Edit File: snyk-container.md
# snyk container -- Test container images for vulnerabilities ## Usage `snyk container <COMMAND> [<OPTIONS>] [<IMAGE>]` ## Description Find vulnerabilities in your container images. ## Commands ### `test` Test for any known vulnerabilities. ### `monitor` Record the state of dependencies and any vulnerabilities on snyk.io. ## Options ### `--exclude-base-image-vulns` Exclude from display base image vulnerabilities. ### `--file=<FILE_PATH>` Include the path to the image's Dockerfile for more detailed advice. ### `--platform=<PLATFORM>` For multi-architecture images, specify the platform to test. [linux/amd64, linux/arm64, linux/riscv64, linux/ppc64le, linux/s390x, linux/386, linux/arm/v7 or linux/arm/v6] ### `--json` Prints results in JSON format. ### `--json-file-output=<OUTPUT_FILE_PATH>` (only in `test` command) Save test output in JSON format directly to the specified file, regardless of whether or not you use the `--json` option. This is especially useful if you want to display the human-readable test output via stdout and at the same time save the JSON format output to a file. ### `--sarif` Return results in SARIF format. ### `--sarif-file-output=<OUTPUT_FILE_PATH>` (only in `test` command) Save test output in SARIF format directly to the `<OUTPUT_FILE_PATH>` file, regardless of whether or not you use the `--sarif` option. This is especially useful if you want to display the human-readable test output via stdout and at the same time save the SARIF format output to a file. ### `--print-deps` Print the dependency tree before sending it for analysis. ### `--project-name=<PROJECT_NAME>` Specify a custom Snyk project name. ### `--policy-path=<PATH_TO_POLICY_FILE>` Manually pass a path to a snyk policy file. ### `--severity-threshold=low|medium|high|critical` Only report vulnerabilities of provided level or higher. ### `--username=<CONTAINER_REGISTRY_USERNAME>` Specify a username to use when connecting to a container registry. This will be ignored in favour of local Docker binary credentials when Docker is present. ### `--password=<CONTAINER_REGISTRY_PASSWORD>` Specify a password to use when connecting to a container registry. This will be ignored in favour of local Docker binary credentials when Docker is present. ### Flags available accross all commands #### `--insecure` Ignore unknown certificate authorities. #### `-d` Output debug logs. #### `--quiet`, `-q` Silence all output. #### `--version`, `-v` Prints versions. #### `--help [<COMMAND>]`, `[<COMMAND>] --help`, `-h` Prints a help text. You may specify a `<COMMAND>` to get more details. ## Environment You can set these environment variables to change CLI settings. ### `SNYK_TOKEN` Snyk authorization token. Setting this envvar will override the token that may be available in your `snyk config` settings. [How to get your account token](https://snyk.co/ucT6J)<br /> [How to use Service Accounts](https://snyk.co/ucT6L)<br /> ### `SNYK_CFG_KEY` Allows you to override any key that's also available as `snyk config` option. E.g. `SNYK_CFG_ORG=myorg` will override default org option in `config` with "myorg". ### `SNYK_REGISTRY_USERNAME` Specify a username to use when connecting to a container registry. Note that using the `--username` flag will override this value. This will be ignored in favour of local Docker binary credentials when Docker is present. ### `SNYK_REGISTRY_PASSWORD` Specify a password to use when connecting to a container registry. Note that using the `--password` flag will override this value. This will be ignored in favour of local Docker binary credentials when Docker is present. ### Connecting to Snyk API By default Snyk CLI will connect to `https://snyk.io/api/v1`. #### `SNYK_API` Sets API host to use for Snyk requests. Useful for on-premise instances and configuring proxies. If set with `http` protocol CLI will upgrade the requests to `https`. Unless `SNYK_HTTP_PROTOCOL_UPGRADE` is set to `0`. #### `SNYK_HTTP_PROTOCOL_UPGRADE=0` If set to the value of `0`, API requests aimed at `http` URLs will not be upgraded to `https`. If not set, the default behavior will be to upgrade these requests from `http` to `https`. Useful e.g., for reverse proxies. #### `HTTPS_PROXY` and `HTTP_PROXY` Allows you to specify a proxy to use for `https` and `http` calls. The `https` in the `HTTPS_PROXY` means that _requests using `https` protocol_ will use this proxy. The proxy itself doesn't need to use `https`. ## Exit codes Possible exit codes and their meaning: **0**: success, no vulns found<br /> **1**: action_needed, vulns found<br /> **2**: failure, try to re-run command<br /> **3**: failure, no supported projects detected<br />
Back to File Manager