tessl/npm-snyk
Developer-first, cloud-native security tool to scan and monitor your software development projects for security vulnerabilities
—
Pending
cli-commands.mddocs/
CLI Commands
Complete command-line interface providing access to all Snyk functionality through terminal commands. The CLI offers 15+ commands for authentication, scanning, monitoring, fixing vulnerabilities, and managing security policies.
Capabilities
Authentication Commands
Commands for managing authentication and API access.
# Authentication management
snyk auth # Interactive login flow
snyk auth <api-token> # Authenticate with token
snyk auth --refresh # Refresh authentication
snyk config get api # Get current API token
snyk config set api=<token> # Set API token
snyk config unset api # Remove API tokenCore Testing Commands
Primary vulnerability scanning commands across different content types.
# Vulnerability testing
snyk test # Test current project
snyk test <path> # Test specific path
snyk test --org=<org-id> # Test with organization
snyk test --json # JSON output
snyk test --sarif # SARIF output format
snyk test --severity-threshold=<level> # Filter by severity
snyk test --fail-on=<condition> # Control exit codes
snyk test --all-projects # Test all projects
snyk test --file=<manifest> # Test specific file
# Container testing
snyk container test <image> # Test Docker image
snyk container test <image> --file=Dockerfile # Include Dockerfile
snyk container test <image> --org=<org> # With organization
snyk container test <image> --json # JSON output
snyk container test <image> --severity-threshold=high
# Infrastructure as Code testing
snyk iac test # Test IaC files
snyk iac test <path> # Test specific path
snyk iac test --org=<org-id> # With organization
snyk iac test --json # JSON output
snyk iac test --sarif # SARIF format
snyk iac test --detection-depth=<number> # Control scan depth
# Source code testing
snyk code test # Test source code (SAST)
snyk code test <path> # Test specific path
snyk code test --org=<org-id> # With organization
snyk code test --json # JSON output
snyk code test --sarif # SARIF formatMonitoring Commands
Commands for continuous vulnerability monitoring and project tracking.
# Project monitoring
snyk monitor # Monitor current project
snyk monitor <path> # Monitor specific path
snyk monitor --org=<org-id> # Monitor with organization
snyk monitor --project-name=<name> # Custom project name
snyk monitor --target-reference=<ref> # Git branch/tag reference
snyk monitor --all-projects # Monitor all projects
# Container monitoring
snyk container monitor <image> # Monitor container image
snyk container monitor <image> --org=<org> # With organization
snyk container monitor <image> --project-name=<name> # Custom nameFix and Remediation Commands
Automated vulnerability fixing and remediation capabilities.
# Automatic fixing
snyk fix # Auto-fix vulnerabilities
snyk fix --org=<org-id> # Fix with organization
snyk fix --dry-run # Preview fixes without applying
snyk fix --quiet # Suppress output
snyk fix --strip-ansi # Remove ANSI colors
# Legacy protection (deprecated but available)
snyk protect # Apply patches and protections
snyk wizard # Interactive setup wizardPolicy and Ignore Management
Commands for managing security policies and vulnerability ignores.
# Policy management
snyk policy # Display current policy
snyk ignore --id=<vuln-id> # Ignore specific vulnerability
snyk ignore --id=<vuln-id> --reason=<text> # Ignore with reason
snyk ignore --id=<vuln-id> --expiry=<date> # Ignore with expiration
snyk ignore --path=<dep-path> --id=<vuln-id> # Ignore in specific path
# Policy file operations
snyk policy --file=.snyk # Use specific policy file
snyk update-exclude-policy # Update exclusion policiesConfiguration Commands
Commands for managing CLI configuration and settings.
# Configuration management
snyk config # Show all configuration
snyk config get <key> # Get specific config value
snyk config set <key>=<value> # Set configuration value
snyk config unset <key> # Remove configuration value
# Common configuration keys
snyk config set org=<org-id> # Set default organization
snyk config set endpoint=<url> # Set API endpoint
snyk config set disable-analytics=true # Disable analyticsInformation and Help Commands
Commands for getting help, version information, and system details.
# Information commands
snyk --help # General help
snyk <command> --help # Command-specific help
snyk --version # Show CLI version
snyk version # Detailed version information
snyk about # About Snyk CLI
# Advanced information
snyk log4shell # Log4Shell vulnerability checker
snyk woof # Easter egg commandInfrastructure Analysis Commands
Advanced infrastructure analysis and drift detection capabilities.
# Infrastructure drift detection
snyk iac describe # Describe infrastructure state
snyk iac describe --only-managed # Show only managed resources
snyk iac describe --only-unmanaged # Show only unmanaged resources
snyk iac describe --json # JSON output
snyk iac describe --html # HTML report
snyk iac describe --html-file-output=<file> # Save HTML report
# Drift analysis options
snyk iac describe --filter='<filter>' # Filter resources
snyk iac describe --to=<state-path> # Compare to specific state
snyk iac describe --from=<sources> # Specify IaC sources
snyk iac describe --driftignore=<file> # Use drift ignore fileApp Management Commands
Commands for managing Snyk Apps and integrations.
# App management
snyk apps # List available apps
snyk apps create # Create new Snyk App
snyk apps create --org=<org-id> # Create app in organization
snyk apps create --name=<app-name> # Create with specific nameCommand Options and Flags
Global Options
Options available across all commands.
# Global flags
--org=<org-id> # Organization ID
--json # JSON output format
--quiet # Suppress output
--debug # Enable debug output
--insecure # Allow insecure connections
--proxy=<url> # HTTP proxy URL
--proxy-ca=<file> # Proxy CA certificateOutput Format Options
Options for controlling output format and destinations.
# Output formatting
--json # JSON structured output
--json-file-output=<file> # Save JSON to file
--sarif # SARIF format output
--sarif-file-output=<file> # Save SARIF to file
--no-markdown # Disable markdown in output
--quiet # Minimal output
--print-deps # Print dependency informationFiltering and Threshold Options
Options for filtering results and controlling scan behavior.
# Filtering options
--severity-threshold=<level> # Minimum severity (low|medium|high|critical)
--fail-on=<condition> # When to exit with error (all|upgradable|patchable)
--exclude=<patterns> # Exclude files/directories
--detection-depth=<number> # Limit detection depth
--max-depth=<number> # Maximum dependency depth
# Vulnerability path options
--show-vulnerable-paths=<mode> # Show paths (none|some|all)
--max-vulnerable-paths=<number> # Maximum paths to showProject and Repository Options
Options for project identification and Git integration.
# Project options
--project-name=<name> # Custom project name
--target-reference=<ref> # Git branch/tag reference
--remote-repo-url=<url> # Remote repository URL
--file=<manifest> # Specific manifest file
--package-manager=<pm> # Override package manager detection
# Multi-project options
--all-projects # Scan all detected projects
--yarn-workspaces # Enable Yarn workspaces support
--exclude=<patterns> # Exclude project patternsExit Codes
Understanding CLI exit codes for automation and CI/CD integration.
# Standard exit codes
0 # Success - no vulnerabilities found
1 # Vulnerabilities found or general error
2 # Failure, try again (network/auth issues)
3 # No supported projects detected
# Special exit codes
EXIT_CODES.VULNS_FOUND = 1 # Vulnerabilities detected
EXIT_CODES.ERROR = 2 # General error
EXIT_CODES.NO_SUPPORTED_PROJECTS_DETECTED = 3 # No supported manifests
EXIT_CODES.EX_NOPERM = 77 # Permission denied (CI mode)
EXIT_CODES.EX_UNAVAILABLE = 69 # Service unavailable (CI mode)Environment Variables
Environment variables that affect CLI behavior.
# Authentication and configuration
SNYK_TOKEN=<token> # API token
SNYK_API=<endpoint> # API endpoint URL
SNYK_ORG=<org-id> # Default organization
# Behavioral controls
SNYK_CI=1 # Enable CI mode (different exit codes)
SNYK_DISABLE_ANALYTICS=true # Disable usage analytics
DEBUG=snyk* # Enable debug output
SNYK_HTTP_PROXY=<url> # HTTP proxy URL
SNYK_HTTPS_PROXY=<url> # HTTPS proxy URL
# Feature flags and experimental features
SNYK_EXPERIMENTAL=true # Enable experimental features
SNYK_IMAGE_SAVE_PATH=<path> # Container image save pathIntegration Examples
Examples of CLI usage in different environments and workflows.
# CI/CD Pipeline Integration
# GitHub Actions example
- name: Run Snyk to check for vulnerabilities
run: |
npm install -g snyk
snyk auth ${{ secrets.SNYK_TOKEN }}
snyk test --severity-threshold=high
snyk monitor --target-reference=${{ github.ref }}
# Docker Integration
# Dockerfile security scanning
snyk container test myapp:latest --file=Dockerfile
snyk container monitor myapp:latest --project-name="MyApp Production"
# Multi-stage pipeline
snyk test --all-projects --json > snyk-test-results.json
snyk iac test ./terraform/ --json > snyk-iac-results.json
snyk code test --json > snyk-code-results.json
snyk monitor --all-projectsInstall with Tessl CLI
npx tessl i tessl/npm-snyk