From 0b6743cfc6c1563a9bdf057af1deff1de5ed67b2 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Wed, 20 Dec 2023 14:58:22 +0000 Subject: [PATCH] docs: synchronizing help from snyk/user-docs (#4969) Co-authored-by: Avishagp --- help/cli-commands/container-test.md | 4 ++-- help/cli-commands/iac-describe.md | 2 -- help/cli-commands/test.md | 4 ++-- 3 files changed, 4 insertions(+), 6 deletions(-) diff --git a/help/cli-commands/container-test.md b/help/cli-commands/container-test.md index 04df137703..f9c220c996 100644 --- a/help/cli-commands/container-test.md +++ b/help/cli-commands/container-test.md @@ -16,7 +16,7 @@ Possible exit codes and their meaning: **0**: success (scan completed), no vulnerabilities found\ **1**: action_needed (scan completed), vulnerabilities found\ -**2**: failure, try to re-run command\ +**2**: failure, try to re-run command. Use `-d` to output the debug logs.\ **3**: failure, no supported projects detected ## Configure the Snyk CLI @@ -96,7 +96,7 @@ Report only vulnerabilities at the specified level or higher. Fail only when there are vulnerabilities that can be fixed. - `all`: fail when there is at least one vulnerability that can be either upgraded or patched. -- `upgradable`: fail when there is at least one vulnerability that can be upgraded. +- `upgradable`: fail when there is at least one vulnerability for which Snyk has a computed remediation available. To fail on any Snyk discoverable vulnerability (the default behavior), do not use the `--fail-on` option. If vulnerabilities do not have a Snyk-computed fix and this option is being used, tests pass. diff --git a/help/cli-commands/iac-describe.md b/help/cli-commands/iac-describe.md index 257c8831ae..fc524774b7 100644 --- a/help/cli-commands/iac-describe.md +++ b/help/cli-commands/iac-describe.md @@ -113,8 +113,6 @@ Use filter rules. Filter rules allow you to build a JMESPath expression to include or exclude a set of resources from the report. -To filter on resource attributes, deep mode must be enabled. Deep mode is enabled by default for `--all` and `--only-managed`. To enable deep mode while using `--only-unmanaged`, use the `--deep` option. - For more information, see [Filter results](https://docs.snyk.io/products/snyk-infrastructure-as-code/detect-drift-and-manually-created-resources/filter-results) ### `--strict` diff --git a/help/cli-commands/test.md b/help/cli-commands/test.md index aac1deb1db..b8a07d48bc 100644 --- a/help/cli-commands/test.md +++ b/help/cli-commands/test.md @@ -213,8 +213,8 @@ Report only vulnerabilities at the specified level or higher. Fail only when there are vulnerabilities that can be fixed. Use one of the values as follows: - `all`: Use to fail when there is at least one vulnerability that can be either upgraded or patched. -- `upgradable`: Use to fail when there is at least one vulnerability that can be upgraded. -- `patchable`: Use to fail when there is at least one vulnerability that can be patched. Note that when you use patchable, the test will also fail if at least one vulnerability can be patched and other vulnerabilities found can be upgraded. +- `upgradable`: Use to fail when there is at least one vulnerability for which Snyk has a computed remediation available. +- `patchable`: Use to fail when there is at least one vulnerability that can be patched. Note that when you use `patchable`, the test will also fail if at least one vulnerability can be patched and other vulnerabilities found have a computed remediation available. To fail on any Snyk-discoverable vulnerability (the default behavior), do not use the `--fail-on` option. If vulnerabilities do not have a Snyk-computed fix and this option is being used, tests pass.