snyk 命令

常用示例

说明

Snyk finds and fixes vulnerabilities in code, dependencies, containers, and infrastructure as code. It integrates into development workflows, CI/CD pipelines, and provides continuous monitoring. Dependency testing scans package manifests (package.json, requirements.txt, pom.xml, etc.) against Snyk's vulnerability database. Results show CVEs, severity, and available fixes. Container scanning analyzes Docker images layer by layer, identifying vulnerable packages in base images and application dependencies. Recommendations include secure base image alternatives. Infrastructure as Code testing catches misconfigurations in Terraform, CloudFormation, Kubernetes, and other IaC files before deployment. Issues include security groups, encryption settings, and access controls. Static analysis (code test) finds security issues in source code: injection flaws, hardcoded secrets, and other vulnerabilities. The monitor command creates a snapshot in Snyk's service for ongoing vulnerability alerting as new CVEs are discovered.

参数

test

Test project for vulnerabilities.

monitor

Record project snapshot for monitoring.

container test _IMAGE_

Test container image.

container monitor _IMAGE_

Monitor container image.

iac test _PATH_

Test Infrastructure as Code.

code test

Test source code (SAST).

auth _TOKEN_

Authenticate with Snyk.

ignore

Ignore an issue.

wizard

Interactive remediation.

fix

Apply remediation to fix vulnerabilities.

sbom

Generate a Software Bill of Materials (SBOM).

policy

Manage .snyk policy file.

--file _FILE_

Manifest file to test.

--severity-threshold _LEVEL_

Only report: low, medium, high, critical.

--json

Output as JSON.

--sarif

Output as SARIF.

--all-projects

Test all projects in directory.

--dev

Include dev dependencies in the scan.

--fail-on _TYPE_

Fail on: all, upgradable, patchable.

--prune-repeated-subdependencies

Prune repeated dependencies.

-d, --debug

Debug output.

--org _ORG_

Specify organization.