diff --git a/help/cli-commands/README.md b/help/cli-commands/README.md index 3f6795407d9..ccf66d05cd9 100644 --- a/help/cli-commands/README.md +++ b/help/cli-commands/README.md @@ -14,7 +14,7 @@ For details see the [CLI documentation](https://docs.snyk.io/features/snyk-cli) ## Available commands -To learn more about each Snyk CLI command, use the `--help` option, for example, `snyk auth --help` or `snyk container --help` +To learn more about each Snyk CLI command, use the `--help` option, for example, `snyk auth --help`. **Note:** The help on the docs site is the same as the `--help` in the CLI. diff --git a/help/cli-commands/code-test.md b/help/cli-commands/code-test.md new file mode 100644 index 00000000000..0373bc2a547 --- /dev/null +++ b/help/cli-commands/code-test.md @@ -0,0 +1,78 @@ +# Code test + +## Usage + +`snyk code test [] []` + +## Description + +The `snyk code test` command tests for any known security issues using Static Code Analysis. + +For more information see [Using Snyk Code via the CLI](../../products/snyk-code/cli-for-snyk-code/). + +For instructions on ignoring issues with `snyk code test` see [Excluding directories and files from the Snyk Code CLI test](../../products/snyk-code/cli-for-snyk-code/excluding-directories-and-files-from-the-snyk-code-cli-test.md). + +## Exit codes + +Possible exit codes and their meaning: + +**0**: success, no vulnerabilities found\ +**1**: action_needed, vulnerabilities found\ +**2**: failure, try to re-run command\ +**3**: failure, no supported projects detected + +## Configure the Snyk CLI + +You can use environment variables to configure the Snyk CLI and set variables for connecting with the Snyk API; see [Configure the Snyk CLI](https://docs.snyk.io/features/snyk-cli/configure-the-snyk-cli) + +## Debug + +Use the `-d` option to output the debug logs. + +## Options for the code test subcommand + +### `--org=` + +Specify the ``to run Snyk commands tied to a specific organization. The `` influences private test limits. + +If you have multiple organizations, you can set a default from the CLI using: + +`$ snyk config set org=` + +Set a default to ensure all newly tested projects are tested under your default organization. If you need to override the default, use the `--org=` option. + +Default: `` that is the current preferred organization in your [Account settings](https://app.snyk.io/account) + +Note that you can also use `--org=`. The `ORG_ID` works in both the CLI and the API. The organization slug name works in the CLI, but not in the API. + +For more information see the article [How to select the organization to use in the CLI](https://support.snyk.io/hc/en-us/articles/360000920738-How-to-select-the-organization-to-use-in-the-CLI) + +### `--json` + +Print results on the console as a JSON data structure. + +Example: `$ snyk code test --json` + +### `--json-file-output=` + +Save test output as a JSON data structure directly to the specified file, regardless of whether or not you use the `--json` option. + +Use to display the human-readable test output using stdout and at the same time save the JSON data structure output to a file. If no issues are found, an output file is not created. + +Example: `$ snyk code test --json-file-output=vuln.json` + +### `--sarif` + +Return results in SARIF format. + +Example: `$ snyk code --sarif` + +### `--sarif-file-output=` + +Save test output in SARIF format directly to the \ file, regardless of whether or not you use the `--sarif` option. + +Use to display the human-readable test output using stdout and at the same time save the SARIF format output to a file. + +### `--severity-threshold=` + +Report only vulnerabilities at the specified level or higher. Note that the Snyk Code configuration issues do not currently use the `critical` severity level. diff --git a/help/cli-commands/code.md b/help/cli-commands/code.md index 8580643ae09..3e521c44b71 100644 --- a/help/cli-commands/code.md +++ b/help/cli-commands/code.md @@ -2,7 +2,7 @@ ## Usage -`snyk code [] [] []` +`snyk code [] [] []` ## Description @@ -10,71 +10,8 @@ The `snyk code` command finds security issues using Static Code Analysis. For more information see [CLI for Snyk Code](https://docs.snyk.io/snyk-code/cli-for-snyk-code) -## Subcommand: `test` +## `snyk code` command and the help docs -Test for any known issue. +The `snyk code` command is identified here with the help options: -## Exit codes - -Possible exit codes and their meaning: - -**0**: success, no vulnerabilities found\ -**1**: action_needed, vulnerabilities found\ -**2**: failure, try to re-run command\ -**3**: failure, no supported projects detected - -## Configure the Snyk CLI - -You can use environment variables to configure the Snyk CLI and set variables for connecting with the Snyk API; see [Configure the Snyk CLI](https://docs.snyk.io/features/snyk-cli/configure-the-snyk-cli) - -## Debug - -Use the `-d` option to output the debug logs. - -## Options for the code test subcommand - -### `--org=` - -Specify the ``to run Snyk commands tied to a specific organization. The `` influences private test limits. - -If you have multiple organizations, you can set a default from the CLI using: - -`$ snyk config set org=` - -Set a default to ensure all newly tested projects are tested under your default organization. If you need to override the default, use the `--org=` option. - -Default: `` that is the current preferred organization in your [Account settings](https://app.snyk.io/account) - -Note that you can also use `--org=`. The `ORG_ID` works in both the CLI and the API. The organization slug name works in the CLI, but not in the API. - -For more information see the article [How to select the organization to use in the CLI](https://support.snyk.io/hc/en-us/articles/360000920738-How-to-select-the-organization-to-use-in-the-CLI) - -### `--json` - -Print results in JSON format. - -Example: `$ snyk code test --json` - -### `--json-file-output=` - -Save test output in JSON format directly to the specified file, regardless of whether or not you use the `--json` option. - -This is useful if you want to display the human-readable test output using stdout and at the same time save the JSON format output to a file. - -Example: `$ snyk code test --json-file-output=vuln.json` - -### `--sarif` - -Return results in SARIF format. - -Example: `$ snyk code --sarif` - -### `--sarif-file-output=` - -Save test output in SARIF format directly to the \ file, regardless of whether or not you use the `--sarif` option. - -This is especially useful if you want to display the human-readable test output using stdout and at the same time save the SARIF format output to a file. - -### `--severity-threshold=` - -Report only vulnerabilities at the specified level or higher. Note that the Snyk Code configuration issues do not currently use the `critical` severity level. +``[`code test`](code-test.md); `code test --help`: tests for any known security issues using Static Code Analysis diff --git a/help/cli-commands/container-monitor.md b/help/cli-commands/container-monitor.md index d4ab3faff60..ef3ad1e3c24 100644 --- a/help/cli-commands/container-monitor.md +++ b/help/cli-commands/container-monitor.md @@ -60,10 +60,12 @@ Manually pass a path to a `.snyk` policy file. ### `--json` -Print results in JSON format, useful for integrating with other tools +Print results on the console as a JSON data structure. Example: `$ snyk container test --json` +Note: If you use an option that sets project attributes and your role lacks permission to edit project attributes the `monitor` command fails. For instructions on how to proceed see [Editing project attributes from the Snyk CLI](https://docs.snyk.io/features/user-and-group-management/managing-users-and-permissions/managing-permissions#editing-project-attributes-from-the-snyk-cli) + ### `--project-environment=[,]...>` Set the project environment to one or more values (comma-separated). To clear the project environment set `--project-environment=` @@ -98,7 +100,7 @@ To clear the project tags set `--project-tags=` ### `--tags=[,]...>` -This is an alias for `--project tags` +This is an alias for `--project-tags` ### `--app-vulns` @@ -108,6 +110,14 @@ In CLI version 1.962.0 and higher, use the `--app-vulns` option with the the `-- For more information see [Detecting application vulnerabilities in container images](https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/detecting-application-vulnerabilities-in-container-images) +### `--exclude-app-vulns` + +Allow disabling scans for app vulnerabilities in advance of `app-vulns` being enabled by default. + +Cannot be used with `--app-vulns`. + +For more information see [Detecting application vulnerabilities in container images](https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/detecting-application-vulnerabilities-in-container-images) + ### `--nested-jars-depth` When using `--app-vulns` use the `--nested-jars-depth` option to set how many levels of nested jars Snyk is to unpack. Depth must be a number. diff --git a/help/cli-commands/container-test.md b/help/cli-commands/container-test.md index 75c7e177f49..3c55325ac8d 100644 --- a/help/cli-commands/container-test.md +++ b/help/cli-commands/container-test.md @@ -65,15 +65,15 @@ Manually pass a path to a `.snyk` policy file. ### `--json` -Print results in JSON format, useful for integrating with other tools +Print results ion the console as a JSON data structure. Example: `$ snyk container test --json` ### `--json-file-output=` -Save test output in JSON format directly to the specified file, regardless of whether or not you use the `--json` option. +Save test output in JSON format as a JSON data structure directly to the specified file, regardless of whether or not you use the `--json` option. -This is especially useful if you want to display the human-readable test output using stdout and at the same time save the JSON format output to a file. +Use to display the human-readable test output using stdout and at the same time save the JSON data structure output to a file. If no issues are found, an output file is not created. Example: `$ snyk container test --json-file-output=vuln.json` @@ -108,6 +108,14 @@ In CLI version 1.962.0 and higher, use the `--app-vulns` option with the the `-- For more information see [Detecting application vulnerabilities in container images](https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/detecting-application-vulnerabilities-in-container-images) +### `--exclude-app-vulns` + +Allow disabling scans for app vulnerabilities in advance of `app-vulns` being enabled by default. + +Cannot be used with`--app-vulns`. + +For more information see [Detecting application vulnerabilities in container images](https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/detecting-application-vulnerabilities-in-container-images) + ### `--nested-jars-depth` When using `--app-vulns` use the `--nested-jars-depth` option to set how many levels of nested jars Snyk is to unpack. Depth must be a number. diff --git a/help/cli-commands/iac-describe.md b/help/cli-commands/iac-describe.md index 87604e69f9b..f6442d4ca66 100644 --- a/help/cli-commands/iac-describe.md +++ b/help/cli-commands/iac-describe.md @@ -166,7 +166,7 @@ Output only the scan result to stdout. ### `--json` -Output the report as JSON to stdout. +Output the report as a JSON data structure to stdout. ### `--html` diff --git a/help/cli-commands/iac-test.md b/help/cli-commands/iac-test.md index 10fc6a6be15..be4fd791ab7 100644 --- a/help/cli-commands/iac-test.md +++ b/help/cli-commands/iac-test.md @@ -65,15 +65,15 @@ Manually pass a path to a `.snyk` policy file. ### `--json` -Print results in JSON format. +Print results on the console as a JSON data structure. Example: `$ snyk iac test --json` ### `--json-file-output=` -Save test output in JSON format directly to the specified file, regardless of whether or not you use the `--json` option. +Save test output as a JSON data structure directly to the specified file, regardless of whether or not you use the `--json` option. -This is especially useful if you want to display the human-readable test output using stdout and at the same time save the JSON format output to a file. +Use to display the human-readable test output using stdout and at the same time save the JSON data structure output to a file. If no issues are found, an output file is not created. Example: `$ snyk iac test --json-file-output=vuln.json` @@ -87,6 +87,8 @@ Save test output in SARIF format directly to the \ file, regar This is especially useful if you want to display the human-readable test output using stdout and at the same time save the SARIF format output to a file. +Note: If you use an option that sets project attributes and your role lacks permission to edit project attributes the `iac test` command fails. For instructions on how to proceed see [Editing project attributes from the Snyk CLI](https://docs.snyk.io/features/user-and-group-management/managing-users-and-permissions/managing-permissions#editing-project-attributes-from-the-snyk-cli) + ### `--project-business-criticality=[,]...>` This can be used in combination with the `--report` option. @@ -97,6 +99,8 @@ Allowed values: `critical, high, medium, low` For more information see [Project attributes](https://docs.snyk.io/getting-started/introduction-to-snyk-projects/view-project-information/project-attributes) +This option is not supported for Integrated IaC (Limited Availability). + ### `--project-environment=[,]...>` This can be used in combination with the `--report` option. @@ -107,6 +111,8 @@ Allowed values: `frontend`, `backend`, `internal`, `external`, `mobile`, `saas`, For more information see [Project attributes](https://docs.snyk.io/getting-started/introduction-to-snyk-projects/view-project-information/project-attributes) +This option is not supported for Integrated IaC (Limited Availability). + ### `--project-lifecycle=[,]...>` This can be used in combination with the `--report` option. @@ -117,6 +123,8 @@ Allowed values: `production`, `development`, `sandbox` For more information see [Project attributes](https://docs.snyk.io/getting-started/introduction-to-snyk-projects/view-project-information/project-attributes) +This option is not supported for Integrated IaC (Limited Availability). + ### `--project-tags=[,]...>` This can be used in combination with the `--report` option. @@ -127,6 +135,8 @@ Example: `--project-tags=department=finance,team=alpha` To clear the project tags set `--project-tags=` +This option is not supported for Integrated IaC (Limited Availability). + ### `--remote-repo-url=` This can be used in combination with the `--report` option. @@ -147,7 +157,7 @@ Note: This option cannot be used in combination with the `--rules` option. Use this dedicated option for Custom Rules scanning to enable the IaC scans to use a custom rules bundle generated with the `snyk-iac-rules` SDK. See [`snyk-iac-rules` SDK](https://github.com/snyk/snyk-iac-rules#readme) -This option cannot be used if the custom rules settings were configured with the Snyk UI. Default: If the `--rules` flag is not specified, scan the configuration files using the internal Snyk rules only. +This option cannot be used if the custom rules settings were configured with the Snyk UI. Default: If the `--rules` option is not specified, scan the configuration files using the internal Snyk rules only. Example: Scan the configuration files using custom rules and internal Snyk rules. @@ -155,6 +165,8 @@ Example: Scan the configuration files using custom rules and internal Snyk rules Note: This option can not be used in combination with the `--report` option. +This option is not supported for Integrated IaC (Limited Availability). + ### `--severity-threshold=` Report only vulnerabilities at the specified level or higher. @@ -172,7 +184,7 @@ This can be used in combination with the `--report` option. Set or override the project name for the repository. -Note: This flag will supersede the `--remote-repo-url`, if used together. +Note: This option supersedes`--remote-repo-url`, if both options are used together. ### `--target-reference=` diff --git a/help/cli-commands/ignore.md b/help/cli-commands/ignore.md index 51d73025cb7..8599026d280 100644 --- a/help/cli-commands/ignore.md +++ b/help/cli-commands/ignore.md @@ -6,7 +6,7 @@ OR -`snyk ignore [--expiry=] [--reason=] [--policy-path=] --file-path=] [OPTIONS]` +`snyk ignore [--expiry=] [--reason=] [--policy-path=] [--file-path=] [OPTIONS]` ## Description diff --git a/help/cli-commands/monitor.md b/help/cli-commands/monitor.md index 1beacc1dbc3..a20e37bf132 100644 --- a/help/cli-commands/monitor.md +++ b/help/cli-commands/monitor.md @@ -64,7 +64,7 @@ Can be used with `--all-projects` and `--yarn-workspaces` to indicate directory Example: `$ snyk test --all-projects --exclude=dir1,file2` -This will exclude any directories and files named "dir1" and "file2" when scanning for project manifest files. Such as: "./dir1", "./src/dir1", "./file2", "./src/file2", and so on. +This will exclude any directories and files named `dir1` and `file2` when scanning for project manifest files such as: `./dir1`, `./src/dir1`, `./file2`, `./src/file2` and so on. ### `--prune-repeated-subdependencies`, `-p` @@ -148,7 +148,9 @@ Manually pass a path to a `.snyk` policy file. ### `--json` -Print results in JSON format. +Print results on the console as a JSON data structure. + +Note: If you use an option that sets project attributes and your role lacks permission to edit project attributes the `monitor` command fails. For instructions on how to proceed see [Editing project attributes from the Snyk CLI](https://docs.snyk.io/features/user-and-group-management/managing-users-and-permissions/managing-permissions#editing-project-attributes-from-the-snyk-cli) ### `--project-environment=[,]...>` @@ -302,19 +304,13 @@ The following `snyk monitor` options can be used with `--unmanaged` as documente There are also special options. -### `--target-dir` - -Scan the path specified in the argument instead of the current directory. - -Alternatively, run `snyk test --unmanaged` - ### `--max-depth` Specify the maximum level of archive extraction. Usage: `--max-depth=1` -Use 0 to disable archive extraction completely. +Use 0 (zero, the default) to disable archive extraction completely. ### `--print-dep-paths` diff --git a/help/cli-commands/test.md b/help/cli-commands/test.md index 6097cd69b4b..2b02a1f11dd 100644 --- a/help/cli-commands/test.md +++ b/help/cli-commands/test.md @@ -59,7 +59,7 @@ Can be used with `--all-projects` and `--yarn-workspaces` to indicate directory Example: `$ snyk test --all-projects --exclude=dir1,file2` -This will exclude any directories and files named "dir1" and "file2" when scanning for project manifest files. Such as: "./dir1", "./src/dir1", "./file2", "./src/file2", and so on. +This will exclude any directories and files named `dir1` and `file2` when scanning for project manifest files such as: `./dir1`, `./src/dir1`, `./file2`, `./src/file2` and so on. ### `--prune-repeated-subdependencies`, `-p` @@ -149,15 +149,15 @@ Manually pass a path to a `.snyk` policy file. ### `--json` -Print results in JSON format. +Print results on the console as a JSON data structure. Example: `$ snyk test --json` ### `--json-file-output=` -Save test output in JSON format directly to the specified file, regardless of whether or not you use the `--json` option. +Save test output as a JSON data structure directly to the specified file, regardless of whether or not you use the `--json` option. -This is useful if you want to display the human-readable test output using stdout and at the same time save the JSON format output to a file. +Use to display the human-readable test output using stdout and at the same time save the JSON data structure output to a file. If no issues are found, an output file is not created. Example: `$ snyk test --json-file-output=vuln.json` @@ -193,9 +193,9 @@ For more information about Maven CLI options see [Snyk for Java and Kotlin](http Use `--maven-aggregate-project` instead of `--all-projects` when scanning Maven aggregate projects, that is, ones that use modules and inheritance. -When scanning these types of projects, Snyk performs a compile to ensure all modules are resolvable by the Maven reactor. +When scanning these types of projects, Snyk performs a compile to ensure all modules are resolvable by the Maven reactor. -Be sure to run the scan in the same directory as the root pom.xml file. +Be sure to run the scan in the same directory as the root pom.xml file. Snyk reports test results per pom.xml file. @@ -229,7 +229,7 @@ Select certain values of configuration attributes to install dependencies and pe Example: `buildtype:release,usage:java-runtime` -### `--init-script=` Use for projects that contain a Gradle initialization script. @@ -313,19 +313,13 @@ The following standard `snyk test` options can be used with `--unmanaged` as doc There are also special options as follows. -### `--target-dir` - -Scan the path specified in the argument instead of the current directory. - -Alternatively, run `snyk test --unmanaged` - ### `--max-depth` Specify the maximum level of archive extraction. -Usage: `--max-depth=1` +Usage: `--max-depth=1` -Use 0 to disable archive extraction completely. +Use 0 (zero, the default) to disable archive extraction completely. ### `--print-dep-paths`