Snyk Documentation

CLI - Monitor

 

Monitor

With test and protect, you’re well set up to address currently known vulnerabilities. However, new vulnerabilities are constantly disclosed - which is where monitor comes in.

cd ~/projects/myproject/snyk monitor

Just before you deploy, run snyk monitor in your project directory. This will take a snapshot of your current dependencies, so we can notify you about newly disclosed vulnerabilities in them, or when a previously unavailable patch or upgrade path is created. If you take multiple snapshots of the same project, we will only alert you to new information about the latest one.

Log in and go to snyk.io/monitor to see the latest snapshot and history of your project.

Example output

$ snyk monitor
Captured a snapshot of this project's dependencies. Explore this snapshot at https://app.snyk.io/monitor/1a53f19a-f64f-44ab-b122-74ce82c1c34b
Notifications about newly disclosed vulnerabilities related to these dependencies will be emailed to you.

 

Specifying which organisation for monitoring

If you have several organisations set up in Snyk, running snyk monitor will associate the generated snapshot to your "default" (personal) org. To specify a different organisation, you can use the --org option.

snyk monitor --org=my-org-name

 

Overriding the project name

If you do not wish to have the name of your project uploaded to Snyk you can specify a name to override it with. You can also use this flag when you are testing multiple manifest files within the same project and need to differentiate between them.

Valid project names can contain: letters, digits, slashes, underscores, periods and dashes. Monitor will fail and will output a message that an invalid name was provided if the project name is not valid.


snyk monitor --file=package.json --project-name=myapp-frontend

snyk monitor --file=build.sbt --project-name=myapp-backend 

 

Monitor a Maven or Gradle project with variables

You can pass variables to snyk monitor running on Maven or Gradle projects. This is useful when you want to monitor a specific profile (in Maven) or configuration (in Gradle), or pass system properties. This is done by sending flags after a double-dash option when running snyk monitor. Note that all flags after the double-dash option will be used as Maven flags.

For example, suppose you want to monitor a specific Maven profile: prod. Running the following will monitor this profile:

snyk monitor -- -Pprod

In another example, if you use a system property in your pom.xml file, e.g: <version>${pkg_version}</version>, you can define the system property in snyk monitor as follows:


For monitoring a Gradle project with test dependencies, you would be able to pass the appropriate configuration to snyk monitor:

snyk monitor -- --configuration testCompile