tessl/npm-snyk
Developer-first, cloud-native security tool to scan and monitor your software development projects for security vulnerabilities
—
Pending
project-monitoring.mddocs/
Project Monitoring
Continuous monitoring system for tracking security posture over time with automated alerts, notifications, and integration with the Snyk platform for ongoing vulnerability management.
Capabilities
Monitor Command
Main CLI command for setting up continuous project monitoring. Note: Monitor functionality is only available via CLI commands, not through the programmatic API.
# Monitor current project
snyk monitor
# Monitor with specific options
snyk monitor --org=<org-id> --project-name=<name>
# Monitor Docker container
snyk monitor --docker <image>
# Monitor with JSON output
snyk monitor --jsonMonitor Options
CLI options available for the monitor command:
# Core options
--org=<org-id> # Organization ID for monitoring
--project-name=<name> # Custom project name for identification
--file=<path> # Specific manifest file to monitor
--json # Return results in JSON format
--all-projects # Monitor all detected projects
--target-reference=<ref> # Target reference for Git projects
--remote-repo-url=<url> # Remote repository URL
# Advanced options
--prune-repeated-subdependencies # Skip dependency pruning for large projects
--print-deps # Print dependency information
--print-dep-paths # Print dependency paths
--experimental # Enable experimental features
--exclude-node-modules # Exclude node_modules from monitoring
--yarn-workspaces # Enable Yarn workspaces monitoring
--max-depth=<number> # Maximum dependency tree depth
--init-script=<script> # Initialization script for projects
--policy-path=<path> # Policy file pathMonitor Result
When using --json output, the monitor command returns structured data:
interface MonitorResult {
/** Unique project identifier */
id: string;
/** Snyk project URL */
uri: string;
/** Local project path */
path: string;
/** Project name */
projectName: string;
/** Organization identifier */
org?: string;
/** Monitoring status */
status: 'success' | 'error';
/** Monitoring is enabled flag */
isMonitored: boolean;
/** Trial started flag */
trialStarted: boolean;
}Monitor Meta
Metadata information included with monitor results:
interface MonitorMeta {
/** Monitoring method used */
method: 'cli';
/** Detected package manager */
packageManager: string;
/** Policy file path */
'policy-path': string;
/** Project name used */
'project-name': string;
/** Docker monitoring flag */
isDocker: boolean;
/** Dependency pruning enabled */
prune: boolean;
/** Remote repository URL */
'remote-repo-url'?: string;
/** Target reference (branch/tag) */
targetReference?: string;
/** Assets project name flag */
assetsProjectName?: boolean;
}Usage Examples:
# Basic project monitoring
snyk monitor
# Monitor with specific organization and project name
snyk monitor --org=my-org-id --project-name="My Important Project"
# Monitor all projects in monorepo
snyk monitor --all-projects --org=my-org-id
# Monitor with Git integration
snyk monitor --remote-repo-url=https://github.com/user/repo.git --target-reference=main
# Docker container monitoring
snyk monitor --docker nginx:latest --app-vulns
# Monitor with JSON output for automation
snyk monitor --json > monitor-result.jsonCLI Monitor Command
Command-line interface for setting up continuous monitoring.
# Basic usage
snyk monitor # Monitor current directory
snyk monitor /path/to/project # Monitor specific path
snyk monitor --org=<org-id> # Monitor with organization
# Project configuration
snyk monitor --project-name="My Project" # Custom project name
snyk monitor --target-reference=main # Specify Git branch/tag
snyk monitor --remote-repo-url=<git-url> # Link to Git repository
# Multi-project monitoring
snyk monitor --all-projects # Monitor all detected projects
snyk monitor --yarn-workspaces # Monitor Yarn workspaces
# Docker monitoring
snyk monitor --docker # Monitor Docker project
snyk monitor --app-vulns # Include application vulnerabilities
snyk monitor --exclude-app-vulns # Exclude application vulnerabilities
# Output options
snyk monitor --json # JSON output format
snyk monitor --print-deps # Print dependency information
# Advanced options
snyk monitor --file=package.json # Monitor specific manifest
snyk monitor --prune-repeated-subdependencies # Optimize for large projects
snyk monitor --max-depth=3 # Limit dependency depthContainer Monitoring
Specialized monitoring for Docker containers and container registries.
/**
* Monitor Docker container images
*/
// CLI usage for container monitoring
// snyk container monitor <image>
// snyk container monitor <image> --org=<org-id>
// snyk container monitor <image> --project-name="Container Project"# Container monitoring commands
snyk container monitor nginx:latest # Monitor container image
snyk container monitor myapp:v1.0 --org=<org-id> # With organization
snyk container monitor alpine --project-name="Base Image" # Custom name
snyk container monitor ubuntu --app-vulns # Include application scanningMonitoring Management
Functions and commands for managing existing monitored projects.
# View monitored projects (via web interface)
# Projects are accessible at https://app.snyk.io/org/<org>/projects
# Remove monitoring (must be done via web interface or API)
# No direct CLI command for removing monitorsIntegration Capabilities
// Monitoring integrates with:
// - GitHub, GitLab, Bitbucket repositories
// - CI/CD pipelines (Jenkins, GitHub Actions, etc.)
// - Container registries (Docker Hub, ECR, GCR, etc.)
// - Webhook notifications
// - Slack/email alerts
// - JIRA ticket creation
interface IntegrationOptions {
/** Enable webhook notifications */
webhooks?: WebhookConfig[];
/** Slack notification settings */
slack?: SlackConfig;
/** Email notification preferences */
email?: EmailConfig;
/** JIRA integration settings */
jira?: JiraConfig;
}Monitoring Workflow
// Typical monitoring workflow:
// 1. Run snyk monitor to create snapshot
// 2. Snyk platform regularly rescans dependencies
// 3. New vulnerabilities trigger notifications
// 4. Developers receive alerts via configured channels
// 5. Fix vulnerabilities and monitor tracks improvements
const monitoringWorkflow = {
setup: 'snyk monitor --org=my-org',
schedule: 'Automatic daily scans',
alerts: 'Email/Slack/webhook notifications',
remediation: 'snyk fix or manual updates',
tracking: 'Historical vulnerability trends'
};Error Handling
// Common monitoring errors
try {
const result = await snyk.monitor('./project');
} catch (error) {
if (error.code === 'NO_SUPPORTED_MANIFESTS') {
console.log('No supported package files found for monitoring');
} else if (error.code === 'MISSING_ORG') {
console.log('Organization required for monitoring');
} else if (error.code === 'AUTH_ERROR') {
console.log('Authentication failed - run snyk auth');
} else if (error.code === 'MONITOR_FAILED') {
console.log('Failed to set up monitoring:', error.message);
} else {
console.error('Monitor error:', error.message);
}
}Types
Supporting Types
interface WebhookConfig {
/** Webhook URL */
url: string;
/** Events to trigger webhook */
events: ('new-vulnerability' | 'remediation-available')[];
/** Authentication headers */
headers?: Record<string, string>;
}
interface SlackConfig {
/** Slack webhook URL */
webhookUrl: string;
/** Slack channel */
channel: string;
/** Notification frequency */
frequency: 'immediate' | 'daily' | 'weekly';
}
interface EmailConfig {
/** Email addresses for notifications */
recipients: string[];
/** Notification frequency */
frequency: 'immediate' | 'daily' | 'weekly';
/** Include vulnerability details */
includeDetails: boolean;
}
interface JiraConfig {
/** JIRA server URL */
serverUrl: string;
/** Project key */
projectKey: string;
/** Issue type */
issueType: string;
/** Authentication credentials */
credentials: JiraCredentials;
}
interface JiraCredentials {
/** Username */
username: string;
/** API token or password */
token: string;
}
interface ProjectTag {
/** Tag key */
key: string;
/** Tag value */
value: string;
}
interface ProjectAttributes {
/** Project criticality level */
criticality?: 'critical' | 'high' | 'medium' | 'low';
/** Project environment */
environment?: ('frontend' | 'backend' | 'internal' | 'external' | 'mobile' | 'saas' | 'onprem')[];
/** Project lifecycle stage */
lifecycle?: ('production' | 'development' | 'sandbox')[];
}Install with Tessl CLI
npx tessl i tessl/npm-snyk