Snyk scans and monitors your projects for security vulnerabilities.
What is Snyk?
snyk.io is a developer-first cloud-native security tool. It covers multiple areas of application security:
- Snyk Open Source: Find and automatically fix open source vulnerabilities
- Snyk Code: Find and fix vulnerabilities in your application code inreal-timee
- Snyk Container: Find and fix vulnerabilities in container images and Kubernetes applications
- Snyk Infrastructure as Code: Find and fix insecure configurations in Terraform and Kubernetes code
What is Snyk CLI?
Snyk CLI brings the functionality of Snyk into your development workflow. It can be run locally or in your CI/CD pipeline to scan your projects for security issues.
Supported languages and tools
CLI also supports Docker scanning and Terraform, k8s, and other Infrastructure as Code files scanning
Install Snyk CLI
Snyk CLI can be installed through multiple channels.
Install with npm or Yarn
Snyk CLI is available as an npm package. If you have Node.js installed locally, you can install it by running:
npm install snyk@latest -g
or if you are using Yarn:
yarn global add snyk
More installation methods
Standalone executables (macOS, Linux, Windows)
Install with Homebrew (macOS, Linux)
Snyk CLI in a Docker image
Install as a part of a Snyk CLI integration
Snyk also offers many integrations into developer tooling. These integrations will install and manage the Snyk CLI for you. For example:
- Snyk Jenkins plugin
- CircleCI Orb
- Azure Pipelines Task
- GitHub Actions
- IntelliJ IDE Plugin
- VS Code Extension
- Eclipse IDE Extension
- Maven plugin
- And many more. See the Integrations documentation
Getting started with Snyk CLI
Once you installed the Snyk CLI, you can verify it’s working by running:
See the full Snyk CLI help.
Authenticating Snyk CLI
Snyk CLI depends on Snyk.io APIs. Connect your Snyk CLI with Snyk.io by running:
Setting up language support
Depending on your project’s language, you might need to setup your language environment before using Snyk.
Scanning your project
If you are already in a folder with a supported project, start by running:
Or scan a Docker image by its tag with Snyk Container:
snyk container test ubuntu:18.04
Or a k8s file:
snyk iac test /path/to/kubernetes_file.yaml
Monitoring your project
Snyk can also monitor your project periodically and alert you for new vulnerabilities. The
snyk monitor is similar to
snyk test and can be used to create a project on the Snyk website that will be continuously monitored for new vulnerabilities.
Monitoring /project (project-name)...
Explore this snapshot at https://app.snyk.io/org/my-org/project/29361c2c-9005-4692-8df4-88f1c040fa7c/history/e1c994b3-de5d-482b-9281-eab4236c851e
Notifications about newly disclosed issues related to these dependencies will be emailed to you.
Add Snyk to your CI/CD
Snyk is really powerful when you are continuously scanning and monitoring your projects for vulnerabilities.
Use one of our integrations to stay secure.
You can authorize Snyk CLI in your CI/CD programatically:
Using a SNYK_TOKEN envvar (preferred)
SNYK_TOKEN=<SNYK_API_TOKEN> snyk test
Or using a Snyk auth command
snyk auth <SNYK_API_TOKEN>
More flags and options to try
Here are some flags that you might find useful:
Only report vulnerabilities of provided level or higher.
Prints results in JSON format.
Auto-detect all projects in working directory
See all the available commands and options by running
or get help for a specific command like
snyk iac --help
snyk code --help