Usage: $ snyk [options] [command] [package] The package argument is optional. If no package is given, Snyk will run the command against the current working directory allowing you to test your non-public applications. Commands: auth [api-token] ... Sign into Snyk. test ............... Test for any known vulnerabilities. wizard ............. Configure your policy file to update, auto patch and ignore vulnerabilities in npm & yarn projects. protect ............ Protect your code from vulnerabilities and optionally suppress specific vulnerabilities. Note: Node.js only. monitor ............ Record the state of dependencies and any vulnerabilities on snyk.io. policy ............. Display the Snyk policy for a package. ignore ............. Modifies the .snyk policy to ignore stated issues. For more information run `snyk help ignore`. help [topic] ....... Display detailed help about commands and options. config ............. Manage Snyk's configuration, note that this configuration is stored on your machine and applies to all Snyk CLI calls. Options: --all-projects ..... (test & monitor commands only) Auto detect all projects in working directory. Note gradle is not supported, use --all-sub-projects instead. --detection-depth= (test & monitor commands only) Use with --all-projects to indicate how many sub-directories to search. Defaults to 2 (the current working directory and one sub-directory). --exclude= (test & monitor commands only) Can only be used with --all-projects to indicate sub-directories to exclude. Directories must be comma seperated. If using with --detection-depth exclude ignores directories at any level deep. --dev .............. Include devDependencies (defaults to production only). --file= ...... Sets package file. For more help run `snyk help file`. --org= ... Specify the org machine-name to run Snyk with a specific organization. For more help run `snyk help orgs`. --ignore-policy .... Ignores the current policy in .snyk file, org level ignores and project policy on snyk.io. --trust-policies ... Applies and uses ignore rules from your dependencies's Snyk policies, otherwise ignore policies are only shown as a suggestion. --show-vulnerable-paths= (test command only) Display the dependency paths from the top level dependencies, down to the vulnerable packages. Defaults to "some" (a few example paths). "false" is an alias for "none". Doesn't affect output in JSON mode. --project-name= Specify a custom Snyk project name. --policy-path ...... Manually pass a path to a policy file. --insecure ......... Ignore unknown certificate authorities. --json ............. Return results in JSON format. --dry-run .......... Don't apply updates or patches during protect. --severity-threshold= Only report vulnerabilities of provided level or higher. -q, --quiet ........ Silence all output. -h, --help ......... This help information. -v, --version ...... The CLI version. --print-deps ....... (test and monitor commands only) Print the dependency tree before sending it for analysis. --prune-repeated-subdependencies (test and monitor command only) Prune dependency trees, removing duplicate sub-dependencies. Will still find all vulnerabilities, but potentially not all of the vulnerable paths. --remote-repo-url= (monitor command only) Set or override the remote URL for the repository that you would like to monitor. --fail-on= Only fail when there are vulnerabilities that can be fixed. All fails when there is at least one vulnerability that can be either upgraded or patched. Upgradable fails when there is at least one vulnerability that can be upgraded. Patchable fails when there is at least one vulnerability that can be patched. If vulnerabilities do not have a fix and this option is being used tests will pass. Maven options: --scan-all-unmanaged Autodetects maven jars and wars in given directory. Individual testing can be done with --file= Gradle options: --sub-project= (alias: --gradle-sub-project) For Gradle "multi project" configurations, test a specific sub-project. --all-sub-projects For "multi project" configurations, test all sub-projects. --configuration-matching= Resolve dependencies using only configuration(s) that match the provided Java regular expression, e.g. '^releaseRuntimeClasspath$'. --configuration-attributes= Select certain values of configuration attributes to resolve the dependencies. E.g.: 'buildtype:release,usage:java-runtime' More information: https://snyk.io/docs/cli-advanced-gradle-testing/ .Net (Nuget) options: --assets-project-name When monitoring a .NET project using NuGet PackageReference use the project name in project.assets.json, if found. --packages-folder Custom path to packages folder npm options: --strict-out-of-sync= Prevent testing out of sync lockfiles. Defaults to true. Yarn options: --strict-out-of-sync= Prevent testing out of sync lockfiles. Defaults to true. CocoaPods options: --strict-out-of-sync= Prevent testing out of sync lockfiles. Defaults to false. Python options: --command= Python command to use. The default is 'python' which will execute your systems default python version. Run 'python -V' to find out what version that is. If you are using multiple Python versions, or you aliased your Python command, for example to python2 or python3, use this parameter to specify the correct Python command for execution e.g. `--command=python3`. --skip-unresolved= Allow skipping packages that are not found in the environment. Docker options: --docker ........... Test or monitor a local docker image for Linux vulnerabilities. --file= .... Include the path to the image's Dockerfile for more detailed remediation advice. --exclude-base-image-vulns Exclude from display Docker base image vulnerabilities. Examples: $ snyk test $ snyk test ionic@1.6.5 $ snyk test --show-vulnerable-paths=false $ snyk monitor --org=my-team $ snyk monitor --project-name=my-project $ snyk test --docker ubuntu:18.04 --org=my-team $ snyk test --docker app:latest --file=Dockerfile --policy-path=.snyk Possible exit statuses and their meaning: - 0: success, no vulns found - 1: action_needed, vulns found - 2: failure, try to re-run command Pro tip: use `snyk test` in your test scripts, if a vulnerability is found, the process will exit with a non-zero exit code. For more information see https://snyk.io