Snyk

Container Commands

Test Docker and OCI container images for vulnerabilities in base images and installed packages.

8 commands

Pro Tips

Use --file=Dockerfile to get fix recommendations

Commands

Test container image

$ snyk container test nginx:latest

Scan container image for vulnerabilities.

Test with Dockerfile

$ snyk container test myapp:latest --file=Dockerfile

Include Dockerfile for fix suggestions.

Monitor container

$ snyk container monitor nginx:latest

Continuously monitor container image.

Exclude base image

$ snyk container test myapp:latest --exclude-base-image-vulns

Only show app-level vulnerabilities.

Include app vulns

$ snyk container test myapp:latest --app-vulns

Scan application dependencies inside the image.

Scan nested JARs

$ snyk container test myapp:latest --nested-jars-depth=3

Scan nested JAR files inside the image.

Specify platform

$ snyk container test myapp:latest --platform=linux/amd64

Test a specific platform for multi-arch images.

Generate container SBOM

$ snyk container sbom --format=cyclonedx1.4+json nginx:latest

Generate a software bill of materials for an image.