Snyk

Developer security platform for finding and fixing vulnerabilities. Scan code, dependencies, containers, and IaC configs.

54 commands

Browse by Topic

Getting Started

Quick setup and installation

3commands

Testing

Vulnerability testing

12commands

Monitoring

Continuous monitoring

7commands

Container

Container scanning

8commands

IaC

IaC scanning

8commands

Code

SAST analysis

6commands

Fix

Remediation & fixes

10commands

Install Snyk CLI

$ npm install -g snyk

Install Snyk security scanner globally using npm

Authenticate Snyk CLI

$ snyk auth

Authenticate the Snyk CLI with your account via the browser

Check Snyk version

$ snyk --version

Verify Snyk is installed and display the current version

Test project

$ snyk test

Test current project for vulnerabilities.

Test with severity threshold

$ snyk test --severity-threshold=high

Only report high+ severity issues.

Test specific file

$ snyk test --file=package.json

Test specific manifest file.

JSON output

$ snyk test --json > results.json

Output results as JSON.

Test all projects

$ snyk test --all-projects

Test all projects in directory.

Test for specific org

$ snyk test --org=my-team

Run test against a specific Snyk organization.

Include dev dependencies

$ snyk test --dev

Include devDependencies in the scan.

Prune repeated subdeps

$ snyk test --prune-repeated-subdependencies

Remove duplicate sub-dependencies for cleaner results.

Custom policy path

$ snyk test --policy-path=.snyk

Use a custom .snyk policy file path.

Set detection depth

$ snyk test --detection-depth=3

Limit how deep to search for manifest files.

Fail on fixable only

$ snyk test --fail-on=upgradable

Only fail if there are upgradable vulnerabilities.

SARIF output

$ snyk test --sarif > results.sarif

Output results in SARIF format for CI integration.

Monitor project

$ snyk monitor

Take snapshot for continuous monitoring.

Monitor with project name

$ snyk monitor --project-name=myapp-prod

Monitor with custom project name.

Monitor with tags

$ snyk monitor --tags=env=prod,team=backend

Add tags for filtering.

Monitor for specific org

$ snyk monitor --org=my-team

Send monitor snapshot to a specific organization.

Monitor with remote repo URL

$ snyk monitor --remote-repo-url=https://github.com/org/repo

Associate snapshot with a remote repository.

Monitor with target reference

$ snyk monitor --target-reference=main

Tag the snapshot with a branch or version reference.

Monitor all projects

$ snyk monitor --all-projects

Monitor all detected projects in a directory.

Test container image

$ snyk container test nginx:latest

Scan container image for vulnerabilities.

Test with Dockerfile

$ snyk container test myapp:latest --file=Dockerfile

Include Dockerfile for fix suggestions.

Monitor container

$ snyk container monitor nginx:latest

Continuously monitor container image.

Exclude base image

$ snyk container test myapp:latest --exclude-base-image-vulns

Only show app-level vulnerabilities.

Include app vulns

$ snyk container test myapp:latest --app-vulns

Scan application dependencies inside the image.

Scan nested JARs

$ snyk container test myapp:latest --nested-jars-depth=3

Scan nested JAR files inside the image.

Specify platform

$ snyk container test myapp:latest --platform=linux/amd64

Test a specific platform for multi-arch images.

Generate container SBOM

$ snyk container sbom --format=cyclonedx1.4+json nginx:latest

Generate a software bill of materials for an image.

Test IaC files

$ snyk iac test

Scan IaC files for misconfigurations.

Test specific file

$ snyk iac test main.tf

Test specific Terraform file.

Test with rules

$ snyk iac test --rules=./custom-rules/

Apply custom IaC rules.

SARIF output

$ snyk iac test --sarif > results.sarif

Output in SARIF format.

Scan Terraform plan

$ terraform plan -out=tfplan && terraform show -json tfplan | snyk iac test --scan=planned-values

Scan planned Terraform values for issues.

IaC report to Snyk

$ snyk iac test --report

Send IaC scan results to Snyk dashboard.

Detect IaC drift

$ snyk iac describe --only-unmanaged

Detect unmanaged cloud resources (drift detection).

Describe cloud resources

$ snyk iac describe --from=tfstate://terraform.tfstate

Compare cloud state with Terraform state for drift.

Test code

$ snyk code test

Run static code analysis (SAST).

Test specific path

$ snyk code test ./src

Scan specific directory.

JSON output

$ snyk code test --json

Output code findings as JSON.

SARIF output

$ snyk code test --sarif

Output in SARIF for GitHub integration.

Code severity threshold

$ snyk code test --severity-threshold=high

Only report high or critical code issues.

Exclude paths

$ snyk code test --exclude=test,dist,node_modules

Exclude directories from code analysis.

Auto-fix vulnerabilities

$ snyk fix

Automatically apply available fixes to dependencies.

Ignore a vulnerability

$ snyk ignore --id=SNYK-JS-LODASH-590103 --reason='No fix available'

Ignore a specific vulnerability by ID with a reason.

Ignore with expiry

$ snyk ignore --id=SNYK-JS-LODASH-590103 --expiry=2026-06-01

Temporarily ignore a vulnerability until a date.

Authenticate Snyk CLI

$ snyk auth

Authenticate via browser to connect CLI to your account.

Auth with token

$ snyk auth YOUR_API_TOKEN

Authenticate with an API token for CI/CD.

Set config value

$ snyk config set api=YOUR_API_TOKEN

Set a Snyk CLI configuration value.

Get config value

$ snyk config get api

Read a Snyk CLI configuration value.

Clear config

$ snyk config clear

Remove all Snyk CLI configuration.

Set default org

$ snyk config set org=my-org-slug

Set the default organization for all commands.

Generate project SBOM

$ snyk sbom --format=cyclonedx1.4+json

Generate a software bill of materials for the project.

Discussion

Loading comments...

Snyk

Developer security platform for finding and fixing vulnerabilities. Scan code, dependencies, containers, and IaC configs.

54 commands

Browse by Topic

Getting Started

Quick setup and installation

3commands

Testing

Vulnerability testing

12commands

Monitoring

Continuous monitoring

7commands

Container

Container scanning

8commands

IaC

IaC scanning

8commands

Code

SAST analysis

6commands

Fix

Remediation & fixes

10commands

Install Snyk CLI

$ npm install -g snyk

Install Snyk security scanner globally using npm

Authenticate Snyk CLI

$ snyk auth

Authenticate the Snyk CLI with your account via the browser

Check Snyk version

$ snyk --version

Verify Snyk is installed and display the current version

Test project

$ snyk test

Test current project for vulnerabilities.

Test with severity threshold

$ snyk test --severity-threshold=high

Only report high+ severity issues.

Test specific file

$ snyk test --file=package.json

Test specific manifest file.

JSON output

$ snyk test --json > results.json

Output results as JSON.

Test all projects

$ snyk test --all-projects

Test all projects in directory.

Test for specific org

$ snyk test --org=my-team

Run test against a specific Snyk organization.

Include dev dependencies

$ snyk test --dev

Include devDependencies in the scan.

Prune repeated subdeps

$ snyk test --prune-repeated-subdependencies

Remove duplicate sub-dependencies for cleaner results.

Custom policy path

$ snyk test --policy-path=.snyk

Use a custom .snyk policy file path.

Set detection depth

$ snyk test --detection-depth=3

Limit how deep to search for manifest files.

Fail on fixable only

$ snyk test --fail-on=upgradable

Only fail if there are upgradable vulnerabilities.

SARIF output

$ snyk test --sarif > results.sarif

Output results in SARIF format for CI integration.

Monitor project

$ snyk monitor

Take snapshot for continuous monitoring.

Monitor with project name

$ snyk monitor --project-name=myapp-prod

Monitor with custom project name.

Monitor with tags

$ snyk monitor --tags=env=prod,team=backend

Add tags for filtering.

Monitor for specific org

$ snyk monitor --org=my-team

Send monitor snapshot to a specific organization.

Monitor with remote repo URL

$ snyk monitor --remote-repo-url=https://github.com/org/repo

Associate snapshot with a remote repository.

Monitor with target reference

$ snyk monitor --target-reference=main

Tag the snapshot with a branch or version reference.

Monitor all projects

$ snyk monitor --all-projects

Monitor all detected projects in a directory.

Test container image

$ snyk container test nginx:latest

Scan container image for vulnerabilities.

Test with Dockerfile

$ snyk container test myapp:latest --file=Dockerfile

Include Dockerfile for fix suggestions.

Monitor container

$ snyk container monitor nginx:latest

Continuously monitor container image.

Exclude base image

$ snyk container test myapp:latest --exclude-base-image-vulns

Only show app-level vulnerabilities.

Include app vulns

$ snyk container test myapp:latest --app-vulns

Scan application dependencies inside the image.

Scan nested JARs

$ snyk container test myapp:latest --nested-jars-depth=3

Scan nested JAR files inside the image.

Specify platform

$ snyk container test myapp:latest --platform=linux/amd64

Test a specific platform for multi-arch images.

Generate container SBOM

$ snyk container sbom --format=cyclonedx1.4+json nginx:latest

Generate a software bill of materials for an image.

Test IaC files

$ snyk iac test

Scan IaC files for misconfigurations.

Test specific file

$ snyk iac test main.tf

Test specific Terraform file.

Test with rules

$ snyk iac test --rules=./custom-rules/

Apply custom IaC rules.

SARIF output

$ snyk iac test --sarif > results.sarif

Output in SARIF format.

Scan Terraform plan

$ terraform plan -out=tfplan && terraform show -json tfplan | snyk iac test --scan=planned-values

Scan planned Terraform values for issues.

IaC report to Snyk

$ snyk iac test --report

Send IaC scan results to Snyk dashboard.

Detect IaC drift

$ snyk iac describe --only-unmanaged

Detect unmanaged cloud resources (drift detection).

Describe cloud resources

$ snyk iac describe --from=tfstate://terraform.tfstate

Compare cloud state with Terraform state for drift.

Test code

$ snyk code test

Run static code analysis (SAST).

Test specific path

$ snyk code test ./src

Scan specific directory.

JSON output

$ snyk code test --json

Output code findings as JSON.

SARIF output

$ snyk code test --sarif

Output in SARIF for GitHub integration.

Code severity threshold

$ snyk code test --severity-threshold=high

Only report high or critical code issues.

Exclude paths

$ snyk code test --exclude=test,dist,node_modules

Exclude directories from code analysis.

Auto-fix vulnerabilities

$ snyk fix

Automatically apply available fixes to dependencies.

Ignore a vulnerability

$ snyk ignore --id=SNYK-JS-LODASH-590103 --reason='No fix available'

Ignore a specific vulnerability by ID with a reason.

Ignore with expiry

$ snyk ignore --id=SNYK-JS-LODASH-590103 --expiry=2026-06-01

Temporarily ignore a vulnerability until a date.

Authenticate Snyk CLI

$ snyk auth

Authenticate via browser to connect CLI to your account.

Auth with token

$ snyk auth YOUR_API_TOKEN

Authenticate with an API token for CI/CD.

Set config value

$ snyk config set api=YOUR_API_TOKEN

Set a Snyk CLI configuration value.

Get config value

$ snyk config get api

Read a Snyk CLI configuration value.

Clear config

$ snyk config clear

Remove all Snyk CLI configuration.

Set default org

$ snyk config set org=my-org-slug

Set the default organization for all commands.

Generate project SBOM

$ snyk sbom --format=cyclonedx1.4+json

Generate a software bill of materials for the project.

Discussion

Loading comments...