Merge pull request #2515 from snyk/docs/revise-container-command-help

docs: update container command help
snyk · Jan 12, 2022 · 573f7be · 573f7be
2 parents 9509c29 + 022aefe
commit 573f7be
Show file tree

Hide file tree

Showing 2 changed files with 44 additions and 96 deletions.
diff --git a/help/cli-commands/container.md b/help/cli-commands/container.md
@@ -1,12 +1,14 @@
-# snyk container -- Test container images for vulnerabilities
+# snyk container -- test container images for vulnerabilities
 
 ## Usage
 
 `snyk container <COMMAND> [<OPTIONS>] [<IMAGE>]`
 
 ## Description
 
-Find vulnerabilities in your container images.
+The `snyk container` command finds vulnerabilities in container images.
+
+For more information see [Snyk CLI for container security](https://docs.snyk.io/products/snyk-container/snyk-cli-for-container-security).
 
 ## Commands
 
@@ -16,135 +18,81 @@ Test for any known vulnerabilities.
 
 ### `monitor`
 
-Record the state of dependencies and any vulnerabilities on snyk.io.
-
-## Options
-
-### `--exclude-base-image-vulns`
-
-Exclude from display base image vulnerabilities.
-
-### `--file=<FILE_PATH>`
-
-Include the path to the image's Dockerfile for more detailed advice.
+Capture the container image layers and dependencies and monitor for vulnerabilities on snyk.io
 
-### `--platform=<PLATFORM>`
-
-For multi-architecture images, specify the platform to test.
-[linux/amd64, linux/arm64, linux/riscv64, linux/ppc64le, linux/s390x, linux/386, linux/arm/v7 or linux/arm/v6]
-
-### `--json`
+## Exit codes
 
-Prints results in JSON format.
+Possible exit codes and their meaning:
 
-### `--json-file-output=<OUTPUT_FILE_PATH>`
+**0**: success, no vulnerabilities found<br />
+**1**: action_needed, vulnerabilities found<br />
+**2**: failure, try to re-run command<br />
+**3**: failure, no supported projects detected<br />
 
-(only in `test` command)
-Save test output in JSON format directly to the specified file, regardless of whether or not you use the `--json` option.
-This is especially useful if you want to display the human-readable test output via stdout and at the same time save the JSON format output to a file.
+## Congifure the Snyk CLI
 
-### `--sarif`
+You can use environment variables to configure the Snyk CLI and also set variables to configure the Snyk CLI to connect with the Snyk API. There are environment variables that apply to the container command. See [Configure the Snyk CLI](https://docs.snyk.io/features/snyk-cli/configure-the-snyk-cli).
 
-Return results in SARIF format.
+## Debug
 
-### `--sarif-file-output=<OUTPUT_FILE_PATH>`
+Use the `-d` option to output the debug logs.
 
-(only in `test` command)
-Save test output in SARIF format directly to the `<OUTPUT_FILE_PATH>` file, regardless of whether or not you use the `--sarif` option.
-This is especially useful if you want to display the human-readable test output via stdout and at the same time save the SARIF format output to a file.
+## Options
 
 ### `--print-deps`
 
 Print the dependency tree before sending it for analysis.
 
+### `--file=<FILE_PATH>`
+
+For more detailed advice, include the path to the Dockerfile for the image.
+
 ### `--project-name=<PROJECT_NAME>`
 
 Specify a custom Snyk project name.
 
 ### `--policy-path=<PATH_TO_POLICY_FILE>`
 
-Manually pass a path to a snyk policy file.
-
-### `--severity-threshold=low|medium|high|critical`
-
-Only report vulnerabilities of provided level or higher.
-
-### `--username=<CONTAINER_REGISTRY_USERNAME>`
-
-Specify a username to use when connecting to a container registry. This will be ignored in favour of local Docker binary credentials when Docker is present.
+Manually pass a path to a `.snyk` policy file.
 
-### `--password=<CONTAINER_REGISTRY_PASSWORD>`
-
-Specify a password to use when connecting to a container registry. This will be ignored in favour of local Docker binary credentials when Docker is present.
-
-### Flags available accross all commands
-
-#### `--insecure`
-
-Ignore unknown certificate authorities.
-
-#### `-d`
-
-Output debug logs.
-
-#### `--quiet`, `-q`
-
-Silence all output.
-
-#### `--version`, `-v`
-
-Prints versions.
-
-#### `--help [<COMMAND>]`, `[<COMMAND>] --help`, `-h`
-
-Prints a help text. You may specify a `<COMMAND>` to get more details.
-
-## Environment
-
-You can set these environment variables to change CLI settings.
-
-### `SNYK_TOKEN`
+### `--json`
 
-Snyk authorization token. Setting this envvar will override the token that may be available in your `snyk config` settings.
+Print results in JSON format.
 
-[How to get your account token](https://snyk.co/ucT6J)<br />
-[How to use Service Accounts](https://snyk.co/ucT6L)<br />
+### `--json-file-output=<OUTPUT_FILE_PATH>`
 
-### `SNYK_CFG_KEY`
+Save test output in JSON format directly to the specified file, regardless of whether or not you use the `--json` option.
 
-Allows you to override any key that's also available as `snyk config` option.
+This is especially useful if you want to display the human-readable test output using stdout and at the same time save the JSON format output to a file.
 
-E.g. `SNYK_CFG_ORG=myorg` will override default org option in `config` with "myorg".
+### `--sarif`
 
-### `SNYK_REGISTRY_USERNAME`
+Return results in SARIF format.
 
-Specify a username to use when connecting to a container registry. Note that using the `--username` flag will override this value. This will be ignored in favour of local Docker binary credentials when Docker is present.
+### `--sarif-file-output=<OUTPUT_FILE_PATH>`
 
-### `SNYK_REGISTRY_PASSWORD`
+Save test output in SARIF format directly to the `<OUTPUT_FILE_PATH>` file, regardless of whether or not you use the `--sarif` option.
 
-Specify a password to use when connecting to a container registry. Note that using the `--password` flag will override this value. This will be ignored in favour of local Docker binary credentials when Docker is present.
+This is especially useful if you want to display the human-readable test output using stdout and at the same time save the SARIF format output to a file.
 
-### Connecting to Snyk API
+### `--severity-threshold=low|medium|high|critical`
 
-By default Snyk CLI will connect to `https://snyk.io/api/v1`.
+Report only vulnerabilities at the specified level or higher.
 
-#### `SNYK_API`
+### `--exclude-base-image-vulns`
 
-Sets API host to use for Snyk requests. Useful for on-premise instances and configuring proxies. If set with `http` protocol CLI will upgrade the requests to `https`. Unless `SNYK_HTTP_PROTOCOL_UPGRADE` is set to `0`.
+Exclude base image vulnerabilities from display.
 
-#### `SNYK_HTTP_PROTOCOL_UPGRADE=0`
+### `--platform=<PLATFORM>`
 
-If set to the value of `0`, API requests aimed at `http` URLs will not be upgraded to `https`. If not set, the default behavior will be to upgrade these requests from `http` to `https`. Useful e.g., for reverse proxies.
+For multi-architecture images, specify the platform to test.
 
-#### `HTTPS_PROXY` and `HTTP_PROXY`
+Supported platforms are: `linux/amd64`, `linux/arm64`, `linux/riscv64`, `linux/ppc64le`, `linux/s390x`, `linux/386`, `linux/arm/v7`, or `linux/arm/v6`.
 
-Allows you to specify a proxy to use for `https` and `http` calls. The `https` in the `HTTPS_PROXY` means that _requests using `https` protocol_ will use this proxy. The proxy itself doesn't need to use `https`.
+### `--username=<CONTAINER_REGISTRY_USERNAME>`
 
-## Exit codes
+Specify a username to use when connecting to a container registry. This is ignored in favor of local Docker binary credentials when Docker is present.
 
-Possible exit codes and their meaning:
+### `--password=<CONTAINER_REGISTRY_PASSWORD>`
 
-**0**: success, no vulns found<br />
-**1**: action_needed, vulns found<br />
-**2**: failure, try to re-run command<br />
-**3**: failure, no supported projects detected<br />
+Specify a password to use when connecting to a container registry. This is ignored in favor of local Docker binary credentials when Docker is present.
diff --git a/test/smoke/spec/snyk_basic_spec.sh b/test/smoke/spec/snyk_basic_spec.sh
@@ -50,7 +50,7 @@ Describe "Snyk CLI basics"
 
     It "prints specific help info for container"
       When run snyk -h container
-      The output should include "Test container images for vulnerabilities"
+      The output should include "test container images for vulnerabilities"
       The status should be success
       # TODO: unusable with our current docker issues
       The stderr should equal ""
@@ -74,7 +74,7 @@ Describe "Snyk CLI basics"
 
     It "prints help info for argument with mode"
       When run snyk --help container test
-      The output should include "Test container images for vulnerabilities"
+      The output should include "test container images for vulnerabilities"
       The status should be success
       # TODO: unusable with our current docker issues
       The stderr should equal ""