Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Synchronizing CLI help from user-docs #4064

Merged
merged 1 commit into from
Oct 6, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion help/cli-commands/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ For details see the [CLI documentation](https://docs.snyk.io/features/snyk-cli)

## Available commands

To learn more about each Snyk CLI command, use the `--help` option, for example, `snyk auth --help` or `snyk container --help`
To learn more about each Snyk CLI command, use the `--help` option, for example, `snyk auth --help`.

**Note:** The help on the docs site is the same as the `--help` in the CLI.

Expand Down
78 changes: 78 additions & 0 deletions help/cli-commands/code-test.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,78 @@
# Code test

## Usage

`snyk code test [<OPTIONS>] [<PATH>]`

## Description

The `snyk code test` command tests for any known security issues using Static Code Analysis.

For more information see [Using Snyk Code via the CLI](../../products/snyk-code/cli-for-snyk-code/).

For instructions on ignoring issues with `snyk code test` see [Excluding directories and files from the Snyk Code CLI test](../../products/snyk-code/cli-for-snyk-code/excluding-directories-and-files-from-the-snyk-code-cli-test.md).

## Exit codes

Possible exit codes and their meaning:

**0**: success, no vulnerabilities found\
**1**: action_needed, vulnerabilities found\
**2**: failure, try to re-run command\
**3**: failure, no supported projects detected

## Configure the Snyk CLI

You can use environment variables to configure the Snyk CLI and set variables for connecting with the Snyk API; see [Configure the Snyk CLI](https://docs.snyk.io/features/snyk-cli/configure-the-snyk-cli)

## Debug

Use the `-d` option to output the debug logs.

## Options for the code test subcommand

### `--org=<ORG_ID>`

Specify the `<ORG_ID>`to run Snyk commands tied to a specific organization. The `<ORG_ID>` influences private test limits.

If you have multiple organizations, you can set a default from the CLI using:

`$ snyk config set org=<ORG_ID>`

Set a default to ensure all newly tested projects are tested under your default organization. If you need to override the default, use the `--org=<ORG_ID>` option.

Default: `<ORG_ID>` that is the current preferred organization in your [Account settings](https://app.snyk.io/account)

Note that you can also use `--org=<orgslugname>`. The `ORG_ID` works in both the CLI and the API. The organization slug name works in the CLI, but not in the API.

For more information see the article [How to select the organization to use in the CLI](https://support.snyk.io/hc/en-us/articles/360000920738-How-to-select-the-organization-to-use-in-the-CLI)

### `--json`

Print results on the console as a JSON data structure.

Example: `$ snyk code test --json`

### `--json-file-output=<OUTPUT_FILE_PATH>`

Save test output as a JSON data structure directly to the specified file, regardless of whether or not you use the `--json` option.

Use to display the human-readable test output using stdout and at the same time save the JSON data structure output to a file. If no issues are found, an output file is not created.

Example: `$ snyk code test --json-file-output=vuln.json`

### `--sarif`

Return results in SARIF format.

Example: `$ snyk code --sarif`

### `--sarif-file-output=<OUTPUT_FILE_PATH>`

Save test output in SARIF format directly to the \<OUTPUT_FILE_PATH> file, regardless of whether or not you use the `--sarif` option.

Use to display the human-readable test output using stdout and at the same time save the SARIF format output to a file.

### `--severity-threshold=<low|medium|high|critical>`

Report only vulnerabilities at the specified level or higher. Note that the Snyk Code configuration issues do not currently use the `critical` severity level.
71 changes: 4 additions & 67 deletions help/cli-commands/code.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,79 +2,16 @@

## Usage

`snyk code [<SUBCOMMAND>] [<OPTIONS>] [<PATH>]`
`snyk code [<COMMAND>] [<OPTIONS>] [<PATH>]`

## Description

The `snyk code` command finds security issues using Static Code Analysis.

For more information see [CLI for Snyk Code](https://docs.snyk.io/snyk-code/cli-for-snyk-code)

## Subcommand: `test`
## `snyk code` command and the help docs

Test for any known issue.
The `snyk code` command is identified here with the help options:

## Exit codes

Possible exit codes and their meaning:

**0**: success, no vulnerabilities found\
**1**: action_needed, vulnerabilities found\
**2**: failure, try to re-run command\
**3**: failure, no supported projects detected

## Configure the Snyk CLI

You can use environment variables to configure the Snyk CLI and set variables for connecting with the Snyk API; see [Configure the Snyk CLI](https://docs.snyk.io/features/snyk-cli/configure-the-snyk-cli)

## Debug

Use the `-d` option to output the debug logs.

## Options for the code test subcommand

### `--org=<ORG_ID>`

Specify the `<ORG_ID>`to run Snyk commands tied to a specific organization. The `<ORG_ID>` influences private test limits.

If you have multiple organizations, you can set a default from the CLI using:

`$ snyk config set org=<ORG_ID>`

Set a default to ensure all newly tested projects are tested under your default organization. If you need to override the default, use the `--org=<ORG_ID>` option.

Default: `<ORG_ID>` that is the current preferred organization in your [Account settings](https://app.snyk.io/account)

Note that you can also use `--org=<orgslugname>`. The `ORG_ID` works in both the CLI and the API. The organization slug name works in the CLI, but not in the API.

For more information see the article [How to select the organization to use in the CLI](https://support.snyk.io/hc/en-us/articles/360000920738-How-to-select-the-organization-to-use-in-the-CLI)

### `--json`

Print results in JSON format.

Example: `$ snyk code test --json`

### `--json-file-output=<OUTPUT_FILE_PATH>`

Save test output in JSON format directly to the specified file, regardless of whether or not you use the `--json` option.

This is useful if you want to display the human-readable test output using stdout and at the same time save the JSON format output to a file.

Example: `$ snyk code test --json-file-output=vuln.json`

### `--sarif`

Return results in SARIF format.

Example: `$ snyk code --sarif`

### `--sarif-file-output=<OUTPUT_FILE_PATH>`

Save test output in SARIF format directly to the \<OUTPUT_FILE_PATH> file, regardless of whether or not you use the `--sarif` option.

This is especially useful if you want to display the human-readable test output using stdout and at the same time save the SARIF format output to a file.

### `--severity-threshold=<low|medium|high|critical>`

Report only vulnerabilities at the specified level or higher. Note that the Snyk Code configuration issues do not currently use the `critical` severity level.
``[`code test`](code-test.md); `code test --help`: tests for any known security issues using Static Code Analysis
14 changes: 12 additions & 2 deletions help/cli-commands/container-monitor.md
Original file line number Diff line number Diff line change
Expand Up @@ -60,10 +60,12 @@ Manually pass a path to a `.snyk` policy file.

### `--json`

Print results in JSON format, useful for integrating with other tools
Print results on the console as a JSON data structure.

Example: `$ snyk container test --json`

Note: If you use an option that sets project attributes and your role lacks permission to edit project attributes the `monitor` command fails. For instructions on how to proceed see [Editing project attributes from the Snyk CLI](https://docs.snyk.io/features/user-and-group-management/managing-users-and-permissions/managing-permissions#editing-project-attributes-from-the-snyk-cli)

### `--project-environment=<ENVIRONMENT>[,<ENVIRONMENT>]...>`

Set the project environment to one or more values (comma-separated). To clear the project environment set `--project-environment=`
Expand Down Expand Up @@ -98,7 +100,7 @@ To clear the project tags set `--project-tags=`

### `--tags=<TAG>[,<TAG>]...>`

This is an alias for `--project tags`
This is an alias for `--project-tags`

### `--app-vulns`

Expand All @@ -108,6 +110,14 @@ In CLI version 1.962.0 and higher, use the `--app-vulns` option with the the `--

For more information see [Detecting application vulnerabilities in container images](https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/detecting-application-vulnerabilities-in-container-images)

### `--exclude-app-vulns`

Allow disabling scans for app vulnerabilities in advance of `app-vulns` being enabled by default.

Cannot be used with `--app-vulns`.

For more information see [Detecting application vulnerabilities in container images](https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/detecting-application-vulnerabilities-in-container-images)

### `--nested-jars-depth`

When using `--app-vulns` use the `--nested-jars-depth` option to set how many levels of nested jars Snyk is to unpack. Depth must be a number.
Expand Down
14 changes: 11 additions & 3 deletions help/cli-commands/container-test.md
Original file line number Diff line number Diff line change
Expand Up @@ -65,15 +65,15 @@ Manually pass a path to a `.snyk` policy file.

### `--json`

Print results in JSON format, useful for integrating with other tools
Print results ion the console as a JSON data structure.

Example: `$ snyk container test --json`

### `--json-file-output=<OUTPUT_FILE_PATH>`

Save test output in JSON format directly to the specified file, regardless of whether or not you use the `--json` option.
Save test output in JSON format as a JSON data structure directly to the specified file, regardless of whether or not you use the `--json` option.

This is especially useful if you want to display the human-readable test output using stdout and at the same time save the JSON format output to a file.
Use to display the human-readable test output using stdout and at the same time save the JSON data structure output to a file. If no issues are found, an output file is not created.

Example: `$ snyk container test --json-file-output=vuln.json`

Expand Down Expand Up @@ -108,6 +108,14 @@ In CLI version 1.962.0 and higher, use the `--app-vulns` option with the the `--

For more information see [Detecting application vulnerabilities in container images](https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/detecting-application-vulnerabilities-in-container-images)

### `--exclude-app-vulns`

Allow disabling scans for app vulnerabilities in advance of `app-vulns` being enabled by default.

Cannot be used with`--app-vulns`.

For more information see [Detecting application vulnerabilities in container images](https://docs.snyk.io/products/snyk-container/getting-around-the-snyk-container-ui/detecting-application-vulnerabilities-in-container-images)

### `--nested-jars-depth`

When using `--app-vulns` use the `--nested-jars-depth` option to set how many levels of nested jars Snyk is to unpack. Depth must be a number.
Expand Down
2 changes: 1 addition & 1 deletion help/cli-commands/iac-describe.md
Original file line number Diff line number Diff line change
Expand Up @@ -166,7 +166,7 @@ Output only the scan result to stdout.

### `--json`

Output the report as JSON to stdout.
Output the report as a JSON data structure to stdout.

### `--html`

Expand Down
22 changes: 17 additions & 5 deletions help/cli-commands/iac-test.md
Original file line number Diff line number Diff line change
Expand Up @@ -65,15 +65,15 @@ Manually pass a path to a `.snyk` policy file.

### `--json`

Print results in JSON format.
Print results on the console as a JSON data structure.

Example: `$ snyk iac test --json`

### `--json-file-output=<OUTPUT_FILE_PATH>`

Save test output in JSON format directly to the specified file, regardless of whether or not you use the `--json` option.
Save test output as a JSON data structure directly to the specified file, regardless of whether or not you use the `--json` option.

This is especially useful if you want to display the human-readable test output using stdout and at the same time save the JSON format output to a file.
Use to display the human-readable test output using stdout and at the same time save the JSON data structure output to a file. If no issues are found, an output file is not created.

Example: `$ snyk iac test --json-file-output=vuln.json`

Expand All @@ -87,6 +87,8 @@ Save test output in SARIF format directly to the \<OUTPUT_FILE_PATH> file, regar

This is especially useful if you want to display the human-readable test output using stdout and at the same time save the SARIF format output to a file.

Note: If you use an option that sets project attributes and your role lacks permission to edit project attributes the `iac test` command fails. For instructions on how to proceed see [Editing project attributes from the Snyk CLI](https://docs.snyk.io/features/user-and-group-management/managing-users-and-permissions/managing-permissions#editing-project-attributes-from-the-snyk-cli)

### `--project-business-criticality=<BUSINESS_CRITICALITY>[,<BUSINESS_CRITICALITY>]...>`

This can be used in combination with the `--report` option.
Expand All @@ -97,6 +99,8 @@ Allowed values: `critical, high, medium, low`

For more information see [Project attributes](https://docs.snyk.io/getting-started/introduction-to-snyk-projects/view-project-information/project-attributes)

This option is not supported for Integrated IaC (Limited Availability).

### `--project-environment=<ENVIRONMENT>[,<ENVIRONMENT>]...>`

This can be used in combination with the `--report` option.
Expand All @@ -107,6 +111,8 @@ Allowed values: `frontend`, `backend`, `internal`, `external`, `mobile`, `saas`,

For more information see [Project attributes](https://docs.snyk.io/getting-started/introduction-to-snyk-projects/view-project-information/project-attributes)

This option is not supported for Integrated IaC (Limited Availability).

### `--project-lifecycle=<LIFECYCLE>[,<LIFECYCLE>]...>`

This can be used in combination with the `--report` option.
Expand All @@ -117,6 +123,8 @@ Allowed values: `production`, `development`, `sandbox`

For more information see [Project attributes](https://docs.snyk.io/getting-started/introduction-to-snyk-projects/view-project-information/project-attributes)

This option is not supported for Integrated IaC (Limited Availability).

### `--project-tags=<TAG>[,<TAG>]...>`

This can be used in combination with the `--report` option.
Expand All @@ -127,6 +135,8 @@ Example: `--project-tags=department=finance,team=alpha`

To clear the project tags set `--project-tags=`

This option is not supported for Integrated IaC (Limited Availability).

### `--remote-repo-url=<URL>`

This can be used in combination with the `--report` option.
Expand All @@ -147,14 +157,16 @@ Note: This option cannot be used in combination with the `--rules` option.

Use this dedicated option for Custom Rules scanning to enable the IaC scans to use a custom rules bundle generated with the `snyk-iac-rules` SDK. See [`snyk-iac-rules` SDK](https://github.com/snyk/snyk-iac-rules#readme)

This option cannot be used if the custom rules settings were configured with the Snyk UI. Default: If the `--rules` flag is not specified, scan the configuration files using the internal Snyk rules only.
This option cannot be used if the custom rules settings were configured with the Snyk UI. Default: If the `--rules` option is not specified, scan the configuration files using the internal Snyk rules only.

Example: Scan the configuration files using custom rules and internal Snyk rules.

`--rules=bundle.tar.gz`

Note: This option can not be used in combination with the `--report` option.

This option is not supported for Integrated IaC (Limited Availability).

### `--severity-threshold=<low|medium|high|critical>`

Report only vulnerabilities at the specified level or higher.
Expand All @@ -172,7 +184,7 @@ This can be used in combination with the `--report` option.

Set or override the project name for the repository.&#x20;

Note: This flag will supersede the `--remote-repo-url`, if used together.
Note: This option supersedes`--remote-repo-url`, if both options are used together.

### `--target-reference=<TARGET_REFERENCE>`

Expand Down
2 changes: 1 addition & 1 deletion help/cli-commands/ignore.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@

OR

`snyk ignore [--expiry=] [--reason=] [--policy-path=<PATH_TO_POLICY_FILE>] --file-path=<PATH_TO_RESOURCE>] [OPTIONS]`
`snyk ignore [--expiry=] [--reason=] [--policy-path=<PATH_TO_POLICY_FILE>] [--file-path=<PATH_TO_RESOURCE>] [OPTIONS]`

## Description

Expand Down
14 changes: 5 additions & 9 deletions help/cli-commands/monitor.md
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ Can be used with `--all-projects` and `--yarn-workspaces` to indicate directory

Example: `$ snyk test --all-projects --exclude=dir1,file2`

This will exclude any directories and files named "dir1" and "file2" when scanning for project manifest files. Such as: "./dir1", "./src/dir1", "./file2", "./src/file2", and so on.
This will exclude any directories and files named `dir1` and `file2` when scanning for project manifest files such as: `./dir1`, `./src/dir1`, `./file2`, `./src/file2` and so on.

### `--prune-repeated-subdependencies`, `-p`

Expand Down Expand Up @@ -148,7 +148,9 @@ Manually pass a path to a `.snyk` policy file.

### `--json`

Print results in JSON format.
Print results on the console as a JSON data structure.

Note: If you use an option that sets project attributes and your role lacks permission to edit project attributes the `monitor` command fails. For instructions on how to proceed see [Editing project attributes from the Snyk CLI](https://docs.snyk.io/features/user-and-group-management/managing-users-and-permissions/managing-permissions#editing-project-attributes-from-the-snyk-cli)

### `--project-environment=<ENVIRONMENT>[,<ENVIRONMENT>]...>`

Expand Down Expand Up @@ -302,19 +304,13 @@ The following `snyk monitor` options can be used with `--unmanaged` as documente

There are also special options.

### `--target-dir`

Scan the path specified in the argument instead of the current directory.

Alternatively, run `snyk test --unmanaged`

### `--max-depth`

Specify the maximum level of archive extraction.

Usage: `--max-depth=1`&#x20;

Use 0 to disable archive extraction completely.
Use 0 (zero, the default) to disable archive extraction completely.

### `--print-dep-paths`

Expand Down
Loading