diff --git a/help/cli-commands/README.md b/help/cli-commands/README.md index 374685593c..da5ce34c78 100644 --- a/help/cli-commands/README.md +++ b/help/cli-commands/README.md @@ -8,9 +8,9 @@ For details see the [CLI documentation](https://docs.snyk.io/features/snyk-cli) ## How to get started -1. Authenticate by running `snyk auth` -2. Test your local project with `snyk test` -3. Get alerted for new vulnerabilities with `snyk monitor` +1. Authenticate by running `snyk auth`. +2. Test your local project with `snyk test`. +3. Get alerted for new vulnerabilities with `snyk monitor`. ## Available commands @@ -24,25 +24,25 @@ Authenticate Snyk CLI with a Snyk account. ### [`snyk test`](test.md) -Test a project for open source vulnerabilities and license issues. +Test a project for open-source vulnerabilities and license issues. -**Note**: Use `snyk test --unmanaged` to scan all files for known open source dependencies (C/C++ only). +**Note**: Use `snyk test --unmanaged` to scan all files for known open-source dependencies (C/C++ only). ### [`snyk monitor`](monitor.md) -Snapshot and continuously monitor a project for open source vulnerabilities and license issues. +Snapshot and continuously monitor a project for open-source vulnerabilities and license issues. ### [`snyk container`](container.md) -Test container images for vulnerabilities. +These commands test and continuously monitor container images for vulnerabilities and generate an SBOM for a container image. ### [`snyk iac`](iac.md) -Commands to find and manage security issues in Infrastructure as Code files. +These commands find and report security issues in Infrastructure as Code files; detect, track, and alert on infrastructure drift and unmanaged resources; and create a .driftigore file. ### [`snyk code`](code.md) -Find security issues using static code analysis. +The `snyk code test` command finds security issues using Static Code Analysis. ### [`snyk sbom`](sbom.md) diff --git a/help/cli-commands/code.md b/help/cli-commands/code.md index ea92688496..32a8134e34 100644 --- a/help/cli-commands/code.md +++ b/help/cli-commands/code.md @@ -1,17 +1,13 @@ # Code -## Usage - -`snyk code [] [] []` - ## Description -The `snyk code` command finds security issues using Static Code Analysis. +The `snyk code test` command finds security issues using Static Code Analysis. -For more information see [CLI for Snyk Code](https://docs.snyk.io/snyk-code/cli-for-snyk-code) +For more information, see [CLI for Snyk Code](https://docs.snyk.io/snyk-code/cli-for-snyk-code) ## `snyk code` command and the help docs -The `snyk code` command is identified here with the help options: +The single`snyk code` command is identified here with the help options: [`code test`](code-test.md); `code test --help`: tests for any known security issues using Static Code Analysis diff --git a/help/cli-commands/container.md b/help/cli-commands/container.md index ccaf566ff2..ae6a8ac09b 100644 --- a/help/cli-commands/container.md +++ b/help/cli-commands/container.md @@ -1,14 +1,10 @@ # Container -## Usage - -`snyk container [] []` - ## Description -The `snyk container` commands test and continuously monitor container images for vulnerabilities. +The `snyk container` commands test and continuously monitor container images for vulnerabilities and generate an SBOM for a container image. -For more information see [Snyk CLI for container security](https://docs.snyk.io/products/snyk-container/snyk-cli-for-container-security) +For more information, see [Snyk CLI for container security](https://docs.snyk.io/products/snyk-container/snyk-cli-for-container-security) ## `snyk container` commands and the help docs @@ -16,3 +12,4 @@ The `snyk container` commands are listed here with the help options: - [`container test`](container-test.md), `container test --help`: tests for any known vulnerabilities - [`container monitor`](container-monitor.md), `container monitor --help`: captures the container image layers and dependencies and monitors for vulnerabilities on [snyk.io](https://snyk.io) +- [`container sbom`](container-sbom.md), `container sbom --help`: generates an SBOM for a container image diff --git a/help/cli-commands/sbom.md b/help/cli-commands/sbom.md index 169aefd1b0..23e40f1fdf 100644 --- a/help/cli-commands/sbom.md +++ b/help/cli-commands/sbom.md @@ -47,7 +47,7 @@ Use this option when your default organization does not have API entitlement. If this option is omitted, the default organization for your account will be used. -This is the `` that is the current preferred organization in your [Account settings](https://app.snyk.io/account) +This is the `` that is the current preferred organization in your [Account settings](https://app.snyk.io/account) Set a default to ensure all newly tested projects are tested under your default organization. If you need to override the default, use the `--org=` option. @@ -61,7 +61,7 @@ For more information see the article [How to select the organization to use in t ### `[--file=] or [--f=]` -Specify the desired manifest file on which the SBOM will be based. +Specify the desired manifest file on which the SBOM will be based. By default, the `sbom` command detects a supported manifest file in the current working directory. @@ -73,13 +73,13 @@ Generate an SBOM for unmanaged software projects. Include development-only dependencies in the SBOM output. -Applicable only for some package managers, for example, `devDependencies` in npm or `:development` dependencies in Gemfile. +Applicable only for some package managers, for example, `devDependencies` in npm or `:development` dependencies in Gemfile. When `--dev` is used with the SPDX format, the development-only dependencies are included in the `DEV_DEPENDENCY_OF` relationship. When `--dev` is used with the CycloneDX format, development-only dependencies are not labeled differently from non-development dependencies. -**Note**: This option can be used with Maven, npm, and Yarn projects. +**Note**: This option can be used with Maven, npm, and Yarn projects. ### `[--all-projects]` @@ -144,7 +144,7 @@ To scan individual JAR, WAR, or AAR files, use the following: ### `--scan-all-unmanaged` -Auto-detect Maven, JAR, WAR, and AAR files recursively from the current folder. +Auto-detect Maven, JAR, WAR, and AAR files recursively from the current folder. **Note**: Custom-built JAR files, even with open-source dependencies, are not supported. @@ -184,6 +184,98 @@ Example: `buildtype:release,usage:java-runtime` Use for projects that contain a Gradle initialization script. +## Options for NuGet projects + +### `--assets-project-name` + +When you are monitoring a .NET project using NuGet `PackageReference`, use the project name in `project.assets.json` if found. + +### `--file=.sln` + +Test all .NET projects included in the given `.sln` file. Projects referred to must have supported manifests. + +### `--file=packages.config` + +Test an individual .NET project. + +### `--packages-folder` + +Specify a custom path to the packages folder. + +This is the folder in which your dependencies are installed, provided you are using `packages.config`. If you have assigned a unique name to this folder, then Snyk can find it only if you enter a custom path. + +Use the absolute or relative path, including the name of the folder where your dependencies reside. + +## Options for npm projects + +### `--strict-out-of-sync=true|false` + +Prevent testing out-of-sync lockfiles. + +If there are out-of-sync lockfiles in the project, the `sbom` command fails when `--strict-out-of-sync=true`. + +Default: true + +## Options for Yarn projects + +### `--strict-out-of-sync=true|false` + +Prevent testing out-of-sync lockfiles. + +If there are out-of-sync lockfiles in the project, the `sbom` command fails when `--strict-out-of-sync=true`. + +Default: true + +### `--yarn-workspaces` + +Detect and scan Yarn Workspaces only when a lockfile is in the root. + +You can specify how many sub-directories to search using `--detection-depth`. + +You can exclude directories and files using `--exclude`. + +Default: `--all-projects` automatically detects and scans Yarn Workspaces with other projects. + +## Options for Python projects + +### `--command=` + +Indicate which specific Python commands to use based on the Python version. + +Snyk uses Python in order to scan and find your dependencies. If you are using multiple Python versions, use this parameter to specify the correct Python command for execution. + +Default: `python` This executes your default python version. Run `python -V` to find out what your default version is. + +Example: `snyk sbom --command=python3` + +### `--skip-unresolved=true|false` + +Skip packages that cannot be found in the environment, for example, private packages that cannot be accessed from the machine running the scan. + +### `--file=` + +For a Python project, specify a particular file to test. + +Default: Snyk scans the `requirements.txt` file at the top level of the project. + +When setting this option for Python values, it is required to also set the `--package-manager` option. See below. + +### `--package-manager=` + +Add `--package-manager=pip` to your command if the file name is not `requirements.txt`. + +This option is mandatory if you specify a value for the `--file` parameter that is not to a `requirements.txt` file. The SBOM generation fails without this parameter. Specify this parameter with the value `pip`. + +## Options for scanning using `--unmanaged` + +### `--max-depth` + +Specify the maximum level of archive extraction. + +Usage: `--max-depth=1` + +Use `0` (zero, the default) to disable archive extraction completely. + ## Examples for the snyk sbom command ### Create a CycloneDX JSON document for a local software project