UNPKG

snyk

Version:

snyk library and cli utility

github.com/snyk/snyk

snyk/snyk

64 lines (42 loc) 2.31 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
# snyk-container(1) -- Test container images for vulnerabilities ## SYNOPSIS `snyk` `container` \[<COMMAND>\] \[<OPTIONS>\] \[<IMAGE>\] ## DESCRIPTION Find vulnerabilities in your container images. ## COMMANDS - `test`: Test for any known vulnerabilities. - `monitor`: Record the state of dependencies and any vulnerabilities on snyk.io. ## OPTIONS - `--exclude-base-image-vulns`: Exclude from display base image vulnerabilities. - `--file`=<FILE_PATH>: Include the path to the image's Dockerfile for more detailed advice. - `--platform`=<PLATFORM>: For multi-architecture images, specify the platform to test. [linux/amd64, linux/arm64, linux/riscv64, linux/ppc64le, linux/s390x, linux/386, linux/arm/v7 or linux/arm/v6] - `--json`: Prints results in JSON format. - `--json-file-output`=<OUTPUT_FILE_PATH>: (only in `test` command) Save test output in JSON format directly to the specified file, regardless of whether or not you use the `--json` option. This is especially useful if you want to display the human-readable test output via stdout and at the same time save the JSON format output to a file. - `--sarif`: Return results in SARIF format. - `--sarif-file-output`=<OUTPUT_FILE_PATH>: (only in `test` command) Save test output in SARIF format directly to the <OUTPUT_FILE_PATH> file, regardless of whether or not you use the `--sarif` option. This is especially useful if you want to display the human-readable test output via stdout and at the same time save the SARIF format output to a file. - `--print-deps`: Print the dependency tree before sending it for analysis. - `--project-name`=<PROJECT_NAME>: Specify a custom Snyk project name. - `--policy-path`=<PATH_TO_POLICY_FILE>: Manually pass a path to a snyk policy file. - `--severity-threshold`=low|medium|high|critical: Only report vulnerabilities of provided level or higher. - `--username`=<CONTAINER_REGISTRY_USERNAME>: Specify a username to use when connecting to a container registry. This will be ignored in favour of local Docker binary credentials when Docker is present. - `--password`=<CONTAINER_REGISTRY_PASSWORD>: Specify a password to use when connecting to a container registry. This will be ignored in favour of local Docker binary credentials when Docker is present.