UNPKG

snyk

Version:

snyk library and cli utility

github.com/snyk/snyk

snyk/snyk

79 lines (41 loc) 2.89 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
# Code test ## Usage `snyk code test [<OPTIONS>] [<PATH>]` ## Description The `snyk code test` command tests source code for any known security issues (Static Application Security Testing). ## Exit codes Possible exit codes and their meaning: **0**: success (scan completed), no vulnerabilities found\ **1**: action_needed (scan completed), vulnerabilities found\ **2**: failure, try to re-run the command. Use `-d` to output the debug logs.\ **3**: failure, no supported projects detected ## Configure the Snyk CLI ## Debug Use the `-d` option to output the debug logs. ## Options ### `--org=<ORG_ID>` Specify the `<ORG_ID>`to run Snyk commands tied to a specific Snyk Organization. The `<ORG_ID>` influences private test limits. If you have multiple Organizations, you can set a default from the CLI using: `$ snyk config set org=<ORG_ID>` Set a default to ensure all newly tested projects are tested under your default Organization. If you need to override the default, use the `--org=<ORG_ID>` option. Default: `<ORG_ID>` that is the current preferred Organization in your [Account settings](https://app.snyk.io/account) **Note:** You can also use `--org=<orgslugname>.` The `ORG_ID` works in both the CLI and the API. The Organization slug name works in the CLI, but not in the API. `orgslugname` must match the slug name as displayed in the URL of your org in the Snyk UI: `https://app.snyk.io/org/[orgslugname]`. The orgname does not work. For more information see the article [How to select the Organization to use in the CLI](https://docs.snyk.io/snyk-cli/scan-and-maintain-projects-using-the-cli/how-to-select-the-organization-to-use-in-the-cli) ### `--json` Print results on the console as a JSON data structure. Example: `$ snyk code test --json` ### `--json-file-output=<OUTPUT_FILE_PATH>` Save test output as a JSON data structure directly to the specified file, regardless of whether or not you use the `--json` option. Use to display the human-readable test output using stdout and, at the same time, save the JSON data structure output to a file. For SAST, if no issues are found, Snyk does not create a `json` file. In contrast, for open-source, Snyk creates a file whether or not issues are found. Example: `$ snyk code test --json-file-output=vuln.json` ### `--sarif` Return results in SARIF format. Example: `$ snyk code test --sarif` ### `--sarif-file-output=<OUTPUT_FILE_PATH>` Save test output in SARIF format directly to the \<OUTPUT_FILE_PATH> file, regardless of whether or not you use the `--sarif` option. Use to display the human-readable test output using stdout and, at the same time, save the SARIF format output to a file. ### `--severity-threshold=<low|medium|high>` Report only vulnerabilities at the specified level or higher. **Note**: The Snyk Code configuration issues do not use the `critical` severity level.