CLI - Installation
Snyk’s CLI helps you find and fix known vulnerabilities in your dependencies, both ad hoc and as part of your CI (Build) system.
The Snyk CLI requires you to authenticate with your account before using it. It supports Node.js, Ruby, Python, Java, Scala, Go, PHP and .NET.
Snyk is installed in one of two methods, either as an npm module, or via a Snyk created Docker container
Installation via npm
Run these commands to install it for local use:
npm install -g snyk
Once installed, you need to authenticate with your Snyk account:
To test your installation change directory into a folder containing a supported package manifest file (package.json, pom.xml, composer.lock, etc.) and run:
cd /my/project/ snyk test
Alternatively you can perform a quick test on a public npm package, for instance:
snyk test ionic
As you can see, Snyk found and reported several vulnerabilities in the package. For each issue found, Snyk provides the severity of the issue, a link to a detailed description, the path through which the vulnerable module got into your system, and guidance on how to fix the problem.
Installation via Docker container
For environments where npm isn't installed you can use a Snyk created Docker container that has npm, the Snyk CLI and other necessary components already installed. Please follow the detailed instructions here https://hub.docker.com/r/snyk/snyk-cli
$ snyk test ✗ High severity vulnerability found on firstname.lastname@example.org - desc: Regular Expression Denial of Service - info: https://snyk.io/vuln/npm:minimatch:20160620 - from: email@example.com > firstname.lastname@example.org > email@example.com > firstname.lastname@example.org > email@example.com > firstname.lastname@example.org Remediation: Upgrade direct dependency email@example.com to firstname.lastname@example.org (triggers upgrades to email@example.com > firstname.lastname@example.org > email@example.com > firstname.lastname@example.org) ✗ Medium severity vulnerability found on email@example.com - desc: Regular Expression Denial of Service - info: https://snyk.io/vuln/npm:moment:20161019 - from: firstname.lastname@example.org > email@example.com Remediation: Upgrade direct dependency firstname.lastname@example.org to email@example.com ✗ Medium severity vulnerability found on firstname.lastname@example.org - desc: Root Path Disclosure - info: https://snyk.io/vuln/npm:send:20151103 - from: email@example.com > firstname.lastname@example.org > email@example.com Remediation: Upgrade direct dependency firstname.lastname@example.org to email@example.com (triggers upgrades to firstname.lastname@example.org)