UNPKG

snyk

Version:

snyk library and cli utility

github.com/snyk/snyk

snyk/snyk

278 lines (178 loc) โ€ข 8.89 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
<p align="center"> <img src="https://snyk.io/style/asset/logo/snyk-print.svg" /> </p> # Snyk CLI [Snyk](https://snyk.io) scans and monitors your projects for security vulnerabilities. ![Snyk CLI screenshot](help/snyk-cli-screenshot.png) # What is [Snyk](https://snyk.io)? [Snyk](https://snyk.io) is a developer-first cloud-native security tool. It covers multiple areas of application security: 1. [**Snyk Open Source**](https://snyk.io/product/open-source-security-management/): Find and automatically fix open source vulnerabilities 2. [**Snyk Code**](https://snyk.io/product/snyk-code/): Find and fix vulnerabilities in your application code in real time 3. [**Snyk Container**](https://snyk.io/product/container-vulnerability-management/): Find and fix vulnerabilities in container images and Kubernetes applications 4. [**Snyk Infrastructure as Code**](https://snyk.io/product/infrastructure-as-code-security/): Find and fix insecure configurations in Terraform and Kubernetes code [Learn more about what Snyk can do and sign up for a free account ยป](https://snyk.io) # What is Snyk CLI? Snyk CLI brings the functionality of [Snyk](https://snyk.io) into your development workflow. It can be run locally or in your CI/CD pipeline to scan your projects for security issues. ## Supported languages and tools Snyk supports many languages and tools, including Java, .NET, JavaScript, Python, Golang, PHP, C/C++, Ruby, Scala and more. See our [Language Support documentation](https://support.snyk.io/hc/en-us/articles/360020352437-Language-support-summary). CLI also supports [Docker scanning](https://support.snyk.io/hc/en-us/articles/360003946897-Snyk-Container-security-overview) and [Terraform, k8s and other Infrastructure as Code files scanning](https://support.snyk.io/hc/en-us/categories/360001342678-Infrastructure-as-code). --- # Install Snyk CLI Snyk CLI can be installed through multiple channels. ## Install with npm or Yarn [Snyk CLI is available as an npm package](https://www.npmjs.com/package/snyk). If you have Node.js installed locally, you can install it by running: ```bash npm install snyk@latest -g ``` or if you are using Yarn: ```bash yarn global add snyk ``` ## More installation methods <details> <summary>Standalone executables (macOS, Linux, Windows)</summary> ### Standalone executables Use [GitHub Releases](https://github.com/snyk/snyk/releases) to download a standalone executable of Snyk CLI for your platform. We also provide these standalone executables on our official CDN. See [the `release.json` file](https://static.snyk.io/cli/latest/release.json) for the download links: ```http https://static.snyk.io/cli/latest/release.json # Or for specific version or platform https://static.snyk.io/cli/v1.666.0/release.json https://static.snyk.io/cli/latest/snyk-macos ``` For example, to download and run the latest Snyk CLI on macOS, you could run: ```bash curl https://static.snyk.io/cli/latest/snyk-macos -o snyk chmod +x ./snyk mv ./snyk /usr/local/bin/ ``` You can also use these direct links to download the executables: - macOS: https://static.snyk.io/cli/latest/snyk-macos - Windows: https://static.snyk.io/cli/latest/snyk-win.exe - Linux: https://static.snyk.io/cli/latest/snyk-linux - Alpine: https://static.snyk.io/cli/latest/snyk-alpine Drawback of this method is, that you will have to manually keep the Snyk CLI up to date. </details> <details> <summary>Install with Homebrew (macOS, Linux)</summary> ### Homebrew Install Snyk CLI from [Snyk tap](https://github.com/snyk/homebrew-tap) with [Homebrew](https://brew.sh) by running: ```bash brew tap snyk/tap brew install snyk ``` </details> <details> <summary>Scoop (Windows)</summary> ### Scoop Install Snyk CLI from our [Snyk bucket](https://github.com/snyk/scoop-snyk) with [Scoop](https://scoop.sh) on Windows: ``` scoop bucket add snyk https://github.com/snyk/scoop-snyk scoop install snyk ``` </details> <details> <summary>Snyk CLI in a Docker image</summary> ### Snyk CLI in a Docker image Snyk CLI can also be run from a Docker image. Snyk offers multiple Docker images under [snyk/snyk-cli](https://hub.docker.com/r/snyk/snyk-cli) and [snyk/snyk](https://hub.docker.com/r/snyk/snyk) ([snyk/images on GitHub](https://github.com/snyk/snyk-images) for more details). These images wrap the Snyk CLI and depending on the Tag come with a relevant tooling for different projects. For example scanning a Gradle project with snyk/snyk-cli: ```bash docker run -it -e "SNYK_TOKEN=<TOKEN>" -e "USER_ID=1234" -v "<PROJECT_DIRECTORY>:/project" -v "/home/user/.gradle:/home/node/.gradle" snyk/snyk-cli:gradle-5.4 test --org=my-org-name ``` </details> ## Install as a part of a Snyk CLI integration Snyk also offers many integrations into developer tooling. These integrations will install and manage the Snyk CLI for you. For example: - [Snyk Jenkins plugin](https://github.com/jenkinsci/snyk-security-scanner-plugin) - [CircleCI Orb](https://github.com/snyk/snyk-orb) - [Azure Pipelines Task](https://github.com/snyk/snyk-azure-pipelines-task) - [GitHub Actions](https://github.com/snyk/actions) - [IntelliJ IDE Plugin](https://github.com/snyk/snyk-intellij-plugin) - [VS Code Extension](https://marketplace.visualstudio.com/items?itemName=snyk-security.snyk-vulnerability-scanner) - [Eclipse IDE Extension](https://github.com/snyk/snyk-eclipse-plugin) - [Maven plugin](https://github.com/snyk/snyk-maven-plugin) - And many more. See [the Integrations documentation](https://support.snyk.io/hc/en-us/categories/360000598398-Integrations) <p align="center"> <a href="https://support.snyk.io/hc/en-us/categories/360000598398-Integrations"> <img src="help/ide.svg" alt="Snyk CLI IDE integration" width="50%" /> </a> </p> --- # Getting started with Snyk CLI Once you installed the Snyk CLI, you can verify it's working by running ```bash snyk --version ``` ## Authorization Snyk CLI depends on [Snyk.io](https://snyk.io) APIs. Connect your Snyk CLI with [Snyk.io](https://snyk.io) by running: ```bash snyk auth ``` ## Scanning your project If you are already in a folder with a supported project, start by running: ```bash snyk test ``` Or scan a Docker image by its tag with [Snyk Container](https://snyk.io/product/container-vulnerability-management/): ```bash snyk container test ubuntu:18.04 ``` Or a k8s file: ```bash snyk iac test /path/to/kubernetes_file.yaml ``` ## Monitoring your project Snyk can also monitor your project periodically and alert you for new vulnerabilities. The `snyk monitor` is similar to `snyk test` and can be used to create a project on the Snyk website that will be continuously monitored for new vulnerabilities. <p align="center"> <a href="https://snyk.io"> <img src="help/monitor.svg" alt="Snyk CLI monitor projects" width="70%" /> </a> </p> ``` > snyk monitor Monitoring /project (project-name)... Explore this snapshot at https://app.snyk.io/org/my-org/project/29361c2c-9005-4692-8df4-88f1c040fa7c/history/e1c994b3-de5d-482b-9281-eab4236c851e Notifications about newly disclosed issues related to these dependencies will be emailed to you. ``` ### Add Snyk to your CI/CD Snyk is really powerful when you are continuously scanning and monitoring your projects for vulnerabilities. Use one of [our integrations](#install-as-a-part-of-a-snyk-cli-integration) to stay secure. You can authorize Snyk CLI in your CI/CD programatically: ```bash # Using a SNYK_TOKEN envvar (preferred) SNYK_TOKEN=<SNYK_API_TOKEN> snyk test # Or using a Snyk auth command snyk auth <SNYK_API_TOKEN> snyk test ``` ## More flags and options to try Here are some flags that you might find useful: - `--severity-threshold=low|medium|high|critical` Only report vulnerabilities of provided level or higher. - `--json` Prints results in JSON format. - `--all-projects` Auto-detect all projects in working directory See all the available commands and options by running `--help`: ```bash snyk --help # or get help for a specific command like snyk iac --help snyk code --help ``` # Getting support We recommend reaching out via the [support@snyk.io](mailto:support@snyk.io) email whenever you need help with Snyk CLI or Snyk in general. GitHub Issues on any [Snyk project](https://github.com/snyk) are not actively monitored by Snyk support. ## Contributing This project is open source but we don't encourage outside contributors. You may look into [design decisions in the Snyk CLI](help/_about-this-project/README.md). This repository is a monorepo, also covering other projects and tools: - [`@snyk/protect`](packages/snyk-protect): [npm package for `snyk-protect` command](https://www.npmjs.com/package/@snyk/protect) ## Security For any security issues or concerns, please see [SECURITY.md](SECURITY.md) file in this repository. Made with ๐Ÿ’œ by Snyk