<file>                # Save SARIF to file
205
--no-markdown                             # Disable markdown in output
206
--quiet                                   # Minimal output
207
--print-deps                              # Print dependency information
208
```
209


210
### Filtering and Threshold Options
211


212
Options for filtering results and controlling scan behavior.
213


214
```bash { .api }
215
# Filtering options
216
--severity-threshold=<level>              # Minimum severity (low|medium|high|critical)
217
--fail-on=<condition>                     # When to exit with error (all|upgradable|patchable)
218
--exclude=<patterns>                      # Exclude files/directories
219
--detection-depth=<number>                # Limit detection depth
220
--max-depth=<number>                      # Maximum dependency depth
221


222
# Vulnerability path options
223
--show-vulnerable-paths=<mode>            # Show paths (none|some|all)
224
--max-vulnerable-paths=<number>           # Maximum paths to show
225
```
226


227
### Project and Repository Options
228


229
Options for project identification and Git integration.
230


231
```bash { .api }
232
# Project options
233
--project-name=<name>                     # Custom project name
234
--target-reference=<ref>                  # Git branch/tag reference
235
--remote-repo-url=<url>                   # Remote repository URL
236
--file=<manifest>                         # Specific manifest file
237
--package-manager=<pm>                    # Override package manager detection
238


239
# Multi-project options
240
--all-projects                            # Scan all detected projects
241
--yarn-workspaces                         # Enable Yarn workspaces support
242
--exclude=<patterns>                      # Exclude project patterns
243
```
244


245
## Exit Codes
246


247
Understanding CLI exit codes for automation and CI/CD integration.
248


249
```bash { .api }
250
# Standard exit codes
251
0    # Success - no vulnerabilities found
252
1    # Vulnerabilities found or general error  
253
2    # Failure, try again (network/auth issues)
254
3    # No supported projects detected
255


256
# Special exit codes
257
EXIT_CODES.VULNS_FOUND = 1               # Vulnerabilities detected
258
EXIT_CODES.ERROR = 2                     # General error
259
EXIT_CODES.NO_SUPPORTED_PROJECTS_DETECTED = 3 # No supported manifests
260
EXIT_CODES.EX_NOPERM = 77               # Permission denied (CI mode)
261
EXIT_CODES.EX_UNAVAILABLE = 69          # Service unavailable (CI mode)
262
```
263


264
## Environment Variables
265


266
Environment variables that affect CLI behavior.
267


268
```bash { .api }
269
# Authentication and configuration
270
SNYK_TOKEN=<token>                        # API token
271
SNYK_API=<endpoint>                       # API endpoint URL
272
SNYK_ORG=<org-id>                        # Default organization
273


274
# Behavioral controls
275
SNYK_CI=1                                 # Enable CI mode (different exit codes)
276
SNYK_DISABLE_ANALYTICS=true              # Disable usage analytics
277
DEBUG=snyk*                              # Enable debug output
278
SNYK_HTTP_PROXY=<url>                    # HTTP proxy URL
279
SNYK_HTTPS_PROXY=<url>                   # HTTPS proxy URL
280


281
# Feature flags and experimental features
282
SNYK_EXPERIMENTAL=true                    # Enable experimental features
283
SNYK_IMAGE_SAVE_PATH=<path>              # Container image save path
284
```
285


286
## Integration Examples
287


288
Examples of CLI usage in different environments and workflows.
289


290
```bash { .api }
291
# CI/CD Pipeline Integration
292
# GitHub Actions example
293
- name: Run Snyk to check for vulnerabilities
294
  run: |
295
    npm install -g snyk
296
    snyk auth ${{ secrets.SNYK_TOKEN }}
297
    snyk test --severity-threshold=high
298
    snyk monitor --target-reference=${{ github.ref }}
299


300
# Docker Integration
301
# Dockerfile security scanning
302
snyk container test myapp:latest --file=Dockerfile
303
snyk container monitor myapp:latest --project-name="MyApp Production"
304


305
# Multi-stage pipeline
306
snyk test --all-projects --json > snyk-test-results.json
307
snyk iac test ./terraform/ --json > snyk-iac-results.json  
308
snyk code test --json > snyk-code-results.json
309
snyk monitor --all-projects
310
```