Snyk is a developer-first security tool that performs vulnerability scanning for dependencies in various programming languages and platforms. It integrates with the development workflow to detect, prioritize, and fix vulnerabilities in open-source dependencies and containers. Snyk also provides license compliance and security policy enforcement features.
Vulnerability Scanning
Scans the project's dependencies for known vulnerabilities. This command is run in the terminal within the project's directory.
snyk testMonitoring Project
Takes a snapshot of the current state of the project's dependencies and monitors them for newly disclosed vulnerabilities over time. This command is also run in the terminal within the project's directory.
snyk monitorFixing Vulnerabilities
Guides the user through the process of fixing detected vulnerabilities interactively. This command is executed in the terminal and may offer upgrade or patch options for the issues found.
snyk wizardContainer Vulnerability Management
Scans container images for vulnerabilities. Replace <image_name> with the name of the container image you want to test.
snyk container test <image_name>Infrastructure as Code (IaC) Analysis
Analyzes Infrastructure as Code files to find security issues and misconfigurations. This command is used in the terminal where the IaC files are located.
snyk iac testBuilt into the npm CLI, npm-audit provides a similar vulnerability scanning feature for npm packages. It automatically reviews the project's dependencies for known security issues but is limited to the npm ecosystem and does not offer the same breadth of language and platform support as Snyk.
Documentation | Test your project
Snyk helps you find, fix and monitor known vulnerabilities in open source
npm install -g snyk.snyk authFor more detail on how to authenticate take a look at the CLI authentication section of the Snyk documentation.
snyk [options] [command] [package]
Run snyk --help to get a quick overview of all commands or for full details on the CLI read the snyk.io CLI docs.
The package argument is optional. If no package is given, Snyk will run the command against the current working directory allowing you test you non-public applications.
snyk test on a project either as a one off or as part of your CI process.snyk wizard and snyk protect.
snyk wizard walks you through finding and fixing known vulnerabilities in your project. Remediation options include configuring your policy file to update, auto patch and ignore vulnerabilities. (npm only)snyk protect your code from vulnerabilities by applying patches and optionally suppressing specific vulnerabilities.snyk monitor records the state of dependencies and any vulnerabilities on snyk.io so you can be alerted when new vulnerabilities or updates/patches are disclosed that affect your repositories.snyk test as part of your CI to fail tests when vulnerable Node.js or Ruby dependencies are added.Snyk is also provided as a set of Docker images that carry the runtime environment of each package manager. For example, the npm image will carry all of the needed setup to run npm install on the currently running container. Currently there are images for npm, Ruby, Maven, Gradle and SBT.
The images can perform snyk test by default on the specified project which is mounted to the container as a read/write volume, and snyk monitor if the MONITOR environment variable is set when running the docker container. If you want an HTML report for test command (--json is appended automatically). An HTML file called snyk_report.html and a CSS file called snyk_report.css will be generated. The image also writes a file called snyk-res.json for internal use and snyk-error.log for errors that we can look at if something goes wrong.
The following environment variables can be used when running the container on docker:
SNYK_TOKEN - Snyk API token, obtained from https://app.snyk.io/account.USER_ID - [OPTIONAL] Current user ID on the host machine. If not provided will take the user ID of the currently running user inside the container. This is used for CI builds such as Jenkins where we are running with a non-privileged user and want to allow the user to access the mounted project folder.MONITOR - [OPTIONAL] If set, will generate an html report via snyk-to-html and runs snyk monitor after running snyk test.PROJECT_FOLDER - [OPTIONAL] If set, this will cd to the directory inside the mounted project dir to run snyk inside it.ENV_FLAGS - [OPTIONAL] additional environment parameters to pass to snyk test when running the container.TARGET_FILE - [OPTIONAL] additional environment parameters to pass to snyk test & snyk monitor equal to --file option in the cli.Docker images are tagged according to the package manager runtime they include, the package manager version and snyk version. The general format of tags is [snyk-version]-[package-manager]-[package-manager-version] or just [package-manager]-[package-manager-version] if we want to use the latest version of snyk. Please see available tags to see the available options.
[snyk-version] - The version of snyk that is installed in the image, if version is omitted it will use the latest version. [package-manager] - One of the available package managers (e.g: npm, mvn, gradle, etc...). [package-manager-version] - The version of the package manager that is installed inside the image.
Please see the following examples on how to run Snyk inside docker:
See all snyk/snyk-cli npm images
The host project folder will be mounted to /project on the container and will be used to read the dependencies file and write results for CI builds.
Here's an example of running snyk test and snyk monitor in the image (with the latest version of Snyk) for npm:
docker run -it
-e "SNYK_TOKEN=<TOKEN>"
-e "USER_ID=1234"
-e "MONITOR=true"
-v "<PROJECT_DIRECTORY>:/project"
snyk/snyk-cli:npm test --org=my-org-name
See all snyk/snyk-cli rubygems images
The host project folder will be mounted to /project on the container and will be used to read the dependencies file and write results for CI builds.
Here's an example of running snyk test and snyk monitor in the image (with the latest version of Snyk) for RubyGems:
docker run -it
-e "SNYK_TOKEN=<TOKEN>"
-e "USER_ID=1234"
-e "MONITOR=true"
-v "<PROJECT_DIRECTORY>:/project"
snyk/snyk-cli:rubygems test --org=my-org-name
See all snyk/snyk-cli maven images
The host project folder will be mounted to /project on the container and will be used to read the dependencies file and write results for CI builds.
You may also need to mount the local .m2 and .ivy2 folders.
Here's an example of running snyk test and snyk monitor in the image (with the latest version of Snyk) for Maven:
docker run -it
-e "SNYK_TOKEN=<TOKEN>"
-e "USER_ID=1234"
-e "MONITOR=true"
-v "<PROJECT_DIRECTORY>:/project"
-v "/home/user/.m2:/home/node/.m2"
-v "/home/user/.ivy2:/home/node/.ivy2"
snyk/snyk-cli:maven-3.5.4 test --org=my-org-name
See all snyk/snyk-cli sbt images
The host project folder will be mounted to /project on the container and will be used to read the dependencies file and write results for CI builds.
You may also need to mount the local .m2 and .ivy2 folders.
Here are examples of running snyk test and snyk monitor in the image (with the latest version of Snyk) for SBT:
Note: the dependency-tree or sbt-dependency-graph or sbt-coursier (included by default in latest sbt versions) module is required for snyk to process Scala projects.
docker run -it
-e "SNYK_TOKEN=<TOKEN>"
-e "USER_ID=1234"
-e "MONITOR=true"
-v "<PROJECT_DIRECTORY>:/project"
-v "/home/user/.m2:/home/node/.m2"
-v "/home/user/.ivy2:/home/node/.ivy2"
snyk/snyk-cli:sbt-0.13.16 test --org=my-org-name
docker run -it
-e "SNYK_TOKEN=<TOKEN>"
-e "USER_ID=1234"
-e "MONITOR=true"
-v "<PROJECT_DIRECTORY>:/project"
-v "/home/user/.m2:/home/node/.m2"
-v "/home/user/.ivy2:/home/node/.ivy2"
snyk/snyk-cli:sbt-1.0.4 test --org=my-org-name
See all snyk/snyk-cli gradle images
The host project folder will be mounted to /project on the container and will be used to read the dependencies file and write results for CI builds.
You may also need to mount the local .gradle.
Here's an example of running snyk test and snyk monitor in the image (with the latest version of Snyk) for Gradle:
docker run -it
-e "SNYK_TOKEN=<TOKEN>"
-e "USER_ID=1234"
-e "MONITOR=true"
-v "<PROJECT_DIRECTORY>:/project"
-v "/home/user/.gradle:/home/node/.gradle"
snyk/snyk-cli:gradle-2.8 test --org=my-org-name
docker run -it
-e "SNYK_TOKEN=<TOKEN>"
-e "USER_ID=1234"
-e "MONITOR=true"
-v "<PROJECT_DIRECTORY>:/project"
-v "/home/user/.gradle:/home/node/.gradle"
snyk/snyk-cli:gradle-4.4 test --org=my-org-name
docker run -it
-e "SNYK_TOKEN=<TOKEN>"
-e "USER_ID=1234"
-e "MONITOR=true"
-v "<PROJECT_DIRECTORY>:/project"
-v "/home/user/.gradle:/home/node/.gradle"
snyk/snyk-cli:gradle-5.4 test --org=my-org-name
See all snyk/snyk-cli docker images
The host project folder will be mounted to /project on the container and will be used to read the dependencies file and write results for CI builds.
The image being tested is expected to be available locally.
Here's an example of running snyk test and snyk monitor in the image (with the latest version of Snyk) for Docker:
docker run -it
-e "SNYK_TOKEN=<TOKEN>"
-e "USER_ID=1234"
-e "MONITOR=true"
-v "<PROJECT_DIRECTORY>:/project"
-v "/var/run/docker.sock:/var/run/docker.sock"
snyk/snyk-cli:docker test --docker myapp:mytag --file=<DOCKERFILE>
See all snyk/snyk-cli python images
The host project folder will be mounted to /project on the container and will be used to read the dependencies file and write results for CI builds.
Here's an example of running snyk test and snyk monitor in the image (with the latest version of Snyk) for Maven:
docker run -it
-e "SNYK_TOKEN=<TOKEN>"
-e "USER_ID=1234"
-e "MONITOR=true"
-e "TARGET_FILE=setup.py"
-v "<PROJECT_DIRECTORY>:/project"
snyk/snyk-cli:python-3 test --org=my-org-name
docker run -it
-e "SNYK_TOKEN=<TOKEN>"
-e "USER_ID=1234"
-e "MONITOR=true"
-e "TARGET_FILE=Pipfile"
-v "<PROJECT_DIRECTORY>:/project"
snyk/snyk-cli:python-3 test --org=my-org-name
docker run -it
-e "SNYK_TOKEN=<TOKEN>"
-e "USER_ID=1234"
-e "MONITOR=true"
-e "TARGET_FILE=requirement-dev.txt"
-v "<PROJECT_DIRECTORY>:/project"
snyk/snyk-cli:python-3 test --org=my-org-name
Make users feel more confident in using your website by adding your Snyk badge!
[](https://snyk.io/package/npm/snyk)
FAQs
snyk library and cli utility
The npm package snyk receives a total of 177,929 weekly downloads. As such, snyk popularity was classified as popular.
We found that snyk demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
PyPI now supports digital attestations, enhancing security and trust by allowing package maintainers to verify the authenticity of Python packages.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.