Snyk CLI

Secure projects in your terminal with the Snyk CLI

Automatically find and fix vulnerabilities locally and in your CI/CD pipelines with the Snyk CLI.

npm install snyk -g

Security in 3 simple commands

1. Authenticate with Snyk

Run snyk auth to associate the Snyk CLI with your Snyk account.

2. Find & fix vulnerabilities

Run snyk test to find vulnerabilities and get actionable fix advice. 

3. Monitor continuously

Run snyk monitor to continuously monitor your projects for OS vulns and license issues.

Coverage throughout the SDLC with the Snyk CLI

From your first line of code to deployment, the Snyk CLI provides a comprehensive security coverage of your entire application ecosystem. Simply configure, command, and go.

Extensive language support

FAQ

Which Snyk products does the Snyk CLI support?

The Snyk CLI supports Snyk Code, Snyk Open Source, Snyk Container (including Docker scanning), and Snyk Infrastructure as Code (including Terraform and Kubernetes scanning). 

What languages does the Snyk CLI support?

Snyk CLI scanning supports many languages and tools, including Java, JavaScript, Python, PHP, Ruby, .NET, Go, C/C++, Bazel, Elixir, Swift, TypeScript, Scala, and Apex. See the Docs for more details on Snyk’s support for languages and environments.

How do I install and authenticate the Snyk CLI?

Install the Snyk CLI using either npm, Homebrew, Scoop, or by downloading a specific binary from GitHub.

npm install snyk -g

brew tap snyk/tap && brew install snyk 

scoop bucket add snyk https://github.com/snyk/scoop-snyk

scoop install snyk

Once you’ve installed the CLI, you have to authenticate with your Snyk account. When you call snyk auth the browser reroutes to the signup or sign-in page where you can authenticate or signup. Alternatively, for CI testing, we recommend creating an environment variable called SNYK_TOKEN.

How do I run a vulnerability scan with the Snyk CLI?

Run the following commands to scan for vulnerabilities in your projects: 

snyk test - Scan for open source vulnerabilities and license issues. 

snyk code test - Scan for code vulnerabilities using static code analysis. 

snyk container test - Scan for container image vulnerabilities.

snyk iac test - Scan for infrastructure as code vulnerabilities and misconfigurations

How do I fix vulnerabilities with the Snyk CLI?

Snyk provides actionable fix advice for scan results when available. snyk fix is available in beta for Python projects to apply the recommended updates automatically.

How do I ignore an issue in a scan result?

Run the command snyk ignore to modify the .snyk policy to ignore stated issues. 

How do I monitor my projects for new vulnerabilities?

The snyk monitor command takes a snapshot of your project and uploads the results to the Snyk. When any new vulnerabilities or new remediation paths that your project benefits from are found, it will be sent to you as an alert via your chosen communication channel.

How does Snyk secure CI/CD pipelines?

In your CI-pipeline, running snyk test when building the binary directly shows if your project contains vulnerabilities. If you like, you can even fail your build to prevent vulnerabilities to being introduced further downstream". You can run snyk monitor to create a snapshot and monitor for new vulnerabilities over time. Read the Docs to learn more about Snyk CI/CD deployment options.

Patch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo Segment

Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer’s toolkit.

Start freeBook a live demo