Proxy authentication in Snyk CLI for Windows

Today we’re announcing support for SPNEGO-based Kerberos and NTLM proxy authentication protocol support in Snyk CLI for Windows, with support for other operating systems coming shortly.

What is it?

Proxy authentication is often used to authenticate local network traffic through a centralized proxy, ensuring only authenticated users can access the public internet.

SPNEGO (often pronounced "spenay-go") is an authentication mechanism to negotiate the choice of security technology. It is most prominently used in Microsoft’s HTTP negotiation algorithm, typically surfacing Kerberos or NTLM sub-mechanisms, both of which are used in Active Directory.

Why might I need this?

Within our customers’ enterprise environments, particularly those subject to stringent audit and compliance regulations, it’s a common requirement for all internet-bound network traffic to first authenticate with an internal proxy before being allowed to proceed — for example to communicate successfully with Snyk’s public APIs.

With these additional proxy authentication methods in Snyk CLI, developers in such environments can now run Snyk CLI scans on their code from their development environments — adopting DevSecOps workflows and ensuring the security of their software products well before code changes are released.

How do I use this?

As of Snyk CLI v1.1008.0, the Snyk CLI supports proxy authentication by default. As soon as a proxy is configured, the CLI will determine whether authentication is required and will pick an appropriate mechanism.

Where do I find out more?

Check out our documentation on how to configure a Proxy for the Snyk CLI for more information.

If you’re new to Snyk and want to get started, sign up for a free account.