Merge pull request #4064 from snyk/docs/automatic-gitbook-update

Synchronizing CLI help from user-docs
snyk · Oct 6, 2022 · 7533751 · 7533751
2 parents 61c983d + 29bb68b
commit 7533751
Show file tree

Hide file tree

Showing 10 changed files with 139 additions and 104 deletions.
diff --git a/help/cli-commands/README.md b/help/cli-commands/README.md
@@ -14,7 +14,7 @@ For details see the [CLI documentation](https://docs.snyk.io/features/snyk-cli)
 
 ## Available commands
 
-To learn more about each Snyk CLI command, use the `--help` option, for example, `snyk auth --help` or `snyk container --help`
+To learn more about each Snyk CLI command, use the `--help` option, for example, `snyk auth --help`.
 
 **Note:** The help on the docs site is the same as the `--help` in the CLI.
 

diff --git a/help/cli-commands/code-test.md b/help/cli-commands/code-test.md
@@ -0,0 +1,78 @@
+# Code test
+
+## Usage
+
+`snyk code test [<OPTIONS>] [<PATH>]`
+
+## Description
+
+The `snyk code test` command tests for any known security issues using Static Code Analysis.
+
+For more information see [Using Snyk Code via the CLI](../../products/snyk-code/cli-for-snyk-code/).
+
+For instructions on ignoring issues with `snyk code test` see [Excluding directories and files from the Snyk Code CLI test](../../products/snyk-code/cli-for-snyk-code/excluding-directories-and-files-from-the-snyk-code-cli-test.md).
+
+## Exit codes
+
+Possible exit codes and their meaning:
+
+**0**: success, no vulnerabilities found\
+**1**: action_needed, vulnerabilities found\
+**2**: failure, try to re-run command\
+**3**: failure, no supported projects detected
+
+## Configure the Snyk CLI
+
+You can use environment variables to configure the Snyk CLI and set variables for connecting with the Snyk API; see [Configure the Snyk CLI](https://docs.snyk.io/features/snyk-cli/configure-the-snyk-cli)
+
+## Debug
+
+Use the `-d` option to output the debug logs.
+
+## Options for the code test subcommand
+
+### `--org=<ORG_ID>`
+
+Specify the `<ORG_ID>`to run Snyk commands tied to a specific organization. The `<ORG_ID>` influences private test limits.
+
+If you have multiple organizations, you can set a default from the CLI using:
+
+`$ snyk config set org=<ORG_ID>`
+
+Set a default to ensure all newly tested projects are tested under your default organization. If you need to override the default, use the `--org=<ORG_ID>` option.
+
+Default: `<ORG_ID>` that is the current preferred organization in your [Account settings](https://app.snyk.io/account)
+
+Note that you can also use `--org=<orgslugname>`. The `ORG_ID` works in both the CLI and the API. The organization slug name works in the CLI, but not in the API.
+
+For more information see the article [How to select the organization to use in the CLI](https://support.snyk.io/hc/en-us/articles/360000920738-How-to-select-the-organization-to-use-in-the-CLI)
+
+### `--json`
+
+Print results on the console as a JSON data structure.
+
+Example: `$ snyk code test --json`
+
+### `--json-file-output=<OUTPUT_FILE_PATH>`
+
+Save test output as a JSON data structure directly to the specified file, regardless of whether or not you use the `--json` option.
+
+Use to display the human-readable test output using stdout and at the same time save the JSON data structure output to a file. If no issues are found, an output file is not created.
+
+Example: `$ snyk code test --json-file-output=vuln.json`
+
+### `--sarif`
+
+Return results in SARIF format.
+
+Example: `$ snyk code --sarif`
+
+### `--sarif-file-output=<OUTPUT_FILE_PATH>`
+
+Save test output in SARIF format directly to the \<OUTPUT_FILE_PATH> file, regardless of whether or not you use the `--sarif` option.
+
+Use to display the human-readable test output using stdout and at the same time save the SARIF format output to a file.
+
+### `--severity-threshold=<low|medium|high|critical>`
+
+Report only vulnerabilities at the specified level or higher. Note that the Snyk Code configuration issues do not currently use the `critical` severity level.
diff --git a/help/cli-commands/code.md b/help/cli-commands/code.md
@@ -2,79 +2,16 @@
 
 ## Usage
 
-`snyk code [<SUBCOMMAND>] [<OPTIONS>] [<PATH>]`
+`snyk code [<COMMAND>] [<OPTIONS>] [<PATH>]`
 
 ## Description
 
 The `snyk code` command finds security issues using Static Code Analysis.
 
 For more information see [CLI for Snyk Code](https://docs.snyk.io/snyk-code/cli-for-snyk-code)
 
-## Subcommand: `test`
+## `snyk code` command and the help docs
 
-Test for any known issue.
+The `snyk code` command is identified here with the help options:
 
-## Exit codes
-
-Possible exit codes and their meaning:
-
-**0**: success, no vulnerabilities found\
-**1**: action_needed, vulnerabilities found\
-**2**: failure, try to re-run command\
-**3**: failure, no supported projects detected
-
-## Configure the Snyk CLI
-
-You can use environment variables to configure the Snyk CLI and set variables for connecting with the Snyk API; see [Configure the Snyk CLI](https://docs.snyk.io/features/snyk-cli/configure-the-snyk-cli)
-
-## Debug
-
-Use the `-d` option to output the debug logs.
-
-## Options for the code test subcommand
-
-### `--org=<ORG_ID>`
-
-Specify the `<ORG_ID>`to run Snyk commands tied to a specific organization. The `<ORG_ID>` influences private test limits.
-
-If you have multiple organizations, you can set a default from the CLI using:
-
-`$ snyk config set org=<ORG_ID>`
-
-Set a default to ensure all newly tested projects are tested under your default organization. If you need to override the default, use the `--org=<ORG_ID>` option.
-
-Default: `<ORG_ID>` that is the current preferred organization in your [Account settings](https://app.snyk.io/account)
-
-Note that you can also use `--org=<orgslugname>`. The `ORG_ID` works in both the CLI and the API. The organization slug name works in the CLI, but not in the API.
-
-For more information see the article [How to select the organization to use in the CLI](https://support.snyk.io/hc/en-us/articles/360000920738-How-to-select-the-organization-to-use-in-the-CLI)
-
-### `--json`
-
-Print results in JSON format.
-
-Example: `$ snyk code test --json`
-
-### `--json-file-output=<OUTPUT_FILE_PATH>`
-
-Save test output in JSON format directly to the specified file, regardless of whether or not you use the `--json` option.
-
-This is useful if you want to display the human-readable test output using stdout and at the same time save the JSON format output to a file.
-
-Example: `$ snyk code test --json-file-output=vuln.json`
-
-### `--sarif`
-
-Return results in SARIF format.
-
-Example: `$ snyk code --sarif`
-
-### `--sarif-file-output=<OUTPUT_FILE_PATH>`
-
-Save test output in SARIF format directly to the \<OUTPUT_FILE_PATH> file, regardless of whether or not you use the `--sarif` option.
-
-This is especially useful if you want to display the human-readable test output using stdout and at the same time save the SARIF format output to a file.
-
-### `--severity-threshold=<low|medium|high|critical>`
-
-Report only vulnerabilities at the specified level or higher. Note that the Snyk Code configuration issues do not currently use the `critical` severity level.
+``[`code test`](code-test.md); `code test --help`: tests for any known security issues using Static Code Analysis
diff --git a/help/cli-commands/container-monitor.md b/help/cli-commands/container-monitor.md
@@ -60,10 +60,12 @@ Manually pass a path to a `.snyk` policy file.
 
 ### `--json`
 
-Print results in JSON format, useful for integrating with other tools
+Print results on the console as a JSON data structure.
 
 Example: `$ snyk container test --json`
 
+Note: If you use an option that sets project attributes and your role lacks permission to edit project attributes the `monitor` command fails. For instructions on how to proceed see [Editing project attributes from the Snyk CLI](https://docs.snyk.io/features/user-and-group-management/managing-users-and-permissions/managing-permissions#editing-project-attributes-from-the-snyk-cli)
+
 ### `--project-environment=<ENVIRONMENT>[,<ENVIRONMENT>]...>`
 
 Set the project environment to one or more values (comma-separated). To clear the project environment set `--project-environment=`
@@ -98,7 +100,7 @@ To clear the project tags set `--project-tags=`
 
 ### `--tags=<TAG>[,<TAG>]...>`
 
-This is an alias for `--project tags`
+This is an alias for `--project-tags`
 
 ### `--app-vulns`
 
@@ -108,6 +110,14 @@ In CLI version 1.962.0 and higher, use the `--app-vulns` option with the the `--
 
 For more information see [Detecting application vulnerabilities in container images](https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/detecting-application-vulnerabilities-in-container-images)
 
+### `--exclude-app-vulns`
+
+Allow disabling scans for app vulnerabilities in advance of `app-vulns` being enabled by default.
+
+Cannot be used with `--app-vulns`.
+
+For more information see [Detecting application vulnerabilities in container images](https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/detecting-application-vulnerabilities-in-container-images)
+
 ### `--nested-jars-depth`
 
 When using `--app-vulns` use the `--nested-jars-depth` option to set how many levels of nested jars Snyk is to unpack. Depth must be a number.

diff --git a/help/cli-commands/container-test.md b/help/cli-commands/container-test.md
@@ -65,15 +65,15 @@ Manually pass a path to a `.snyk` policy file.
 
 ### `--json`
 
-Print results in JSON format, useful for integrating with other tools
+Print results ion the console as a JSON data structure.
 
 Example: `$ snyk container test --json`
 
 ### `--json-file-output=<OUTPUT_FILE_PATH>`
 
-Save test output in JSON format directly to the specified file, regardless of whether or not you use the `--json` option.
+Save test output in JSON format as a JSON data structure directly to the specified file, regardless of whether or not you use the `--json` option.
 
-This is especially useful if you want to display the human-readable test output using stdout and at the same time save the JSON format output to a file.
+Use to display the human-readable test output using stdout and at the same time save the JSON data structure output to a file. If no issues are found, an output file is not created.
 
 Example: `$ snyk container test --json-file-output=vuln.json`
 
@@ -108,6 +108,14 @@ In CLI version 1.962.0 and higher, use the `--app-vulns` option with the the `--
 
 For more information see [Detecting application vulnerabilities in container images](https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/detecting-application-vulnerabilities-in-container-images)
 
+### `--exclude-app-vulns`
+
+Allow disabling scans for app vulnerabilities in advance of `app-vulns` being enabled by default.
+
+Cannot be used with`--app-vulns`.
+
+For more information see [Detecting application vulnerabilities in container images](https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/detecting-application-vulnerabilities-in-container-images)
+
 ### `--nested-jars-depth`
 
 When using `--app-vulns` use the `--nested-jars-depth` option to set how many levels of nested jars Snyk is to unpack. Depth must be a number.

diff --git a/help/cli-commands/iac-describe.md b/help/cli-commands/iac-describe.md
@@ -166,7 +166,7 @@ Output only the scan result to stdout.
 
 ### `--json`
 
-Output the report as JSON to stdout.
+Output the report as a JSON data structure to stdout.
 
 ### `--html`
 

diff --git a/help/cli-commands/iac-test.md b/help/cli-commands/iac-test.md
@@ -65,15 +65,15 @@ Manually pass a path to a `.snyk` policy file.
 
 ### `--json`
 
-Print results in JSON format.
+Print results on the console as a JSON data structure.
 
 Example: `$ snyk iac test --json`
 
 ### `--json-file-output=<OUTPUT_FILE_PATH>`
 
-Save test output in JSON format directly to the specified file, regardless of whether or not you use the `--json` option.
+Save test output as a JSON data structure directly to the specified file, regardless of whether or not you use the `--json` option.
 
-This is especially useful if you want to display the human-readable test output using stdout and at the same time save the JSON format output to a file.
+Use to display the human-readable test output using stdout and at the same time save the JSON data structure output to a file. If no issues are found, an output file is not created.
 
 Example: `$ snyk iac test --json-file-output=vuln.json`
 
@@ -87,6 +87,8 @@ Save test output in SARIF format directly to the \<OUTPUT_FILE_PATH> file, regar
 
 This is especially useful if you want to display the human-readable test output using stdout and at the same time save the SARIF format output to a file.
 
+Note: If you use an option that sets project attributes and your role lacks permission to edit project attributes the `iac test` command fails. For instructions on how to proceed see [Editing project attributes from the Snyk CLI](https://docs.snyk.io/features/user-and-group-management/managing-users-and-permissions/managing-permissions#editing-project-attributes-from-the-snyk-cli)
+
 ### `--project-business-criticality=<BUSINESS_CRITICALITY>[,<BUSINESS_CRITICALITY>]...>`
 
 This can be used in combination with the `--report` option.
@@ -97,6 +99,8 @@ Allowed values: `critical, high, medium, low`
 
 For more information see [Project attributes](https://docs.snyk.io/getting-started/introduction-to-snyk-projects/view-project-information/project-attributes)
 
+This option is not supported for Integrated IaC (Limited Availability).
+
 ### `--project-environment=<ENVIRONMENT>[,<ENVIRONMENT>]...>`
 
 This can be used in combination with the `--report` option.
@@ -107,6 +111,8 @@ Allowed values: `frontend`, `backend`, `internal`, `external`, `mobile`, `saas`,
 
 For more information see [Project attributes](https://docs.snyk.io/getting-started/introduction-to-snyk-projects/view-project-information/project-attributes)
 
+This option is not supported for Integrated IaC (Limited Availability).
+
 ### `--project-lifecycle=<LIFECYCLE>[,<LIFECYCLE>]...>`
 
 This can be used in combination with the `--report` option.
@@ -117,6 +123,8 @@ Allowed values: `production`, `development`, `sandbox`
 
 For more information see [Project attributes](https://docs.snyk.io/getting-started/introduction-to-snyk-projects/view-project-information/project-attributes)
 
+This option is not supported for Integrated IaC (Limited Availability).
+
 ### `--project-tags=<TAG>[,<TAG>]...>`
 
 This can be used in combination with the `--report` option.
@@ -127,6 +135,8 @@ Example: `--project-tags=department=finance,team=alpha`
 
 To clear the project tags set `--project-tags=`
 
+This option is not supported for Integrated IaC (Limited Availability).
+
 ### `--remote-repo-url=<URL>`
 
 This can be used in combination with the `--report` option.
@@ -147,14 +157,16 @@ Note: This option cannot be used in combination with the `--rules` option.
 
 Use this dedicated option for Custom Rules scanning to enable the IaC scans to use a custom rules bundle generated with the `snyk-iac-rules` SDK. See [`snyk-iac-rules` SDK](https://github.com/snyk/snyk-iac-rules#readme)
 
-This option cannot be used if the custom rules settings were configured with the Snyk UI. Default: If the `--rules` flag is not specified, scan the configuration files using the internal Snyk rules only.
+This option cannot be used if the custom rules settings were configured with the Snyk UI. Default: If the `--rules` option is not specified, scan the configuration files using the internal Snyk rules only.
 
 Example: Scan the configuration files using custom rules and internal Snyk rules.
 
 `--rules=bundle.tar.gz`
 
 Note: This option can not be used in combination with the `--report` option.
 
+This option is not supported for Integrated IaC (Limited Availability).
+
 ### `--severity-threshold=<low|medium|high|critical>`
 
 Report only vulnerabilities at the specified level or higher.
@@ -172,7 +184,7 @@ This can be used in combination with the `--report` option.
 
 Set or override the project name for the repository.&#x20;
 
-Note: This flag will supersede the `--remote-repo-url`, if used together.
+Note: This option supersedes`--remote-repo-url`, if both options are used together.
 
 ### `--target-reference=<TARGET_REFERENCE>`
 

diff --git a/help/cli-commands/ignore.md b/help/cli-commands/ignore.md
@@ -6,7 +6,7 @@
 
 OR
 
-`snyk ignore [--expiry=] [--reason=] [--policy-path=<PATH_TO_POLICY_FILE>] --file-path=<PATH_TO_RESOURCE>] [OPTIONS]`
+`snyk ignore [--expiry=] [--reason=] [--policy-path=<PATH_TO_POLICY_FILE>] [--file-path=<PATH_TO_RESOURCE>] [OPTIONS]`
 
 ## Description
 

diff --git a/help/cli-commands/monitor.md b/help/cli-commands/monitor.md
@@ -64,7 +64,7 @@ Can be used with `--all-projects` and `--yarn-workspaces` to indicate directory
 
 Example: `$ snyk test --all-projects --exclude=dir1,file2`
 
-This will exclude any directories and files named "dir1" and "file2" when scanning for project manifest files. Such as: "./dir1", "./src/dir1", "./file2", "./src/file2", and so on.
+This will exclude any directories and files named `dir1` and `file2` when scanning for project manifest files such as: `./dir1`, `./src/dir1`, `./file2`, `./src/file2` and so on.
 
 ### `--prune-repeated-subdependencies`, `-p`
 
@@ -148,7 +148,9 @@ Manually pass a path to a `.snyk` policy file.
 
 ### `--json`
 
-Print results in JSON format.
+Print results on the console as a JSON data structure.
+
+Note: If you use an option that sets project attributes and your role lacks permission to edit project attributes the `monitor` command fails. For instructions on how to proceed see [Editing project attributes from the Snyk CLI](https://docs.snyk.io/features/user-and-group-management/managing-users-and-permissions/managing-permissions#editing-project-attributes-from-the-snyk-cli)
 
 ### `--project-environment=<ENVIRONMENT>[,<ENVIRONMENT>]...>`
 
@@ -302,19 +304,13 @@ The following `snyk monitor` options can be used with `--unmanaged` as documente
 
 There are also special options.
 
-### `--target-dir`
-
-Scan the path specified in the argument instead of the current directory.
-
-Alternatively, run `snyk test --unmanaged`
-
 ### `--max-depth`
 
 Specify the maximum level of archive extraction.
 
 Usage: `--max-depth=1`&#x20;
 
-Use 0 to disable archive extraction completely.
+Use 0 (zero, the default) to disable archive extraction completely.
 
 ### `--print-dep-paths`