0
# Configuration
1
2
System for managing authentication, organization settings, scan preferences, and CLI behavior through configuration files, environment variables, and command-line options.
3
4
## Capabilities
5
6
### Config Object
7
8
Programmatic access to configuration settings and user preferences.
9
10
```javascript { .api }
11
/**
12
* Access to configuration settings
13
*/
14
const config = snyk.config;
15
16
interface Config {
17
/** API token for authentication */
18
api?: string;
19
/** Default organization ID */
20
org?: string;
21
/** API endpoint URL */
22
endpoint?: string;
23
/** Disable usage analytics */
24
'disable-analytics'?: boolean;
25
/** HTTP proxy URL */
26
proxy?: string;
27
/** HTTPS proxy URL */
28
'https-proxy'?: string;
29
/** CA certificate bundle path */
30
ca?: string;
31
/** Reject unauthorized certificates */
32
'reject-unauthorized'?: boolean;
33
/** Request timeout in milliseconds */
34
timeout?: number;
35
}
36
37
// Configuration access patterns
38
console.log(snyk.config.api); // Get API token
39
snyk.config.org = 'my-org-id'; // Set organization
40
```
41
42
### CLI Configuration Commands
43
44
Command-line interface for managing configuration settings.
45
46
```bash { .api }
47
# View configuration
48
snyk config # Show all configuration values
49
snyk config get <key> # Get specific configuration value
50
snyk config get api # Get API token
51
snyk config get org # Get default organization
52
53
# Set configuration
54
snyk config set <key>=<value> # Set configuration value
55
snyk config set api=<token> # Set API token
56
snyk config set org=<org-id> # Set default organization
57
snyk config set endpoint=<url> # Set custom API endpoint
58
snyk config set disable-analytics=true # Disable analytics
59
60
# Remove configuration
61
snyk config unset <key> # Remove configuration value
62
snyk config unset api # Remove API token
63
snyk config unset org # Remove default organization
64
```
65
66
### Authentication Configuration
67
68
Settings for API access and authentication management.
69
70
```javascript { .api }
71
interface AuthConfig {
72
/** Snyk API token */
73
api: string;
74
/** API endpoint URL (default: https://api.snyk.io) */
75
endpoint?: string;
76
/** Organization ID for API requests */
77
org?: string;
78
}
79
80
// Authentication methods
81
// 1. Environment variable: SNYK_TOKEN
82
// 2. Config file: snyk config set api=<token>
83
// 3. CLI argument: snyk auth <token>
84
// 4. Interactive login: snyk auth
85
```
86
87
```bash { .api }
88
# Authentication setup
89
snyk auth # Interactive OAuth login
90
snyk auth <api-token> # Direct token authentication
91
export SNYK_TOKEN=<token> # Environment variable
92
snyk config set api=<token> # Persistent configuration
93
94
# Verify authentication
95
snyk config get api # Check stored token
96
snyk test --org=<org-id> # Test with organization access
97
```
98
99
### Network Configuration
100
101
Settings for proxy, SSL, and network connectivity.
102
103
```javascript { .api }
104
interface NetworkConfig {
105
/** HTTP proxy URL */
106
proxy?: string;
107
/** HTTPS proxy URL */
108
'https-proxy'?: string;
109
/** Custom CA certificate bundle */
110
ca?: string;
111
/** Reject unauthorized SSL certificates */
112
'reject-unauthorized'?: boolean;
113
/** Request timeout in milliseconds */
114
timeout?: number;
115
/** Allow insecure connections */
116
insecure?: boolean;
117
}
118
```
119
120
```bash { .api }
121
# Proxy configuration
122
snyk config set proxy=http://proxy.company.com:8080
123
snyk config set https-proxy=https://proxy.company.com:8080
124
export SNYK_HTTP_PROXY=http://proxy.company.com:8080
125
export SNYK_HTTPS_PROXY=https://proxy.company.com:8080
126
127
# SSL configuration
128
snyk config set ca=/path/to/ca-bundle.pem
129
snyk config set reject-unauthorized=false
130
snyk test --insecure # Allow insecure connections
131
132
# Timeout configuration
133
snyk config set timeout=300000 # 5 minute timeout
134
```
135
136
### Analytics and Privacy Settings
137
138
Configuration for usage analytics and data collection preferences.
139
140
```javascript { .api }
141
interface AnalyticsConfig {
142
/** Disable usage analytics collection */
143
'disable-analytics'?: boolean;
144
/** Disable error reporting */
145
'disable-error-reporting'?: boolean;
146
}
147
```
148
149
```bash { .api }
150
# Analytics configuration
151
snyk config set disable-analytics=true # Disable analytics
152
export SNYK_DISABLE_ANALYTICS=true # Environment variable
153
snyk test --disable-analytics # One-time disable
154
155
# Privacy controls
156
snyk config get disable-analytics # Check current setting
157
snyk config unset disable-analytics # Re-enable analytics
158
```
159
160
### Organization and Project Defaults
161
162
Default settings for organization and project identification.
163
164
```javascript { .api }
165
interface ProjectDefaults {
166
/** Default organization ID */
167
org?: string;
168
/** Default project naming pattern */
169
'project-name-pattern'?: string;
170
/** Default target reference */
171
'target-reference'?: string;
172
/** Default remote repository URL pattern */
173
'remote-repo-url-pattern'?: string;
174
}
175
```
176
177
```bash { .api }
178
# Organization defaults
179
snyk config set org=<org-id> # Set default organization
180
export SNYK_ORG=<org-id> # Environment variable
181
182
# Project defaults
183
snyk test # Uses default org
184
snyk test --org=<other-org> # Override default
185
snyk monitor --project-name="MyApp" # Custom project name
186
```
187
188
## Configuration Files
189
190
### Global Configuration
191
192
System-wide configuration file locations and formats.
193
194
```bash { .api }
195
# Configuration file locations
196
# Linux/macOS: ~/.config/configstore/snyk.json
197
# Windows: %APPDATA%/configstore/snyk.json
198
199
# Example configuration file content
200
{
201
"api": "your-api-token-here",
202
"org": "your-org-id",
203
"disable-analytics": true,
204
"endpoint": "https://api.snyk.io"
205
}
206
```
207
208
### Project-Specific Configuration
209
210
Project-level configuration and policy files.
211
212
```bash { .api }
213
# .snyk policy file (project root)
214
# Controls vulnerability ignores and patches
215
version: v1.0.0
216
ignore:
217
'SNYK-JS-LODASH-567746':
218
- '*':
219
reason: Risk accepted
220
expires: '2024-12-31T23:59:59.999Z'
221
222
# .snykignore file (for IaC scanning)
223
# Ignore specific files or directories
224
**/node_modules/**
225
dist/
226
build/
227
*.test.js
228
```
229
230
### Environment-Specific Configuration
231
232
Configuration patterns for different deployment environments.
233
234
```bash { .api }
235
# Development environment
236
export SNYK_TOKEN=dev-token
237
export SNYK_ORG=dev-org-id
238
export SNYK_DISABLE_ANALYTICS=true
239
240
# Staging environment
241
export SNYK_TOKEN=staging-token
242
export SNYK_ORG=staging-org-id
243
export SNYK_CI=1
244
245
# Production environment
246
export SNYK_TOKEN=prod-token
247
export SNYK_ORG=prod-org-id
248
export SNYK_CI=1
249
export SNYK_TIMEOUT=600000
250
```
251
252
## Advanced Configuration
253
254
### API Endpoint Configuration
255
256
Custom API endpoint configuration for enterprise installations.
257
258
```javascript { .api }
259
interface EndpointConfig {
260
/** API base URL */
261
endpoint: string;
262
/** Custom API version */
263
version?: string;
264
/** Additional headers */
265
headers?: Record<string, string>;
266
}
267
```
268
269
```bash { .api }
270
# Custom endpoint configuration
271
snyk config set endpoint=https://api.custom.snyk.io
272
export SNYK_API=https://api.custom.snyk.io
273
274
# Enterprise endpoint
275
snyk config set endpoint=https://app.eu.snyk.io/api
276
snyk config set ca=/path/to/enterprise-ca.pem
277
```
278
279
### Feature Flag Configuration
280
281
Configuration for experimental and beta features.
282
283
```bash { .api }
284
# Enable experimental features
285
export SNYK_EXPERIMENTAL=true
286
snyk test --experimental
287
288
# Feature-specific flags
289
export SNYK_CODE_ENABLED=true # Enable code analysis
290
export SNYK_IAC_ENABLED=true # Enable IaC scanning
291
export SNYK_CONTAINER_ENABLED=true # Enable container scanning
292
```
293
294
### Debug and Logging Configuration
295
296
Settings for debug output and logging preferences.
297
298
```bash { .api }
299
# Debug configuration
300
export DEBUG=snyk* # Enable all Snyk debug output
301
export DEBUG=snyk:find-files # Specific debug namespace
302
export DEBUG=snyk-test # Test command debug
303
304
# Logging levels
305
snyk test --debug # Enable debug for single command
306
snyk test --quiet # Suppress output
307
snyk test -d # Short debug flag
308
```
309
310
## Configuration Validation
311
312
```javascript { .api }
313
// Configuration validation and error handling
314
try {
315
const result = await snyk.test('./project');
316
} catch (error) {
317
if (error.code === 'AUTH_ERROR') {
318
console.log('Authentication failed. Run: snyk auth');
319
} else if (error.code === 'INVALID_ORG') {
320
console.log('Invalid organization. Check: snyk config get org');
321
} else if (error.code === 'NETWORK_ERROR') {
322
console.log('Network error. Check proxy settings.');
323
}
324
}
325
```
326
327
```bash { .api }
328
# Configuration validation commands
329
snyk config # Verify all settings
330
snyk auth # Test authentication
331
snyk test --org=invalid # Test organization access
332
snyk test --debug # Debug configuration issues
333
```
334
335
## Types
336
337
### Configuration Types
338
339
```typescript { .api }
340
interface SnykConfig {
341
/** API authentication token */
342
api?: string;
343
/** Default organization identifier */
344
org?: string;
345
/** API endpoint URL */
346
endpoint?: string;
347
/** Disable usage analytics */
348
'disable-analytics'?: boolean;
349
/** HTTP proxy URL */
350
proxy?: string;
351
/** HTTPS proxy URL */
352
'https-proxy'?: string;
353
/** CA certificate bundle path */
354
ca?: string;
355
/** Reject unauthorized SSL certificates */
356
'reject-unauthorized'?: boolean;
357
/** Request timeout in milliseconds */
358
timeout?: number;
359
/** Allow insecure HTTPS connections */
360
insecure?: boolean;
361
}
362
363
interface PolicyConfig {
364
/** Policy file version */
365
version: string;
366
/** Ignored vulnerabilities */
367
ignore?: Record<string, IgnoreRule[]>;
368
/** Patch configuration */
369
patch?: Record<string, PatchRule>;
370
/** Language-specific settings */
371
language?: LanguageSettings;
372
}
373
374
interface IgnoreRule {
375
/** Vulnerability paths to ignore */
376
[path: string]: {
377
/** Reason for ignoring */
378
reason: string;
379
/** Expiration date (ISO string) */
380
expires?: string;
381
/** Created timestamp */
382
created?: string;
383
};
384
}
385
386
interface EnvironmentConfig {
387
/** Snyk API token */
388
SNYK_TOKEN?: string;
389
/** Default organization */
390
SNYK_ORG?: string;
391
/** API endpoint */
392
SNYK_API?: string;
393
/** CI mode flag */
394
SNYK_CI?: '1' | '0';
395
/** Disable analytics */
396
SNYK_DISABLE_ANALYTICS?: 'true' | 'false';
397
/** HTTP proxy */
398
SNYK_HTTP_PROXY?: string;
399
/** HTTPS proxy */
400
SNYK_HTTPS_PROXY?: string;
401
/** Debug namespaces */
402
DEBUG?: string;
403
}
404
405
interface LanguageSettings {
406
/** Additional command line arguments */
407
additionalArguments?: string[];
408
/** Include development dependencies */
409
includeDevelopmentDependencies?: boolean;
410
/** Skip unresolved dependencies */
411
skipUnresolved?: boolean;
412
/** Custom command for package manager */
413
command?: string;
414
/** Working directory */
415
workingDirectory?: string;
416
}
417
```