Snyk CLI Cheat Sheet
Secure projects in your terminal with the Snyk CLI
Automatically find and fix vulnerabilities locally and in your CI/CD pipelines with the Snyk CLI.
Security in 3 simple commands
1. Authenticate with Snyk
Run snyk auth
to associate the Snyk CLI with your Snyk account.
2. Find & fix vulnerabilities
Run snyk test
to find vulnerabilities and get actionable fix advice.
3. Monitor continuously
Run snyk monitor
to continuously monitor your projects for OS vulns and license issues.
Coverage throughout the SDLC with the Snyk CLI
From your first line of code to deployment, the Snyk CLI provides a comprehensive security coverage of your entire application ecosystem. Simply configure, command, and go.
Extensive language support
Get started with the Snyk CLI
Install the Snyk CLI to find and fix vulnerabilities in your local projects and pipelines.
Additional resources
FAQ
The Snyk CLI supports Snyk Code, Snyk Open Source, Snyk Container (including Docker scanning), and Snyk Infrastructure as Code (including Terraform and Kubernetes scanning).
Snyk CLI scanning supports many languages and tools, including Java, JavaScript, Python, PHP, Ruby, .NET, Go, C/C++, Bazel, Elixir, Swift, TypeScript, Scala, and Apex. See the Docs for more details on Snyk’s support for languages and environments.
Install the Snyk CLI using either npm, Homebrew, Scoop, or by downloading a specific binary from GitHub.
npm install snyk -g
brew tap snyk/tap && brew install snyk
scoop bucket add snyk https://github.com/snyk/scoop-snyk
scoop install snyk
Once you’ve installed the CLI, you have to authenticate with your Snyk account. When you call snyk auth
the browser reroutes to the signup or sign-in page where you can authenticate or signup. Alternatively, for CI testing, we recommend creating an environment variable called SNYK_TOKEN.
Run the following commands to scan for vulnerabilities in your projects:
snyk test
- Scan for open source vulnerabilities and license issues.
snyk code test
- Scan for code vulnerabilities using static code analysis.
snyk container test
- Scan for container image vulnerabilities.
snyk iac test
- Scan for infrastructure as code vulnerabilities and misconfigurations.
Snyk provides actionable fix advice for scan results when available. snyk fix
is available in beta for Python projects to apply the recommended updates automatically.
Run the command snyk ignore
to modify the .snyk policy to ignore stated issues.
The snyk monitor
command takes a snapshot of your project and uploads the results to the Snyk. When any new vulnerabilities or new remediation paths that your project benefits from are found, it will be sent to you as an alert via your chosen communication channel.
In your CI-pipeline, running snyk test
when building the binary directly shows if your project contains vulnerabilities. If you like, you can even fail your build to prevent vulnerabilities to being introduced further downstream". You can run snyk monitor
to create a snapshot and monitor for new vulnerabilities over time. Read the Docs to learn more about Snyk CI/CD deployment options.